Support User Manuals

Microsoft windows 2000 DNS Server User Manual

Open as PDF

of 70

Note that only DNS server supports the Secure Dynamic Updates for the DS-

integrated zones. Windows 2000 implementation provides even finer granularity

allowing per-name ACL specification. More details we consider ACLs and specific

Administrative groups later in “Controlling Update Access to Zones and Names.”

Incremental Zone Transfer

To reduce latency in propagation of changes to a DNS database, an algorithm has

to be employed that actively notifies name servers of the change. This is

accomplished by the NOTIFY extension of the DNS. The NOTIFY packet, which is

sent by a Master server, does not contain any zone changes information. It merely

notifies the other party that some changes have been made to a zone and that a

zone transfer needs to be initiated.

The full zone transfer mechanism (AXFR) is not an efficient means to propagate

changes to a zone, as it transfers the entire zone file. Incremental transfer (IXFR) is

a more efficient mechanism, as it transfers only the changed portion(s) of the zone.

The IXFR protocol is defined in RFC 1995.

Protocol Description

When a slave name server capable of IXFR (IXFR client) initiates a zone transfer, it

sends an IXFR message containing the SOA serial number of its copy of the zone.

A master name server responding to the IXFR request (IXFR server) keeps a record

of the newest version of the zone and the differences between that copy and

several older versions. When an IXFR request with an older serial number is

received, the IXFR server sends only the changes required to make the IXFR

client’s version current. In some cases, however, a full zone transfer may be chosen

instead of an incremental transfer:

• The sum of the changes is larger than the entire zone.

• Only a limited number of recent changes to the zone are kept on the server for

performance reasons. If the client’s serial number is lower than the one the

server has in its delta changes, a full zone transfer will be initiated.

• If a name server responding to the IXFR request, does not recognize the query

type, the IXFR client will automatically initiate an AXFR instead.

Windows 2000 White Paper 14

previous next