Bind 9.2 and Active Directory... whats the right way ?

Barry Finkel b19141 at
Wed Feb 13 15:20:58 UTC 2002

Berger Harald <hotline at> wrote:

>im testing Bind 9.2 with W2k-Active Directory... after hours of work
>the bind server runs and the W2k server works also.
>a look at the zone file of the domain shows......
>        in SOA ........
>                (......
>                ....)
>                NS
>         .... that the w2k server has created an A record:
>$TTL 600        ; 10 minutes
>                A
>my question:
>if i take a real domainname (for internal and maybe also for
>external use) -> is it a good idea to create the
>w2k domain at the top or
>is it better to create a subdomain (ex:
>to put all the server and clients into the subdomain.

It depends.  Are you going to allow W2k DDNS?  If so, then you should
move the dynamic zones to a MS W2k DNS server, because only that server
can handle GSS-API TSIG/TKEY secure DDNS updates.  If you are not
going to allow DDNS, then I would suggest delegating the four "_"


to a MS W2k DNS server and leaving your static zones on a BIND server.

As for the "A" record

     $TTL 600        ; 10 minutes

it is explained in MS articles Q258213 and Q246804.  The netlogon 
process will attempt to register/re-register it, but if you add the
record manually into a static zone, you can ignore the DDNS failures
on your BIND server.

Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at
Argonne, IL   60439-4828             IBMMAIL:  I1004994

More information about the bind-users mailing list