interoperability between Bind and Windows 2000 DNS

Barry Finkel b19141 at
Wed Jun 21 13:27:36 UTC 2006

Some Gumby" <Somegumby at> wrote:

>I'm an admin at Acme Widgets and we have both a Bind 9.2.1 DNS and a
>Windows 2000 server running DNS.
>Are there any preferences or which one should be the the master and
>which should be the slave?
>you can email me at sgumby at or sgumby at acmewidgets.local

Let the Windows 2000 Server be the master for those zones that will
be subject to dynamic DNS:

     1) The AD zones updated by the Domain Controllers
     2) The forward and reverse zones updated by a MS DHCP server

Those zones where the dynamic updates follow the MS security model
should be on the MS DNS Server, as those updates should be secure.
Those updates can not be secure on a BIND server, as BIND has not
implemented the MS security model.

Let the BIND be master for the static zones.  Have the dynamic zones
slaved on the BIND server.  Have your client machines point to the
BIND servers for DNS resolution.

For more information about interoperability between MS W2k DNS and
BIND, see the list archives, where there have been many postings over
the years.

Note: I cannot send this reply to

           sgumby at acmewidgets.local

      for obvious reasons.
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at
Argonne, IL   60439-4828             IBMMAIL:  I1004994

More information about the bind-users mailing list