NT5 DNS with Bind
Kevin Darcy
kcd at daimlerchrysler.com
Wed Oct 4 23:56:02 UTC 2000
You should try to avoid enabling the self registration feature if at all
possible. Can the good folks from Redmond give you a *good* reason for
turning it on? Ours couldn't. "Because it's a nifty feature!" and "You might
need it some day" aren't good reasons, in my book. And consider the resources
-- on the master, the slaves, and the networks in between -- which are wasted
by constantly adding and deleting client records, triggering constant zone
transfers, and which probably go unused the vast majority of the time.
Failing that, and because there is really no reasonable way to "split
authority for a zone" (as you put it), you may have to bite the bullet and
rearrange your whole namespace to accommodate Win2K, e.g. separate subzones
for Unix versus Win2K boxen. And if you think that's hard for your forward
namespace, if you enable dynamic registration of *reverse* records, then that
may be an even *bigger* problem, unless you can somehow ghetto-ize Win2K to
only be on certain parts of your network (cramming them all into a single /24
would be ideal, especially since it means the number of Win2K's would be
limited to 254 :-)
It is tempting to try and set up some RFC 2317-ish aliasing to accommodate a
reasonable, "transparent" separation of Win2K and non-Win2K DNS records. But
I understand that Win2K's dynamic update mechanism doesn't follow aliases, so
that plan also is doomed to failure. You could try reporting that to
Microsoft as a bug.
- Kevin
Stephen Carville wrote:
> My employer is getting ready to roll out W2K on the desktop. Because
> Microsoft is assisting in (read 'doing') the planning they want to allow
> _all_ W2K machines to self register and want to use a Windows DNS server
> for this task. That's OK with me since I do not have to admin the NT
> side. However, I do need to figure how to integrate the two. I offered to
> let the Business Desktop group take over all the DNS but they really do
> not want to touch _any_ of it (frankly none of them would know DNS from
> the hole in their head) but they will grudgingly accept maintaining the
> Windows side of things.
>
> My first thought was to just have a delegation for each W2K box pointing
> to the W2K server. Unfortunately too many people like to change their
> machine names without bothering to notify anybody. The next best solution
> is to create a subdomain like y2k.ugsolutions.com and put all the W2K
> boxen there. This has some problems too. Is it possible to split
> authority for a zone? Give one machine control of all the Win Boxen and
> another the UNIX machines?
>
> Suggestion are welcome.
>
More information about the bind-users
mailing list