Standard Dynamic DNS update
Previous Topic  Top  next topic

Standard Dynamic DNS updates are supported by most modern DNS servers including Simple DNS Plus, BIND, Microsoft DNS, and Novell DNS.

Important: However, because there is no authentication built into this update method, it should only be use within a safe environment such as a local intranet.
You obviously don't want to allow everyone on the Internet access to updating your DNS records.

With Simple DNS Plus, BIND, and Novell DNS servers, you can limit access to Standard Dynamic DNS updates by client IP address.
If your DNS server is accessible from the Internet, make sure to use that option to limit access to local IP addresses only.
Keep in mind that even if you limit access to a specific Internet IP addresses, network packets from anywhere on the Internet can be spoofed to appear to come from that address (of course the hacker would have to know or guess that IP address first).
This should not be an issue with local IP addresses, as spoofed network packets from the Internet claiming to be from your local IP addresses should be filtered out by your own router and/or your ISP.

Caution: Microsoft DNS servers do not have any options to limit access to Standard Dynamic DNS updates, so this update method is not appropriate for Microsoft DNS servers connected to the Internet.

Updates can only be performed on primary DNS servers for a DNS zone.
To ensure that DNS can always be updated (with any one of the DNS servers unavailable), you must configure the DNS zone as primary on all DNS servers.
This also means that you will have to keep the DNS servers synchronized manually by always making all zone/record updates on both servers.

Simple Failover performs the following steps to check and update DNS:

First, based on the monitoring results, it figures out what the DNS records should be for the Server Set domain name:
- If the Server Set is configured to use DNS round robin (load balancing), then it will configure one A-record for each of the functional servers.  
- If the Server Set is not configured to use DNS round robin, then it will configure a single A-record for the first functional server.  
- If none of the servers were functional, then Simple Failover will assume that the problem must be local, and it will configure A-records as if the first/all servers did respond correctly.  
- If the Server Set Failed Polls Accepted setting is greater than zero, then each server is considered functional, until it has been found non-functional more times than this number.  

Then it sends a DNS request to the DNS server to check the current DNS A-records for the Server Set domain name.
If this is already what it should be (1), then the process stops here as there is no need to update anything.  

Next it sends a DNS request to the DNS server to get the SOA-record for the Server Set domain name.
This will return the DNS zone name that the domain name belongs to (needed for the update process).  

And finally it sends an update request to the DNS server saying:
a) Delete any existing A- and CNAME-records for the Server Set domain name.  
b) Add new A-records as per the monitoring results (1).  

While communicating with the DNS server, Simple Failover may encounter communication errors (winsock error), time outs, or unexpected responses from the DNS server. Such problems will be logged, listed in the problems list, and invoke e-mail and script notifications.

For details on standard dynamic DNS updates, please see RFC2136.
This and other RFCs can be obtained from http://www.rfc-editor.org/rfcsearch.html.