Is this possible
Barry Finkel
b19141 at achilles.ctd.anl.gov
Tue Mar 23 16:34:05 UTC 2004
Robb Edge" <Robb.Edge at savant.co.uk> wrote:
>In the final stages of Active Directory planning, but one thing that
>keeps nagging me is DNS. Currently run Bind on VMS for all our DNS
>needs. Planning to run the DNS on a W2K3 server for the active
>directory requirements and to stop Bind from getting all the updates.
>Adding NS entries to bind for the 4 zones i need to delegate to the 2K3
>server.
>This also helps in that i dont have to go round re-configuring all my
>desktop's with new DNS servers.
>Now the niggling bit.
>When i finish i'll have 1 AD dns server, which is fine and dandy till it
>falls over at which point i'm stuffed.
>If i set up a 2nd 2K3 server with DNS and have it as a secondary zone, what
>do ineed to add to Bind so that clients will see it if i loose the master
>zone?
And there have been a number of replies:
Barry Finkel:
BF> You could have the W2k3 zones AD-integrated, so each W2k3
BF> DNS Server would be a "master", but then you run into
BF> serial number problems as documented in MS article 282826.
Jonathan de Boyne Pollard:
JdeBP> This is, of course, a red herring. Since the serial number
JdeBP> is irrelevant when one is using Active Directory database
JdeBP> replication, there are no problems with it to run in to.
BF> This is NOT a red herring. This newsgroup is concerned with BIND,
BF> and when one mixes an MS multi-master zone with a BIND slave, [...]
JdeBP> ... one isn't doing what the original poster _said_ he was doing. As
JdeBP> I've said twice now, this is a red herring. Indeed, doubly so. It's
JdeBP> a red herring because it is irrelevant when one is using Active
JdeBP> Directory database replication, and it is a red herring because it
JdeBP> is irrelevant to the situation that the original poster described.
I included the original posting because there seems to be some
difference in interpretation of what that poster wanted to do.
I believe that this is what the poster said:
1) Has an existing BIND running in VMS.
2) Plans to run MS W2k+3 DNS for AD needs.
3) Does not want DDNS on his BIND server.
4) Does not want to re-configure existing desktop for new MS DNS
Server.
5) Wants to set up second W2k+3 zone as a slave.
6) Questions how to let BIND know about the W2k+3 slave.
My initial response was to use the BIND server as a slave for the AD
zones mastered on the first W2k+3 server so that the BIND server,
which all the existing desktops use for DNS resolution, will have the
zones and not have to forward the queries to the W2k+3 server. In this
case there will be no need for a W2k+3 server as a slave.
I also mentioned that if the poster were to go thus route, then he
should think twice about using the MS AD multi-master configuration
because there can be serial number problems on the BIND slave.
I agree that the only question asked is 6), and I did not specifically
answer that question. But I did explain how to get a slave server for
the AD zones, albeit not a W2k+3 slave server. So, I believe that my
response was germaine to the original posting, and my discussion of
the serial number problem was NOT a "red herring".
To answer question 6) -- The poster could have
a) a second W2k+3 server as a slave for the AD zones, not as a
multi-master of the first. And the NS delegation records in
the BIND zone would list both servers.
or
b) a second W2k+3 server for the AD zones in a multi-master
configuration. And the NS delegation records in the BIND
zone would list both servers.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Instrumentation Solutions Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 222, Room D209 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994
More information about the bind-users
mailing list