MS Active Directory and DNS and Bind 4TH Edition

[Martin McCormick]

	Thank you, Kevin darcy and rene mathis for your quick responses.  

	One last question based upon the fact that the practice
described in DNS and Bind covers the original four-zone scheme for
Windows2000 and we are using Windows2003 with two more special zones
as in _DomainDNSZones.DOMAIN.EDU and _ForestDNSZones.DOMAIN.EDU.

	My question is, does this still work?  I will be speaking to
some very skeptical folks and I don't want to end up with egg on my
face plus maybe a few thousand chicken feathers and a pot of hot tar
thrown in for emphasis.  I have seen the original 4-zone scheme work
fine and need to know if there are any hidden traps for W2K+3.

	I truly appreciate answers I can take to my boss or to others
who will probably have concerns.  I anticipate that once the zones are
in and the Microsoft controllers given write permission, this should be
as lo-maintenance as any other bind administrative functions are.
It's a matter of checking all the zones to be sure they update and
that the slaves are following along.  Once that is all working, the AD
customers should be happy if they understand that their host
registration goes through dhcp and not directly to the DNS.

	Again thank you.

Martin McCormick

Kevin Darcy writes:
>The GSS-TSIG stuff is still relatively new. 9.3 is still in beta. I 
>think it's a little premature to be talking about changing best 
>practices. Also, GSS-TSIG is not the only factor here, there are also