Questions about Win2k Active Directory and BIND

Barry Margolin barmar at
Mon Oct 22 23:03:21 UTC 2001

In article <9r24ns$9sr at>,
Balzer, Ned <N.BALZER at CGNET.COM> wrote:
>Hi all,
>Please pardon the newbie questions.  I'm hoping to get off on the right foot
>here and I'm hoping this will reach the attention of some folks with Win2k
>DNS experience as well as BIND.
>We're an ISP and one of our clients is about to implement Win2k active
>directory.  We run DNS on Bind 8.2.x (Solaris) and we're authoritative on
>the client's 2ld (I don't want to name them, so for this example let's call
>them "") -- we host and
>on our servers.  They want to run their own DNS server, and they want to
>call their root since it's only going to be an internal
>1) Do we need to delegate to them, or is it sufficient to
>allow them to consider themselves authoritative without actually being
>authoritative? I'm afraid that by delegating we let the world know about
>their internal namespace.

If this subdomain doesn't need to be visible to the rest of the Internet,
you don't need to delegate it to them.

>2) Can they be authoritative on (i.e. we delegate it to
>them) and still run a separate caching DNS server so that they can resolve
> in case the T-1 between them and us goes down?

If they're caching-only for everything outside, how
would the caching part look up if the T-1 were
down?  What I think you want to do is be primary for and
secondary for  It will then be caching for everything else.

Barry Margolin, barmar at
Genuity, Woburn, MA
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list