Antwort: BIND and AD integration

holger.honert at holger.honert at
Wed Mar 9 10:53:57 UTC 2005

Hi John,
you don't have to worry about the time difference of the documents you 
have found. It has nothing changed, regarding BIND and AD. MS is speaking 
of ADv1 (w2k) and ADv2(w2k3) and the main 
difference is in the maintenance and design of AD itself. you are running 
fine with this hints given in the documents, but I would suggest you 
running the latest version of bind.

the logging of ddns-updates done by DC or GC (or DHCP-Servers) contains 
more information. 
this is important if the so called sysadmins or better said AD-Admins 
complaining about not registered records in domains and so on .. ;-)

and if you have any influence on AD-Design, please tell them to use an 
empty root-domain for administrative reasons.


Kind Regards/Freundlichen Gruß
Holger Honert
Joseph-Scherer-Str. 3
44139 Dortmund
Phone: +49 231/135-4043
FAX: +49 231/135-2959
mailto: holger.honert at

John Welch <jrw3319 at>
Gesendet von: bind-users-bounce at
08.03.2005 23:29
An:           comp-protocols-dns-bind at
Thema:        BIND and AD integration

In the near future my company will be migrating from a Windows NT
domain to a Windows 2003 Active Directory infrastructure.  We are
currently using BIND version 9.2 running on Linux servers for our
internal DNS needs.  We are also using ISC's DHCP server, which is
configured to do Dynamic DNS updates for the clients.  My goal is to
continue to use BIND and our current DHCP server setup and not have to
get involved with setting up these services on the MS side of things.
My knowledge of AD is limited at this point, but I will be getting
some training soon, and we will also have some outside help with the
migration process.  However, I have a feeling that both the training
and the outside help will be slanted toward Microsoft.  I want to be
prepared to make the necessary adjustments to our BIND configuration,
so that we don't get forced into using the Microsoft services.

I've been searching around for some information on this topic and have
found some relevant things.   I came across the "BIND + AD HOWTO" and
I also found a Linux Magazine article written by Cricket Liu
describing this setup.  Both describe the setup of four sub-domains
with the the BIND configuration (_msdcs, _sites, _tcp, and _upd). 

The one thing that has me concerned is the fact that both of these
documents were written in 2001.  I'm wondering if this type of setup
still applies, especially under Windows 2003, as opposed to Windows
2000, which is referenced in both documents.  I'm  looking for any
additional reference material that may be available for BIND
integration with AD.  I'd also be interesting in hearing from anyone
that has this type of setup (any "gotchas", or major configuration
changes to be aware of?).


More information about the bind-users mailing list