Benefits of moving Active Directory DNS to Address Manager and DNS/DHCP Server - BlueCat Integrity - 9.3.0

Address Manager Administration Guide

Product name
BlueCat Integrity

Advantages of moving AD from a Primary-Primary architecture to Primary-Secondary used in Address Manager and DNS/DHCP Server.

There are two approaches to DNS record replication: Primary-Secondary and Primary-Primary.

Primary-Secondary—This is the recommended method for managing DNS. The current industry standard (outlined in RFC 1034 and 1035) states that a secondary zone replicates its contents from a primary zone on a given internal network. The Primary-Secondary architecture works on Windows, UNIX, and other operating systems.

The following table lists the pros and cons of a Primary-Secondary replication system:

Table 1. Primary-Secondary Replication System
Pros Cons
  • An industry standard method for maintaining zone data.
  • The primary always contains most up-to-date information.
  • A central repository for zone data.
  • It doesn't require other services to replicate data.
  • Primary server updates are required to make changes on other servers.
  • If a secondary is updated, a small delay exists before the update is propagated.
  • It requires latest version of BIND software to take advantage of update-forwarding.

Primary-Primary—The recommended Microsoft architecture for AD specifies that the DNS servers should reside on the DC, eliminating the need to perform zone transfers.

The following table lists the pros and cons of the Primary-Primary method of replication:
Table 2. Primary-Primary Replication System
Pros Cons
  • A central repository for all zone data.
  • Editing the DNS in one zone replicates to all others.
  • Saves bandwidth and processing power. by using existing LDAP replication to replicate DNS data.
  • Microsoft-only implementations.
  • Zone serial numbers can be inconsistent in SOA data.
  • Non-standard architecture.
  • Not favored in heterogeneous environments.
  • Relies on LDAP for replication.
  • LDAP replication may not be acceptable for external zone data.

Because DNS/DHCP Server uses the BIND name server software, its architectures are Primary-Secondary based.