Note that only DNS server supports the Secure Dynamic Updates for the DS- integrated zones. Windows 2000 implementation provides even finer granularity allowing
Incremental Zone Transfer
To reduce latency in propagation of changes to a DNS database, an algorithm has to be employed that actively notifies name servers of the change. This is accomplished by the NOTIFY extension of the DNS. The NOTIFY packet, which is sent by a Master server, does not contain any zone changes information. It merely notifies the other party that some changes have been made to a zone and that a zone transfer needs to be initiated.
The full zone transfer mechanism (AXFR) is not an efficient means to propagate changes to a zone, as it transfers the entire zone file. Incremental transfer (IXFR) is a more efficient mechanism, as it transfers only the changed portion(s) of the zone. The IXFR protocol is defined in RFC 1995.
Protocol Description
When a slave name server capable of IXFR (IXFR client) initiates a zone transfer, it sends an IXFR message containing the SOA serial number of its copy of the zone.
A master name server responding to the IXFR request (IXFR server) keeps a record of the newest version of the zone and the differences between that copy and several older versions. When an IXFR request with an older serial number is received, the IXFR server sends only the changes required to make the IXFR client’s version current. In some cases, however, a full zone transfer may be chosen instead of an incremental transfer:
•The sum of the changes is larger than the entire zone.
•Only a limited number of recent changes to the zone are kept on the server for performance reasons. If the client’s serial number is lower than the one the server has in its delta changes, a full zone transfer will be initiated.
•If a name server responding to the IXFR request, does not recognize the query type, the IXFR client will automatically initiate an AXFR instead.
Windows 2000 White Paper | 14 |
