Integrating BIND with Active Directory

Doug Barton DougB at DougBarton.net
Thu Sep 19 22:23:18 UTC 2002


On Thu, 5 Sep 2002, Cinense, Mark wrote:

>
> Barry,
>
> That is what I am trying to find out.  I am not saying this, the MS
> conslutant is saying this.  What I am asking is there anyone out there that
> is running DDNS on BIND with an AD environment, and MS Exchange?  Most
> companies are delegating a zone to be the forest root, and then letting the
> AD server also run DDNS, so that the security is integrated, and there will
> be less cost.

We are doing exactly that, but without DDNS. I have created a zone cut for
the forest root that is delegated to the same name servers as the parent
zone. It's also slaved out to the resolvers which the client machines
(desktops, etc.) use; but that's just for efficiency, it's not a
requirement. We're updating the RR's that the AD stuff needs for the
services by hand, and just turning off the option in the clients to
self-register with the AD zone.

More specifically, the ms guys in our office actually set up an ms name
server and played around with the DDNS functions so that they could
understand what RR's it created, and how they were used, then to set up
the AD zone in BIND initially we just copied everything over. Now they do
the updates by hand when needed. The learning curve on this was that it
required our ms guys to actually understand what the SRV records are for,
how they work, etc. However, now that the initial pain is over with, they
are very pleased with how things are working. In fact, my production
resolvers with the entire office load, including the AD stuff, perform
better than the ms dns servers did during their test period. :) You'll
probably find the following MSKB article useful as well,
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q178169&


HTH,

Doug

-- 
   "We have known freedom's price. We have shown freedom's power.
      And in this great conflict, ...  we will see freedom's victory."
	- George W. Bush, President of the United States
          State of the Union, January 28, 2002

         Do YOU Yahoo!?





More information about the bind-users mailing list