ISC Bind in Active Directory

Matus UHLAR - fantomas uhlar at fantomas.sk
Wed Oct 24 13:12:55 UTC 2012


On 22.10.12 13:39, Nicholas F Miller wrote:
>We use Bind for all DNS including DDNS for our AD. We use GSS-TSIG to
>control what record types and machines can make dynamic updates to our AD
>zone.  We use ISC's DHCP but don't allow it to do DNS updates since we use
>GSS-TSIG at the client level instead. 

For me to understand: do your clients use GSS-TSIG to update temselves
instead of DHCP server doing the same?

>On Oct 22, 2012, at 11:36 AM, Aaron Thompson wrote:
>> Are you using AD or Bind for DNS/DHCP?  I'm assuming your using AD for
>> authentication.

>> On Oct 19, 2012, at 10:46 AM, Nicholas F Miller <nicholas.miller at Colorado.EDU> wrote:
>>> DDNS record scavenging is the only feature I'm aware of that MS DNS has
>>> that Bind doesn't .  On the flip side, ISC Bind can ACL who can add
>>> certain record types to a dynamic zone using GSS-TSIG as well as
>>> supports views and ACLs for recursion.  Everything else should be
>>> standard DNS.

isn't the client self-registration the reason why scavenging is needed?
-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"The box said 'Requires Windows 95 or better', so I bought a Macintosh".



More information about the bind-users mailing list