Active Directory Support

User, Public public at seajay.com
Mon Jan 5 18:36:00 UTC 2004


So many subdomains.....why does Bill Gates have to make everything so
difficult?

Thanks for the info Len, it helps..
Chris



Christopher P. Jenkins, Senior Consultant

Concordant, Inc.

P:  508-820-3080

F:  508-820-4367

C:  508-241-7415

E:  chris.jenkins at concordantinc.com


-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Len Conrad
Sent: Monday, January 05, 2004 1:31 PM
To: bind-users at isc.org
Subject: RE: Re: Active Directory Support


>Isn't the most obvious design applicable ? Placing ad in a sub-domain
>and having wintendo nameservers servicing that subdomain ?
>
>Well, yes, that design will work, but all of my Windows servers will =
=3D
>have the subdomain prepended to the root domain when all of the rest of
=3D
>the servers will have none, or another subdomain.  It would be best =3D
>organizationally to have a single, root domain (domain.com) to which
all =3D
>servers belong to.

One approach is to sandbox AD in a subdomain, ad.domain.com, and
delegate=20
that domain from the BIND NS authoritative for parent domain.com to the
W2K=20
DNS as authoritative for ad.sudomain.com, under which go all the=20
_underscore domains, and your dynamic zones, reserving the parent domain
to=20
BIND and the BIND zones static.

>I guess a more specific question would be if Windows =3D
>AD can run with BIND9 (with DDNS enabled) instead of with Windows DNS.

BIND can serve the AD records and dynamic zones, but MS DHCP servers and

clients will not be able to do secure updating of BIND since MS uses=20
GSS-TSIG and BIND uses TSIG.

>I can address the workstation issue by making them register all with a
=3D
>subdomain keeping them out of my root domain.

A good idea. sandbox the forward and reverse dynamic zones with the PCs=20
having A records like pclabel.wks.ad.domain.com.

Len


_____________________________________________________________________
http://MenAndMice.com/DNS-training : London; San Jose; Chicago
http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of
sites




More information about the bind-users mailing list