Recommendations on integrating BIND and AD

Mark Damrose mdamrose at
Fri Jan 30 19:08:17 UTC 2004

"Kevin Darcy" <kcd at> wrote in message
news:bvceuo$ne7$1 at
> Bell, William IT wrote:
> >In addition, he says that ISC doesn't properly expire leases in AD.
> >
> Wouldn't know. Don't use ISC's DHCP implementation...
Actually, this is backwards.  MS server improperly removes DDNS.
MS OSs don't properly remove entries they have made once they are
no longer needed (AD DHCP doesn't add clients, they self-register).
MS DNS servers assume that clients don't clean up after themselves,
and drop all DNS entries made dynamically.  MS OSs assume the DNS
server is going to silently discard their DNS entries, so periodically
re-add them.

ISCs DHCP server adds a DNS entry *once* - when the lease is created.
It then deletes the entry *once* - when the lease expires or is released.
ISC recommends setting the flag to tell the client not to attempt their own

I have a completely ISC DNS/DHCP shop with AD.
Top level domain is static only.
AD subdomains in the forest are DHCP server updated using TSIG.
AD servers A records manually entered - servers have static IP.
Underscore domains restricted to AD servers IP.
The only issues I have are that there doesn't appear to be a printer
manufacturer out there who can get a DHCP client right, but that's
a different rant.

More information about the bind-users mailing list