Making windows 2003 DNS work with old BIND 8 DNS

[Jonathan de Boyne Pollard]

BF> To summarize what I have posted in the past:
BF>
BF> 1) Use a MS W2k/W2k+3 DNS Server for the "_" zones; use AD-integrated
BF>     zones on ONLY ONE Domain Controller.
BF>
BF> 2) Have those four (six for 2003) zones slaved on your BIND servers.

Both of those are bad advice.  There's no reason to explicitly restrict 
the use of Active Directory integrated "zones" to just one domain 
controller.  Indeed, doing that prevents one from reaping one of the 
primary benefits of Active Directory integration: multi-master 
replication via Active Directory.  Moreover, there's no reason that the 
"'_' zones" have to be served from a Microsoft DNS server.  One simply 
needs a server that is capabable of serving up the various resource 
record types (which some older server softwares are not).  The Microsoft 
documentation clearly describes the type of service that is required.  
Finally, there's no reason for the BIND servers to have secondary copies 
of the relevant "zones", and good reason (doing so would mix and match 
different DNS database replication mechanisms, which is a bad idea) for 
them *not* to do so.

<URL:http://microsoft.com./technet/itsolutions/migration/linux/mvc/cfgbind.mspx>
<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-soa-field-semantics.html#Replication>

As always, don't expect good advice about Microsoft's DNS server in the 
discussion forum for ISC's BIND.  If you want to know about Microsoft's 
DNS server and Active Directory, read the Microsoft product 
documentation (It's actually the best documented DNS server of them 
all.) and (then) ask in the Microsoft newsgroups (where, naturally 
enough, there are people who know a lot more about Microsoft's server 
than those in the ISC's BIND discussion forum do).