bind as slave DNS to windows AD dns server

Aleksander Kamenik aleksander at krediidiinfo.ee
Thu May 21 19:18:33 UTC 2009 

b19141 at anl.gov wrote:
> Aleksander Kamenik <aleksander at krediidiinfo.ee> wrote:
> 
>> I'm trying to setup BIND named to be a slave a MS Windows 2008 server's 
>> AD domain.
>>
>> I set it up to be the slave and it works fine and I can resolv A records 
>>from the domain on the slave bind. However I can't resolve some SRV 
>> records like
>>
>> _ldap._tcp.dc._msdcs.DOMAIN
>>
>> Without this functionality a windows PC is unable to connect to the 
>> windows domain.
>>
>> At first it looked like the Windows DNS server gave BIND a partial zone 
>> file. Later after some googling I realized it has something to do with 
>> dynamic updates which I don't know how to set up and am not familiar with.
>>
>> Most google replies deal with setting up bind as the master server. Is 
>> it at all possible for BIND to act as a slave and forward the SRV 
>> updates to the master? If so, please point me to relevant documentation.
> 
> What zones are you slaving on your BIND server?  There should be six:
> 
>      DomainDNSZones.example.com
>      ForestDNSZones.example.com
>      _msdcs.example.com
>      _sites.example.com
>      _tcp.example.com
>      _udp.example.com
> 

Ok, understood. I had only example.com slaved, turns out I have to get
the subdomains instead. I'll try this when I get to work. Thanks!

> If you have these six zones slaved on your BIND server, and these zones
> are being transferred successfully, then there should be no problems.
> See the archives of this list, where there have been many
> BIND/AD-related postings over the past years.
> 
> You wrote:
> 
>      Is it at all possible for BIND to act as a slave and forward the
>      SRV updates to the master?
> 
> I am not sure what you mean?  The Windows Domain Controllers will send
> any SRV updates to the Windows DNS Server, if the AD structure is
> properly configured.  Client machine might ask your BIND servers for
> SRV information, but the DCs should not be sending dynamic DNS updates
> to your BIND slave for SRV records.

Ok, got it.

Regards,

-- 

Aleksander Kamenik
System Administrator
Krediidiinfo AS
an Experian Company
Phone: +372 665 9649
Email: aleksander at krediidiinfo.ee

http://www.krediidiinfo.ee/
http://www.experiangroup.com/

More information about the bind-users mailing list