"Greedy" Microsoft DNS + Active Directory
dlc-bu at halibut.com
Wed Jun 26 23:11:03 UTC 2002
I'm a diehard *n*x and BIND guy, but I'm being forced to interface with
Active Directory and Microsoft DNS. I don't know the Microsoft terminology,
so I'm hoping a fellow BIND-admin has figured out the following:
I manage a BIND-served zone, which I'll call "lab.example.com." A cow-orker
is tasked with creating an AD "domain" called "mgt.lab.example.com." As
part of the process the AD controller is also running Microsoft DNS
serving the "mgt.lab.example.com" DNS zone. I have not yet performed
a delegation; we're still testing.
My problem is one that I've seen before with WINS<->uSoft DNS interaction:
if I query that microsoft AD/DNS server for *any* AD client hostname
in the zone "mgt.lab.example.com", the uSoft DNS server somehow sees
that the host is an NT/Win2K machine in it's AD domain, and inserts
what I call a "phantom authoritative" answer in it's own DNS domain.
E.g. There exists a Win2K machine with a "true" DNS hostname of
"foo.lab.example.com." It joins the AD domain "mgt.lab.example.com.".
The microsoft dns server now gives an authoritative answer for
"foo.MGT.lab.example.com." But the worst part is that, say
there is another win2k machine in a completely different AD domain:
"bar.corp.example.com." Well, the mgt.lab.example.com AD controller
gives an authoritative answer for "bar.MGT.LAB.example.com" as well!
Probably some kind of "network neighborhood" 'functionality'?
It's like there's a "embrace and flatten the namespace again" switch
that's turned on somehow. Can it be turned off?
/me needs a beer
More information about the bind-users