ISC Bind in Active Directory

Aaron Thompson athompson at berklee.edu
Mon Oct 22 17:33:17 UTC 2012 

Michael, much appreciation for the feed back from our west coast Berkeley!

You wouldn't know or have a copy of that Gartner paper would you??

Best,

Aaron
-
Aaron Thompson
Network Architect for IT Operations

Berklee College of Music         
1140 Boylston Street, MS-186-NETT
Boston, MA 02215-3693

www.berklee.edu
617.747.8656
Twitter: @thomp318

On Oct 18, 2012, at 5:00 PM, Michael Sinatra <michael at RANCID.BERKELEY.EDU> wrote:

> On 10/18/12 11:03 AM, Aaron Thompson wrote:
>> Hi All,
>> 
>> I'm hopping to get some feedback from people who use ISC Bind and DHCPD
>> in Active Directory environments.
>> 
>> Currently we use Bind/DHCPD for dynamic DNS and DHCP.  It's been a
>> pretty stable service, redundant and we are polling statistics with
>> Cacti.  There is concern by Management of using a somewhat non standard
>> approach for Active Directory SRV records being handled by ISC services
>> and not AD.
> 
> Microsoft may tell management that it's non-standard, but it's not.
> What you're describing is very common, especially among EDUs.
> 
> Management's attitude appears to be based on two myths:
> 
> 1. You must use AD integrated DNS for your AD installation.
> 2. You must use DDNS for your AD installation (at least for the relevant
> SRV records).
> 
> Neither of these are true, and plenty of places have gotten by for at
> least a decade with *static* SRV records in a BIND server.
> 
> A few years ago, Gartner did a paper where they discussed "new features"
> that Microsoft claims "require" AD-integrated DNS.  Gartner's conclusion
> was that this is basically not true and that if the current BIND-AD
> integration is working for you, then you should stick with it.
> 
> [snip]
> 
>> Overall it's been a very stable design for the last 5+ years.
> 
> It sounds like something that's not broken and shouldn't be fixed.
> Again, this is the experience at other EDUs.
> 
>> If you have any relevant feed back I would appreciate it.  I'm looking
>> for information on experience with Active Directory integration with ISC
>> or if anyone has had problems/stability issues with AD doing DNS/DHCP or
>> AD working with ISC.
>> 
>> Thanks in advance.
>> 
>> Here's a brief survey <http://www.surveymonkey.com/s/2VYNKWR> for
>> Schools that have ISC running in an AD environment.
>> 
>> http://www.surveymonkey.com/s/2VYNKWR
> 
> Done, on behalf of the "other" Berkeley. :)
> 
> michael
>

More information about the bind-users mailing list