BIND, Active Directory, DDNS, with no Microsoft DNS

Kathy Kost kathyk at
Fri Dec 27 02:51:07 UTC 2002

In all of the past articles that I've researched, it seems that whenever you
have BIND on Unix, and Active Directory with Win2000 clients, a good portion
of people tend to jail the ADS and Win2000 clients into their own subdomain
with the ADS acting as that subdomain's DNS server so they can play nicely
together with DDNS.  One of the companies I work with has a main Solaris
BIND server internally for and also an ADS at the same level for
LDAP type services as well as DNS for some European (Microsoft based)
subdomains.  The Win2000 clients point to the BIND server for resolution but
are continually bombarding the BIND server with DDNS requests (which are
denied).  We can either turn that "feature" off so they don't send these
requests, or do as a lot of people do and put the whole lot of them into a
subdomain.  My question is whether anyone out there has done this with only
using BIND for DNS services instead of using the ADS for a DNS server inside
the subdomain?   We give up TSIG but eventually BIND will have that
capability.  We would like to keep the ADS up at the main level
since a lot of applications already point to it.  Our Windows admin said
that he thought he read somewhere where you can have a subdomain with the
ADS up a level and somehow get the Win2000 clients in the subdomain to point
to the ADS in the level above (i.e., so you don't need an ADS inside the
subdomain).   Not sure if that is really workable or not at this point.
Curious is anyone out there has tried to do this sort of thing and try to
base all of your DNS and DDNS on BIND with Win2000 clients.


Kathy Kost
kathyk at

More information about the bind-users mailing list