Zone transfers from Win2K AD-DNS to BIND

Michael E. Hanson MEHanson at GryphonsGate.com
Tue Dec 23 18:00:39 UTC 2003


First off, make sure he's using a current version of BIND, not a 4.9.x =
version.

He does NOT need a path to YOUR filename, he needs to tell BIND what =
path (if any) he wants to use to store a "cache" of the zone data he =
receives from you (and I'm not sure this is even an issue in BIND =
version 9.x).  He can set up a secondary without a filename if he so =
chooses, even in ver. 4.9.x.

Second, if you don't want to really do a secondary, or if there is a =
firewall blocking the zone transfer data, or ...=20

The other admin can also set up a Stub zone for your domain pointing to =
your name server(s), again with an OPTIONAL filename to store cache data =
in.

The other Admin can also setup a "conditional" forwarder (a FORWARD =
zone) which tends to be more firewall friendly (not available in vers =
4.9.x).

_______________
Michael E. Hanson
President, Gryphon Consulting Services
(http://www.GryphonsGate.com)
P.O. Box 1151
Bellevue, NE 68005-1151
(402) 871-9622

MEHanson at GryphonsGate.com (primary)
Gryphons_Master at yahoo.com


----- Original Message -----=20
From: <dlimanov at sct.com>
To: <bind-users at isc.org>
Sent: Tuesday, December 23, 2003 10:45 AM
Subject: Zone transfers from Win2K AD-DNS to BIND


Hello
Here's the situation: our company was purchased a while ago by another
company. They're on WinNT, we're on Win2000 AD. We kept our domain
name and our "old" naming convention and DNS suffix stayed the same
(oldcompany.com) because it's close to impossible to rename Win2000 AD
without some major PITA. Everything's good, but name resolution for
machines in our office only works for people that have the same DNS
suffix of oldcompany.com. No one from headquarters can hit anything on
our network by name, since their DNS suffix is newcompany.com.
So, we decided to setup one of their DNS servers as secondary to our
AD-integrated DNS server so it'd suck in our oldcompany.com zone and
people on their end would be able to resolve these machines by name.
I've setup Zone transfers, notifies and enabled BIND secondaries on
our DNS server. However, on the other end they're using BIND and their
DNS admin is telling me that in order for them to setup their BIND
server as secondary, in NAMED.CONF he needs full path to the file that
has all DNS info, like oldcompany.com.dns. The problem with that is
our DNS server is AD-integrated and such file doesn't exist - all DNS
records are stored in Registry and AD.
In theory, I could do an export right from DNS MMC snap-in to export
everything to a tab-delimited text file but I'm not sure that BIND
requires special file format for zone transfers. If anyone knows of
any other way to setup BIND as a secondary for W2K AD-integrated DNS
server and make zone transfers work, please let me know - I've search
everywhere but couldn't find an answer to this.
Thanks in advance,

Dimitri








More information about the bind-users mailing list