Bind & Win 2k question

Kevin Darcy kcd at daimlerchrysler.com
Thu Jul 5 17:12:03 UTC 2001 

Okay, first of all, if you deploy Win2K, but you don't use Active
Directory and you turn *off* client auto-registration, then the impact
on DNS is minimal.

If you use Active Directory, however, then things get a little more
complicated. For a small number of DCs, you could snarf the
NETLOGON files (I'm pretty sure that's what they're called) that Active
Directory spits out and manually enter the SRV records, etc. from those
files into your static zone(s). Then you wouldn't have to enable Dynamic
Update at all. But you would have to keep those records constantly in
synch with the Domain Controller NETLOGIN files, which could be a
maintenance nightmare.

Another thing you could do with respect to Active Directory
interoperation is the "underscore subzone hack". Delegate all of the
underscored subdomains (_tcp, _udp, _sites, etc.) as subzones of your
main zone. Then, either enable them for Dynamic Update on your
nameserver and let the Domain Controllers go hog-wild with them, or
delegate them directly to the DNS running on the Domain Controllers.

If you want client auto-registration, then you're opening up a whole can
of worms. Personally, I wouldn't want Win2K clients running amuck in my
regular DNS zones. Also, be aware that if you enable a zone for Dynamic
Update, the only reasonable way to make *any* updates to those zones is
Dynamic Update, and this may not mesh well with whatever maintenance
systems you already have in place (it's not an issue for us, since we
use Dynamic Update for all maintenance anyway). For these reasons and
others, you may opt to either turn off client auto-registration, or to
put all of the Win2K clients into their own subdomain, e.g.
win2k.example.com. (Of course, that still leaves the question of what to
do about reverse DNS -- unless you have the luxury of dedicating whole
/24 subnets to the exclusive use of Win2K clients, co-existence is
likely to be a problem. On the other hand, who cares whether a Win2K
client reverse-resolves?)


- Kevin

joe wrote:

> Hello,
>
>   I currently run bind 8.2.3 quite happily. Another individual would
> like to update about 10 win nt4 servers to win2k. I've been informed
> that with the win2k upgrade, DNS is required. My questions are :
>
> 1) If DNS is setup on the PDC, what role should my bind servers
> play(master/slave/?). I would rather Bind run the whole show.
>
> 2) Since all clients point to my bind servers can I simply create a
> sub-domain and forward the requests to the new MS DNS to handle?
> Would the NS record in the db file I create point to the MS DNS
> server?
>
> 3) How would I handle reverse mapping with a sub-domain? With dynamic
> updates won't my existing reverse file get "updated" ?
>
> I did read the article in Linux magazine (Cricket Liu) describing a
> method to implement Bind with win2k, but I wasn't clear on the role
> that Win2k itself would play. Do I even need to have a DNS server
> running on the Win2k PDC ?
>
> I know this topic has been talked about, but these details I'm not
> clear on. Thank you for your time.
>
> Joe

More information about the bind-users mailing list