BIND integration with windows DNS

Barry Finkel b19141 at anl.gov
Tue Jul 27 12:56:05 UTC 2010 

Arnoud Tijssen <ATijssen at Ram.nl> wrote:

>I`m facing kind of a challenge. At the moment we have BIND and windows
>DNS within our corporate network.
>
>I would like to get rid of windows DNS and switch completely over to
>BIND, but since DNS is so intertwined with AD this is not an option
>since it probably introduces more problems then it solves
>
>So my next option was to delegate all the windows specific subdomains
>(i.e. _tcp.example.com, _udp.example.com, _sites.example.com,
>_msdcs.example.com etc.) to windows DNS for dynamic updates and let the
>main domain, .example.com, reside on BIND. After setting up BIND and
>windows DNS and removing the main domain entry from the windows DNS
>servers, leaving only the windows specific subdomains, and pointing the
>dns resolvers of windows to the BIND servers the windows clients were
>unable to register themselves within DNS and AD properly. It seems the
>clients register themselves in the main zone file of the domain, which
>resides on BIND.
>
>Since I don`t want all dynamic updates from windows clients polluting
>my main zone file, but still want one primary DNS serving the main
>domain instead of two, BIND and windows, what it is the best option if
>there is one.
>
>Any advise would greatly be appreciated.
>
>Cheers,
>Arnoud

There have been many AD/BIND integration postings in bind-users
over the past years; check the archives.  What I do is have the AD zones

     ForestDNSZones.example.com
     DomainDNSZones.example.com
     _msdcs.example.com
     _sites.example.com
     _tcp.example.com
     _udp.example.com

mastered on a Windows Domain Controller and slaved on my BIND servers.
There is no client machine that is configured to use the Windows DC
as its DNS server; all machines use my BIND servers as DNS servers.
I also slave the four AD zones for each of about 10 child domains of
example.com.  All of the dynamic updates are handled by Windows
securely.  But I see lots of machines attempting dynamic DNS on my
hidden BIND master.  I cannot tell if these are Windows machines
attempting self-registrations or Mac machines attempting to register
whatever.  I just ignore these messages, as I have no time to track
down the machines, and when I do, a new bunch of machines start DDNS.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 240, Room 5.B.8             Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994

More information about the bind-users mailing list