BIND, Active Directory, DDNS, with no Microsoft DNS
tmaestas at dnsconsultants.com
Fri Dec 27 18:58:24 UTC 2002
On Fri, 27 Dec 2002, Kathy Kost wrote:
> > Take a look at Cricket Liu's latest book (DNS & BIND Cookbook) .
> > There are recipes in there describing how to do this. Your windows
> > admin is probably thinking of setting up the _udp, _tcp, _mcdcs and
> > _sites sub-domains under exampleCompany.com.
> Thanks for the reply, Rob. I have been looking at that book and I
> have those subdomains already defined. I was mostly curious if anyone
> has been allowing the Win2000 clients to update via DDNS to a BIND
> server instead of to an AD server with DNS (inside of a subdomain).
> This to try and avoid using DNS on the Microsoft side and just stick
> with BIND.
We allow Windows 2000 domain controllers *only* to dynamically update the
"underscore" domains on our BIND servers. We do not (nor should you, in
most people here's opinion) allow Win2k client workstations to send
dynamic updates. The client workstation names get into DNS via our DHCP
We don't run Win2k AD DNS anywhere.
> > By the way, you don't lose TSIG. MS DNS does not support TSIG.
> > Dynamic updates under windows use GSSTSIG, which is a different beast.
> > You are probably right, BIND will probably support GSSTSIG at some
> > point. There are, however, known standard definition problems between
> > the two windows implementations of GSSTSIG.
> Oops, I was afraid I was mixing up TSIG with GSSTSIG. Thanks for
> setting me straight there. :-)
More information about the bind-users