Arnoud Tijssen <atijs...@ram.nl> wrote:
>I`m facing kind of a challenge. At the moment we have BIND and windows
>DNS within our corporate network.
>
>I would like to get rid of windows DNS and switch completely over to
>BIND, but since DNS is so intertwined with AD this is not an option
>since it probably introduces more problems then it solves
>
>So my next option was to delegate all the windows specific subdomains
>(i.e. _tcp.example.com, _udp.example.com, _sites.example.com,
>_msdcs.example.com etc.) to windows DNS for dynamic updates and let the
>main domain, .example.com, reside on BIND. After setting up BIND and
>windows DNS and removing the main domain entry from the windows DNS
>servers, leaving only the windows specific subdomains, and pointing the
>dns resolvers of windows to the BIND servers the windows clients were
>unable to register themselves within DNS and AD properly. It seems the
>clients register themselves in the main zone file of the domain, which
>resides on BIND.
>
>Since I don`t want all dynamic updates from windows clients polluting
>my main zone file, but still want one primary DNS serving the main
>domain instead of two, BIND and windows, what it is the best option if
>there is one.
>
>Any advise would greatly be appreciated.
>
>Cheers,
>Arnoud
There have been many AD/BIND integration postings in bind-users
over the past years; check the archives. What I do is have the AD zones
ForestDNSZones.example.com
DomainDNSZones.example.com
_msdcs.example.com
_sites.example.com
_tcp.example.com
_udp.example.com
mastered on a Windows Domain Controller and slaved on my BIND servers.
There is no client machine that is configured to use the Windows DC
as its DNS server; all machines use my BIND servers as DNS servers.
I also slave the four AD zones for each of about 10 child domains of
example.com. All of the dynamic updates are handled by Windows
securely. But I see lots of machines attempting dynamic DNS on my
hidden BIND master. I cannot tell if these are Windows machines
attempting self-registrations or Mac machines attempting to register
whatever. I just ignore these messages, as I have no time to track
down the machines, and when I do, a new bunch of machines start DDNS.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 240, Room 5.B.8 Internet: bsfin...@anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
