Active Directory Support
LConrad at Go2France.com
Mon Jan 5 18:30:36 UTC 2004
>Isn't the most obvious design applicable ? Placing ad in a sub-domain
>and having wintendo nameservers servicing that subdomain ?
>Well, yes, that design will work, but all of my Windows servers will =
>have the subdomain prepended to the root domain when all of the rest of =
>the servers will have none, or another subdomain. It would be best =
>organizationally to have a single, root domain (domain.com) to which all =
>servers belong to.
One approach is to sandbox AD in a subdomain, ad.domain.com, and delegate
that domain from the BIND NS authoritative for parent domain.com to the W2K
DNS as authoritative for ad.sudomain.com, under which go all the
_underscore domains, and your dynamic zones, reserving the parent domain to
BIND and the BIND zones static.
>I guess a more specific question would be if Windows =
>AD can run with BIND9 (with DDNS enabled) instead of with Windows DNS.
BIND can serve the AD records and dynamic zones, but MS DHCP servers and
clients will not be able to do secure updating of BIND since MS uses
GSS-TSIG and BIND uses TSIG.
>I can address the workstation issue by making them register all with a =
>subdomain keeping them out of my root domain.
A good idea. sandbox the forward and reverse dynamic zones with the PCs
having A records like pclabel.wks.ad.domain.com.
http://MenAndMice.com/DNS-training : London; San Jose; Chicago
http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites
More information about the bind-users