Active Directory Support

Len Conrad LConrad at
Mon Jan 5 18:30:36 UTC 2004

>Isn't the most obvious design applicable ? Placing ad in a sub-domain
>and having wintendo nameservers servicing that subdomain ?
>Well, yes, that design will work, but all of my Windows servers will =
>have the subdomain prepended to the root domain when all of the rest of =
>the servers will have none, or another subdomain.  It would be best =
>organizationally to have a single, root domain ( to which all =
>servers belong to.

One approach is to sandbox AD in a subdomain,, and delegate 
that domain from the BIND NS authoritative for parent to the W2K 
DNS as authoritative for, under which go all the 
_underscore domains, and your dynamic zones, reserving the parent domain to 
BIND and the BIND zones static.

>I guess a more specific question would be if Windows =
>AD can run with BIND9 (with DDNS enabled) instead of with Windows DNS.

BIND can serve the AD records and dynamic zones, but MS DHCP servers and 
clients will not be able to do secure updating of BIND since MS uses 

>I can address the workstation issue by making them register all with a =
>subdomain keeping them out of my root domain.

A good idea. sandbox the forward and reverse dynamic zones with the PCs 
having A records like


_____________________________________________________________________ : London; San Jose; Chicago : free anti-spam gateway, runs on 1000's of sites

More information about the bind-users mailing list