ISC Bind in Active Directory

Nicholas F Miller nicholas.miller at Colorado.EDU
Mon Oct 22 19:39:29 UTC 2012


We use Bind for all DNS including DDNS for our AD. We use GSS-TSIG to control what record types and machines can make dynamic updates to our AD zone. We use ISC's DHCP but don't allow it to do DNS updates since we use GSS-TSIG at the client level instead.
_________________________________________________________
Nicholas Miller, OIT, University of Colorado at Boulder




On Oct 22, 2012, at 11:36 AM, Aaron Thompson wrote:

> Nicholas,
> 
> Are you using AD or Bind for DNS/DHCP?  I'm assuming your using AD for authentication.
> 
> Thanks for the feed back and input on the survey!
> 
> Survey Request:	Active Directory with ISC Bind and DHCPD
> http://www.surveymonkey.com/s/2VYNKW
> 
> -
> Aaron Thompson
> Network Architect for IT Operations
> 
> Berklee College of Music         
> 1140 Boylston Street, MS-186-NETT
> Boston, MA 02215-3693
> 
> www.berklee.edu
> 617.747.8656
> Twitter: @thomp318
> 
> On Oct 19, 2012, at 10:46 AM, Nicholas F Miller <nicholas.miller at Colorado.EDU> wrote:
> 
>> DDNS record scavenging is the only feature I'm aware of that MS DNS has that Bind doesn't . On the flip side, ISC Bind can ACL who can add certain record types to a dynamic zone using GSS-TSIG as well as supports views and ACLs for recursion. Everything else should be standard DNS.
>> 
>> _________________________________________________________
>> Nicholas Miller, OIT, University of Colorado at Boulder
>> 
>> 
>> 
>> 
>> On Oct 18, 2012, at 12:03 PM, Aaron Thompson wrote:
>> 
>>> Hi All,
>>> 
>>> I'm hopping to get some feedback from people who use ISC Bind and DHCPD in Active Directory environments.
>>> 
>>> Currently we use Bind/DHCPD for dynamic DNS and DHCP.  It's been a pretty stable service, redundant and we are polling statistics with Cacti.  There is concern by Management of using a somewhat non standard approach for Active Directory SRV records being handled by ISC services and not AD.
>>> 
>>> The options we are looking at is migrating to AD for DNS and DHCP services or to have Bind/DHCPD handle SRV records for AD.
>>> 
>>> Some technical info on our our BIND environment.
>>> 
>>> Some Client Identifiers
>>> 300 DHCP Pools
>>> Dynamic DNS
>>> Cacti Graphs - Reporting
>>> Syslog via Splunk
>>> 
>>> Overall it's been a very stable design for the last 5+ years.
>>> 
>>> If you have any relevant feed back I would appreciate it.  I'm looking for information on experience with Active Directory integration with ISC or if anyone has had problems/stability issues with AD doing DNS/DHCP or AD working with ISC.
>>> 
>>> Thanks in advance.
>>> 
>>> Here's a brief survey for Schools that have ISC running in an AD environment.
>>> 
>>> http://www.surveymonkey.com/s/2VYNKWR
>>> 
>>> -
>>> Aaron Thompson
>>> Network Architect for IT Operations
>>> 
>>> Berklee College of Music         
>>> 1140 Boylston Street, MS-186-NETT
>>> Boston, MA 02215-3693
>>> 
>>> www.berklee.edu
>>> 617.747.8656
>>> 
>>> -
>>> Aaron Thompson
>>> Network Architect for IT Operations
>>> 
>>> Berklee College of Music         
>>> 1140 Boylston Street, MS-186-NETT
>>> Boston, MA 02215-3693
>>> 
>>> www.berklee.edu
>>> 617.747.8656
>>> 
>>> _______________________________________________
>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>> 
>>> bind-users mailing list
>>> bind-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users
>> 
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>> 
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
> 




More information about the bind-users mailing list