Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Using "DNS resource" in Geo-cluster with windows active directory

Created: 16 Jan 2013 • Updated: 22 Jan 2013 | 4 comments
hytham fekry's picture
This issue has been solved. See solution.

Dears , We have Geographic cluster in two sites running solaris  , when SG failover we need to make it update DNS entry so that clients can know which virtual IP is currently working ..

DNS resource example are just for BIND , when tried it with windows active directory it works fine unless we use secure updates "which is mandatory ofcourse"

How can i create needed key , allow-update for cluster members from windows side ?

Comments 4 CommentsJump to latest comment

mikebounds's picture

DNS updates to Windows secure DNS is only supported from 6.0 upwards and you need to use the UseGSSAPI attribute - see extract from VCS 6.0 bundled agents guide:

 

Use the UseGSSAPI attribute if the DNS server that you have
configured is a Windows DNS server and only if it accepts secure
dynamic updates.
Note: Do not set this attribute if the Windows DNS server accepts
non-secure updates.
If this attribute is set to 1, the agent uses the -g option with the
nsupdate command.
See “DNS agent notes” on page 137. for more information on
requirements to use the DNS agent with the secure Windows DNS
server.
 
 
Mike

 

UK Symantec Consultant in VCS, GCO, SF, VVR, VxAT on Solaris, AIX, HP-ux, Linux & Windows

If this post has answered your question then please click on "Mark as solution" link below

SOLUTION
hytham fekry's picture

Thanks alot  for the answer , any ideas for workarounds on earlier versions ?

mikebounds's picture

I don't think there is anyway to update a Secure Windows DNS server from VCS prior to 6.0 - the only possible work-a-round that might work is if you update a UNIX/Linux server (this can be secure) and the UNIX server propagates out the change to a Windows Secure DNS server, but I don't know much about DNS to know exactly how this would work.

It is possible the 6.0 agent was backported to an earlier version, but I had a look at 5.1SP1RP3 release notes and I couldn't see anything, so looks unlikely.

Mike

UK Symantec Consultant in VCS, GCO, SF, VVR, VxAT on Solaris, AIX, HP-ux, Linux & Windows

If this post has answered your question then please click on "Mark as solution" link below

hytham fekry's picture

yea , i see ... i shall discuss the upgrade option with the customer i guess ..

Thanks ...