"Greedy" Microsoft DNS + Active Directory

David Carmean dlc-bu at halibut.com
Wed Jun 26 23:11:03 UTC 2002

I'm a diehard *n*x and BIND guy, but I'm being forced to interface with 
Active Directory and Microsoft DNS.  I don't know the Microsoft terminology, 
so I'm hoping a fellow BIND-admin has figured out the following:

I manage a BIND-served zone, which I'll call "lab.example.com."  A cow-orker 
is tasked with creating an AD "domain" called "mgt.lab.example.com."  As 
part of the process the AD controller is also running Microsoft DNS 
serving the "mgt.lab.example.com" DNS zone.  I have not yet performed 
a delegation; we're still testing.

My problem is one that I've seen before with WINS<->uSoft DNS interaction: 
if I query that microsoft AD/DNS server for *any* AD client hostname 
in the zone "mgt.lab.example.com", the uSoft DNS server somehow sees 
that the host is an NT/Win2K machine in it's AD domain, and inserts 
what I call a "phantom authoritative" answer in it's own DNS domain.

E.g.  There exists a Win2K machine with a "true" DNS hostname of 
"foo.lab.example.com."  It joins the AD domain "mgt.lab.example.com.". 
The microsoft dns server now gives an authoritative answer for 
"foo.MGT.lab.example.com."  But the worst part is that, say 
there is another win2k machine in a completely different AD domain: 
"bar.corp.example.com."  Well, the mgt.lab.example.com AD controller 
gives an authoritative answer for "bar.MGT.LAB.example.com" as well!
Probably some kind of "network neighborhood" 'functionality'?

It's like there's a "embrace and flatten the namespace again" switch 
that's turned on somehow.  Can it be turned off?

/me needs a beer


More information about the bind-users mailing list