The OP's question was about setting up BIND, not MS DNS, related to using Samba, not Windows, as the domain controller.
Regards, Chris Sent from my iPhone > On Jul 27, 2016, at 12:36 PM, Darcy Kevin (FCA) <kevin.da...@fcagroup.com> > wrote: > > My preference? Have all your clients use BIND to resolve DNS (this gives > access to more advanced features like sortlisting, good query logging, > blacklisting/redirection through the RPZ mechanism, Anycast, etc.). Set up > the BIND instances as slaves for the AD zones, and have the AD folks add the > BIND instances to the apex NS records so that the DCs will trigger fast > replication to BIND via the NOTIFY extension to the protocol. > > I’d never let a regular PC client use Microsoft DNS for resolving DNS. Perish > the thought! > > Note that this approach, if implemented simply, doesn’t scale to large > numbers of BIND instances (because you don’t want to add dozens or hundreds > of apex NS records to the zone). Beyond a certain threshold, you’d want to > set up a multi-level slaving/NOTIFY hierarchy on the BIND side… > > > > - Kevin > > > > <image001.jpg> > ---------------------------------------------------------------------- > Kevin Darcy > NAFTA Information Security Projects > > FCA US LLC > 1075 W Entrance Dr, > Auburn Hills, MI 48326 > USA > > Telephone: +1 (248) 838-6601 > Mobile: +1 (810) 397-0103 > Email: kevin.da...@fcagroup.com > > From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Jeff > Sadowski > Sent: Wednesday, July 27, 2016 3:00 PM > To: bind-users@lists.isc.org > Subject: Re: Multiple AD domains > > should I setup 192.168.1.1 as slaves to these two domains would that fix it? > > On Wed, Jul 27, 2016 at 12:56 PM, Jeff Sadowski <jeff.sadow...@gmail.com> > wrote: > On the samba mailing list they described setting up the DC as the NS and > forward to another machine for more rules. > This will work fine for one domain. Now lets say I have 2 domains. > > If I setup forwarders like so on 192.168.1.1 > > zone "domainA" IN { type forward; forward only; forwarders { 192.168.2.1; }; > }; > zone "domainB" IN { type forward; forward only; forwarders { 192.168.3.1; }; > }; > > It will cache entries for each domain and if a computer gets a different > address for dhcp it will update on the domain's DNS but the dns on > 192.168.1.1 will have a cached entry untill it expires. > > 192.168.2.1 and 192.168.3.1 are setup to forward all other zones than their > domain names to 192.168.1.1 > > if I have DNS server set for all machines in domainA to 192.168.2.1 all > machines on domainA see any DNS changes to domainA imediately machines on > domainB are cached and can take time to clear out. > And > if I have DNS server set for all machines in domainB to 192.168.3.1 all > machines on domainB see any DNS changes to domainB imediately machines on > domainA are cached and can take time to clear out. > > What is the best way to resolve this issue? > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
