active directory, bind9, windows dns - TOGETHER

Chris Buxton cbuxton at menandmice.com
Thu Sep 21 21:06:11 UTC 2006


This is not an easy task. I'm just going to give an overview here of  
one way to solve the problem - there may be other approaches that  
meet your criteria.

What is the name of your AD domain? If it's network.prv, you'll need  
to do some fancy footwork to delegate just the parts necessary for AD  
to the DC. It's doable - instead of one delegation or stub zone, you  
would need 6. The subzones are _udp, _tcp, _sites, _msdcs,  
DomainDnsZones, and ForestDnsZones. You should also create an A  
record named network.prv pointing to your DC.

If your AD domain is something else, you won't need to do all that.  
Just make sure the BIND server can find that zone using either a  
delegation or a stub zone.

Create the necessary delegation(s) or stub zone(s) in the BIND server  
pointing to the DC. Make sure that the BIND server is not forwarding  
when asked anything ending in the name of your AD domain - you want  
it to be able to perform recursion internally and find data from the DC.

Configure any DHCP server to perform both forward and reverse dynamic  
DNS updates to register leases in DNS. This way, client machines  
won't be doing that. Make sure the DHCP server is configured to send  
DNS queries to MS DNS, so that it also sends updates there.

Configure MS DNS to forward all unknown queries to the BIND server.

No changes are required on the client machines.

Chris Buxton
Men & Mice
Take control of your network

On Sep 21, 2006, at 9:13 AM, jaro80 at gmail.com wrote:

> Hi All
>
> I have local network. Clients use WindowsXP, Linux Debian is my  
> router,
> www, ftp server etc and additionally DNS cache server (192.168.0.1).
> I'd like setup Active Directory in my network. I installed Windows  
> 2003
> Server as PDC with DNS (192.168.0.2). So, now have two DNS server.
>
> Bind works well, it resolves names like :
>
> john.network.prv - 192.168.0.10
> mark.network.prv - 192.168.0.11
> mat.network.prv - 192.168.0.12
> ...
>
> network.prv is my LOCAL domain, i don't have public domain.
>
> I'd like still use this server (bind) both with DNS server from  
> windows
> 2003.
>
> How i should configure bind and Windows DNS? I don't want change  
> client
> configuration (they use 192.168.0.1 (bind) as DNS)
>
>
> --------------
> my setup:
>
> ++++++++++++++++++++++++++++++++
> file db.network.prv
>
> $ORIGIN network.prv.
> $TTL 1D
> @  IN SOA deb hostmaster
>                20060919
>                8H;
>                4H;
>                4W;
>                1D;
> )
>
>       NS deb
>
> deb  	A  	192.168.0.1
> 2k3	A	192.168.0.1
> john	A	192.168.0.10
> mark	A	192.168.0.11
> ..
> ++++++++++++++++++++++++++++++++
> file db.192.168.0:
>
> $ORIGIN 0.168.192.in-addr.arpa.
> $TTL 1D
>
> @  IN SOA   deb.network.prv.   hostmaster.network.prv. (
>                200609192
>                28800
>                14400
>                2419200
>                86400
> )
>
> @     NS    deb.network.prv.
>
> 1     PTR   deb.network.prv.
> 2     PTR   2k3.network.prv.
> 10    PTR   john.network.prv.
> 11   PTR   mark.network.prv.
> ..
> ++++++++++++++++++++++++++++++++
>
> --
> Best Regards
>
>
>



More information about the bind-users mailing list