15.5 Interoperability Problems

The Microsoft DNS Server has a few interoperability issues with BIND name servers. Most of these involve zone transfers.

15.5.1 The WINS and WINS-R Records

Zone transfers sometimes fail because of Microsoft's proprietary WINS and WINS-R records. When a Microsoft DNS Server is configured to consult a WINS server for names it can't find in a given zone, it inserts a special record into the zone datafile. The record looks like this:

@   IN     WINS    <IP address of WINS server>

When configured to use WINS-R for reverse-mapping queries, the Microsoft DNS Server adds a similar WINS-R record to reverse-mapping zones.

Unfortunately, neither WINS nor WINS-R is a standard record type in the IN class. Consequently, any BIND secondaries that transfer this zone will choke on these records and refuse to load the zone. Here's the message the administrator of the BIND server might see in his syslog output:

May 23 15:58:43 terminator named-xfer[386]: "fx.movie.edu IN 65281" - unknown type (65281)

The workaround for this problem is to configure the Microsoft DNS Server to filter out the proprietary record before transferring the zone. You do this by selecting the zone in the left pane of the DNS console, right-clicking it, and selecting Properties. For a forward-mapping zone, click on the WINS tab in the resulting properties window, which is shown in Figure 15-5.

Figure 15-5. "Do not replicate this record" checkbox

Checking Do not replicate this record filters out the WINS record for that zone.

For a reverse-mapping zone, click on the WINS-R tab, shown in Figure 15-6. Check Do not replicate this record to prevent the name server from including the record in zone transfers.

Figure 15-6. "Do not replicate this record" (for WINS-R) checkbox

15.5.2 BIND Secondaries for Active Directory-Integrated Zones

Another problem related to zone transfers can crop up when running a BIND or other non-Microsoft name server as a secondary to an AD-integrated zone. The serial number in an AD-integrated zone can vary on otherwise synchronized Microsoft DNS Servers. If a BIND secondary is configured to use multiple master name servers and the first of these isn't available, the second master may respond with a lower serial number, despite the fact that it has the same version of the zone as the previous master.