BIND, Active Directory, DDNS, with no Microsoft DNS

Tim Maestas tmaestas at
Fri Dec 27 18:58:24 UTC 2002

On Fri, 27 Dec 2002, Kathy Kost wrote:

> > Take a look at Cricket Liu's latest book (DNS & BIND Cookbook) .
> > There are recipes in there describing how to do this.  Your windows
> > admin is probably thinking of setting up the _udp, _tcp, _mcdcs and
> > _sites sub-domains under
> Thanks for the reply, Rob.  I have been looking at that book and I
> have those subdomains already defined.  I was mostly curious if anyone
> has been allowing the Win2000 clients to update via DDNS to a BIND
> server instead of to an AD server with DNS (inside of a subdomain).  
> This to try and avoid using DNS on the Microsoft side and just stick
> with BIND.  

We allow Windows 2000 domain controllers *only* to dynamically update the 
"underscore" domains on our BIND servers.  We do not (nor should you, in 
most people here's opinion) allow Win2k client workstations to send 
dynamic updates.  The client workstation names get into DNS via our DHCP 

We don't run Win2k AD DNS anywhere.


> > By the way, you don't lose TSIG.  MS DNS does not support TSIG.
> > Dynamic updates under windows use GSSTSIG, which is a different beast.
> > You are probably right, BIND will probably support GSSTSIG at some
> > point.  There are, however, known standard definition problems between
> > the two windows implementations of GSSTSIG.
> Oops, I was afraid I was mixing up TSIG with GSSTSIG.  Thanks for
> setting me straight there. :-)
> Kathy

More information about the bind-users mailing list