Active Directory Support

User, Public public at
Mon Jan 5 18:36:00 UTC 2004

So many subdomains.....why does Bill Gates have to make everything so

Thanks for the info Len, it helps..

Christopher P. Jenkins, Senior Consultant

Concordant, Inc.

P:  508-820-3080

F:  508-820-4367

C:  508-241-7415

E:  chris.jenkins at

-----Original Message-----
From: bind-users-bounce at [mailto:bind-users-bounce at] On
Behalf Of Len Conrad
Sent: Monday, January 05, 2004 1:31 PM
To: bind-users at
Subject: RE: Re: Active Directory Support

>Isn't the most obvious design applicable ? Placing ad in a sub-domain
>and having wintendo nameservers servicing that subdomain ?
>Well, yes, that design will work, but all of my Windows servers will =
>have the subdomain prepended to the root domain when all of the rest of
>the servers will have none, or another subdomain.  It would be best =3D
>organizationally to have a single, root domain ( to which
all =3D
>servers belong to.

One approach is to sandbox AD in a subdomain,, and
that domain from the BIND NS authoritative for parent to the
DNS as authoritative for, under which go all the=20
_underscore domains, and your dynamic zones, reserving the parent domain
BIND and the BIND zones static.

>I guess a more specific question would be if Windows =3D
>AD can run with BIND9 (with DDNS enabled) instead of with Windows DNS.

BIND can serve the AD records and dynamic zones, but MS DHCP servers and

clients will not be able to do secure updating of BIND since MS uses=20

>I can address the workstation issue by making them register all with a
>subdomain keeping them out of my root domain.

A good idea. sandbox the forward and reverse dynamic zones with the PCs=20
having A records like


_____________________________________________________________________ : London; San Jose; Chicago : free anti-spam gateway, runs on 1000's of

More information about the bind-users mailing list