Getting BIND to work with an AD hosted DNS domain

Vinny Abello vinny at
Fri Jun 16 15:32:18 UTC 2006

At 09:39 AM 6/16/2006, Mark Drummond wrote:
>My Sun servers were all configured to use a BIND based DNS service
>running on some of my Sun boxes. The DNS domain used is my company's
>official domain name which for arguments sake we call "".
>Recently the Windows folks completed a migration to AD, and with that
>they implemented an AD based DNS service. On the brilliant
>recommendation of some consultants, rather than using "" the AD
>folks set up "myco.corp".
>My problem is, my laptop needs to be in myco.corp to function properly
>in the AD domain (things like connecting to Exchange), but at the same
>time I still need to be able to resolve to work with my Sun
>I'm sure there is probably some way to configure my workstation to
>handle this, but I would prefer a more elegant server side solution.
>What I would like is the following:
>* Manually configure my laptop to reference the DNS service on my Sun
>systems so I can resolve (Done.)
>* Have the DNS service on my Sun boxes forward requests for myco.corp to
>the AD servers.
>* And have DNS requests for everything else forwarded to our external
>DNS servers, which are currently hosted by our service provider.
>I'm not completely sure how to implement this. I've been
>using/configuring BIND for many years, but never really had to do much
>more than very basic configs.
>Any pointers are greatly appreciated!

You're best bet for consistency is to make it so both the Windows and 
Sun DNS servers are aware of the opposing domains in some way. 
Typically you can just do conditional forwarding to achieve this so 
requests for just that domain are forwarded to the server you know 
that hosts them. Assuming these boxes are also the recursive DNS 
servers your clients point to, that would enable it so either sets of 
resolvers you use would enable you to resolve the opposing domain on 
the other DNS servers.

Vinny Abello
Network Engineer
Server Management
vinny at
(973)300-9211 x 125
(973)940-6125 (Direct)
PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0  E935 5325 FBCB 0100 977A

Tellurian Networks - The Ultimate Internet Connection (888)TELLURIAN

"Courage is resistance to fear, mastery of fear - not absence of 
fear" -- Mark Twain

More information about the bind-users mailing list