Antwort: BIND and AD integration

John Welch jrw3319 at
Wed Mar 9 17:59:01 UTC 2005

Thank you, this does help.

Since I will have influence on the AD design can tell me why it is
important to use an empty root-domain, or point me to where I can find
more information on this issue.

On Wed, 9 Mar 2005 11:53:57 +0100, holger.honert at

>Hi John,
>you don't have to worry about the time difference of the documents you 
>have found. It has nothing changed, regarding BIND and AD. MS is speaking 
>of ADv1 (w2k) and ADv2(w2k3) and the main 
>difference is in the maintenance and design of AD itself. you are running 
>fine with this hints given in the documents, but I would suggest you 
>running the latest version of bind.
>the logging of ddns-updates done by DC or GC (or DHCP-Servers) contains 
>more information. 
>this is important if the so called sysadmins or better said AD-Admins 
>complaining about not registered records in domains and so on .. ;-)
>and if you have any influence on AD-Design, please tell them to use an 
>empty root-domain for administrative reasons.
>Kind Regards/Freundlichen Gruß
>Holger Honert
>Joseph-Scherer-Str. 3
>44139 Dortmund
>Phone: +49 231/135-4043
>FAX: +49 231/135-2959
>mailto: holger.honert at
>John Welch <jrw3319 at>
>Gesendet von: bind-users-bounce at
>08.03.2005 23:29
>An:           comp-protocols-dns-bind at
>Thema:        BIND and AD integration
>In the near future my company will be migrating from a Windows NT
>domain to a Windows 2003 Active Directory infrastructure.  We are
>currently using BIND version 9.2 running on Linux servers for our
>internal DNS needs.  We are also using ISC's DHCP server, which is
>configured to do Dynamic DNS updates for the clients.  My goal is to
>continue to use BIND and our current DHCP server setup and not have to
>get involved with setting up these services on the MS side of things.
>My knowledge of AD is limited at this point, but I will be getting
>some training soon, and we will also have some outside help with the
>migration process.  However, I have a feeling that both the training
>and the outside help will be slanted toward Microsoft.  I want to be
>prepared to make the necessary adjustments to our BIND configuration,
>so that we don't get forced into using the Microsoft services.
>I've been searching around for some information on this topic and have
>found some relevant things.   I came across the "BIND + AD HOWTO" and
>I also found a Linux Magazine article written by Cricket Liu
>describing this setup.  Both describe the setup of four sub-domains
>with the the BIND configuration (_msdcs, _sites, _tcp, and _upd). 
>The one thing that has me concerned is the fact that both of these
>documents were written in 2001.  I'm wondering if this type of setup
>still applies, especially under Windows 2003, as opposed to Windows
>2000, which is referenced in both documents.  I'm  looking for any
>additional reference material that may be available for BIND
>integration with AD.  I'd also be interesting in hearing from anyone
>that has this type of setup (any "gotchas", or major configuration
>changes to be aware of?).
> Thanks,

More information about the bind-users mailing list