AD & DNS??
frhak at hotmail.com
Sun Jan 18 14:29:14 UTC 2004
I like to start a conversation regarding DNS and AD. I like to get in
contact with people running DNS for companies with more than 20000 hosts.
Basically these are the facts:
At our 60000 users company it's blowing a heavy Microsoft Active Directory
wind. Microsoft have recommended our AD team to create one global AD zone,
we can call it microstuff.net. We are also currently using a geographical
DNS namespace under our own root name servers. We manage our geographical
and reverse zones with QIP. (We have lately been looking at Nominums very
interesting DNS solution, which might replace QIP in the future)
My thinking was that I will delegate microstuff.net to AD DNS servers and
they would have their SRV records in their huge global zone, and the
A-records would be located in the geographical zone as usual with PTR
pointing back to the GEO zone. In my world this would be a good DNS
solution, except for maybe the global SRV record zone.
When I have been discussing this with Microsoft they recommend us to have AD
members A-records in the global AD zone microstuff.net along with the SRV
records, because programmers some times takes for granted that the A-records
exists in the same zone as the SRV records.
We have been discussing three solutions:
1. A-records in geographical zones with corresponding PTR records. SRV
records in the AD zone microstuff.net. (This is what I want but is
depreciated by Microsoft)
2. A-records and SRV-records in microstuff.net and corresponding
PTR-records. (This is what Microsoft wants)
3. A-records in geographical zones with corresponding PTR records. SRV
records in the AD zone microstuff.net + an extra A-record for each AD member
in microstuff.net. (This is a terrible compromise since all AD members will
have two A-records and one PTR record.)
I like to know how other great companies have solved this.
More information about the bind-users