Active Directory Support
public at seajay.com
Mon Jan 5 18:36:00 UTC 2004
So many subdomains.....why does Bill Gates have to make everything so
Thanks for the info Len, it helps..
Christopher P. Jenkins, Senior Consultant
E: chris.jenkins at concordantinc.com
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Len Conrad
Sent: Monday, January 05, 2004 1:31 PM
To: bind-users at isc.org
Subject: RE: Re: Active Directory Support
>Isn't the most obvious design applicable ? Placing ad in a sub-domain
>and having wintendo nameservers servicing that subdomain ?
>Well, yes, that design will work, but all of my Windows servers will =
>have the subdomain prepended to the root domain when all of the rest of
>the servers will have none, or another subdomain. It would be best =3D
>organizationally to have a single, root domain (domain.com) to which
>servers belong to.
One approach is to sandbox AD in a subdomain, ad.domain.com, and
that domain from the BIND NS authoritative for parent domain.com to the
DNS as authoritative for ad.sudomain.com, under which go all the=20
_underscore domains, and your dynamic zones, reserving the parent domain
BIND and the BIND zones static.
>I guess a more specific question would be if Windows =3D
>AD can run with BIND9 (with DDNS enabled) instead of with Windows DNS.
BIND can serve the AD records and dynamic zones, but MS DHCP servers and
clients will not be able to do secure updating of BIND since MS uses=20
GSS-TSIG and BIND uses TSIG.
>I can address the workstation issue by making them register all with a
>subdomain keeping them out of my root domain.
A good idea. sandbox the forward and reverse dynamic zones with the PCs=20
having A records like pclabel.wks.ad.domain.com.
http://MenAndMice.com/DNS-training : London; San Jose; Chicago
http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of
More information about the bind-users