Microsoft windows 2000 DNS manual Incremental Zone Transfer, Protocol Description

Page 20

Note that only DNS server supports the Secure Dynamic Updates for the DS- integrated zones. Windows 2000 implementation provides even finer granularity allowing per-name ACL specification. More details we consider ACLs and specific Administrative groups later in “Controlling Update Access to Zones and Names.”

Incremental Zone Transfer

To reduce latency in propagation of changes to a DNS database, an algorithm has to be employed that actively notifies name servers of the change. This is accomplished by the NOTIFY extension of the DNS. The NOTIFY packet, which is sent by a Master server, does not contain any zone changes information. It merely notifies the other party that some changes have been made to a zone and that a zone transfer needs to be initiated.

The full zone transfer mechanism (AXFR) is not an efficient means to propagate changes to a zone, as it transfers the entire zone file. Incremental transfer (IXFR) is a more efficient mechanism, as it transfers only the changed portion(s) of the zone. The IXFR protocol is defined in RFC 1995.

Protocol Description

When a slave name server capable of IXFR (IXFR client) initiates a zone transfer, it sends an IXFR message containing the SOA serial number of its copy of the zone.

A master name server responding to the IXFR request (IXFR server) keeps a record of the newest version of the zone and the differences between that copy and several older versions. When an IXFR request with an older serial number is received, the IXFR server sends only the changes required to make the IXFR client’s version current. In some cases, however, a full zone transfer may be chosen instead of an incremental transfer:

The sum of the changes is larger than the entire zone.

Only a limited number of recent changes to the zone are kept on the server for performance reasons. If the client’s serial number is lower than the one the server has in its delta changes, a full zone transfer will be initiated.

If a name server responding to the IXFR request, does not recognize the query type, the IXFR client will automatically initiate an AXFR instead.

Windows 2000 White Paper

14

Image 20
Contents Windows 2000 DNS Microsoft Corporation. All rights reserved Contents Designing a DNS Namespace for the Active Directory Summary Page DNS Fundamentals Name Services in Windows Standards and Additional ReadingHistory of DNS Draft-skwan-gss-tsig-04.txt GSS Algorithm for Tsig GSS-TSIGStructure of DNS Hierarchy of DNS Domain NamesInt/net/org Com Edu Gov Mil Army MicrosoftMit Mydomain DNS and InternetTTL Distributing the Database Zone Files and DelegationReplicating the DNS database Microsoft My domain ftp NtserverNEW Features of the Windows 2000 DNS Querying the DatabaseName Server Resolver Root-server Gov Whitehouse.gov Updating the DNS Database Time to Live for Resource RecordsActive Directory Service Storage Model Active Directory Storage and Replication IntegrationWindows 2000 White Paper Zone Type Conversions Controlling Access to ZonesReplication Model Incremental Zone Transfer Protocol DescriptionDynamic Update Zone Log FileMaster DNS Server Slave DNS Server Ixfr and DS IntegrationUpdate Algorithm Dynamic Update of DNS RecordsMixed Environment Dhcp ClientStatically Configured Client Secure Dynamic UpdateRAS Client Client ReregistrationEstablishing a security context by passing security tokens Secure Dynamic Update Policy DnsUpdateProxy Group Controlling Update Access to Zones and NamesDNS Admins Group Aging and ScavengingAging and Scavenging Parameters DefaultEnableScavenging Description Scavenging PeriodRecord Life Span Configuring Scavenging Parameters Scavenging AlgorithmUnicode Character Support Interoperability ConsiderationsDomain Locator Finish DNS Record Registration and Resolver Requirements IP/DNS Compatible LocatorLdap.tcp.dc.msdcs.DnsDomainName Kerberos.tcp.dc.msdcs.DnsDomainName IP/DNS DC Locator Algorithm Discovering Site specific DCs FinishCaching Resolver Name Resolution Fully-Qualified QueryUsing Global Suffix Search Order Unqualified Single-Label QueryUsing Primary and Per-adapter Domain Names Unqualified Multi-Label QueryName Resolution Scenarios Unqualified Single-Label Query ScenariosFully-Qualified Query Scenarios Microsoft Implementation of Negative CachingDNS Server List Management Negative CachingDNS Manager Administrative ToolsWMI Support for DNS Server Administration Using UTF-8 Characters Format Interoperability IssuesUsing Wins and Winsr Records Utilization DNS Server PerformanceReceiving Non-RFC Compliant Data Server Capacity Planning Hardware components SizingInternet Access Considerations Choosing NamesWindows 2000 White Paper Windows 2000 White Paper Windows 2000 White Paper VPN Com Yyy.com Zzz.com Windows 2000 White Paper Primary Zone YYY corporation ZZZ corporation VPN Firewall Characters in Names Computer NamesFull computer name Per-Adapter NamingIntegrating ADS with Existing DNS Structure Domain name and sites. Active Directory domain name Migration to Windows 2000 DNS DNSDeploying DNS to Support Active Directory Partitioning, and Replication Choosing your ZonesUsing Automatic Configuration Wins ReferralIxfr For More Information IxfrWindows 2000 White Paper