[cifs-protocol] [EXTERNAL] [MS-DNSP] sticky static dns updates - TrackingID#2106070040005009
jeffm at microsoft.com
Fri Jul 9 21:26:15 UTC 2021
Our Active Directory Family Test Suites do not have test cases for [MS-DNSP]. I'm not aware of a public test tool.
Jeff McCashland | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300
We value your feedback. My manager is Natesha Morrison (namorri), +1 (704) 430-4292
From: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Sent: Wednesday, July 7, 2021 8:51 PM
To: Jeff McCashland <jeffm at microsoft.com>; Andrew Bartlett <abartlet at samba.org>; cifs-protocol <cifs-protocol at lists.samba.org>
Cc: Jeff McCashland <jeffm at microsoftsupport.com>
Subject: Re: [cifs-protocol] [EXTERNAL] [MS-DNSP] sticky static dns updates - TrackingID#2106070040005009
> I've been able to confirm that when a static record is added to a dnsNode, new records are added as static. This is done so that when a record is manually marked as static by an admin, refreshes don't over-ride the static state. This is tied to whether aging is turned on or off in the zone, which has been a feature of DNS since WS 2008. You can query the zone's aging property using the "Get-DnsServerZoneAging” powershell cmdlet.
> I can also confirm that when a record gets its timestamp refreshed, all of the dynamic records in the dnsNode are refreshed. DNS has always worked this way.
This clarification is very helpful.
I have tests that "prove" both of these things both ways, depending on the order with which I manipulate the records with LDAP and DNS. So it is good to know which I should aim for and which I can put down to artefacts of the way my tests interact with the looser coupling of DNS and AD in Windows.
I don't suppose there is any reliable method of putting aged records in Windows DNS for testing? I don't see a public testsuite for MS-DNSP.
More information about the cifs-protocol