Mixed environments: DHCP Secure Update

Simon Hobson dhcp1 at thehobsons.co.uk
Wed Mar 21 18:38:12 UTC 2007

Michele Vetturi wrote:

>So, you indirectly suggest to use Bind9 + DHCP3 with TSIG secure
>updates, that was my original idea.
>Doing so, I will grant updates for any RR, including SRV updates, A
>and PTR inserts and deletes.

You won't be able to allow the Windows systems to do secure updates 
to the Bind service.

>In an Active Directory context, in your experience, what are the
>remaining steps which I will have to complete manually? Only
>underscore subdomains creations needs manual job?

You have the option of delegating those to the Windows box - it's 
more overhead but allows you to split the DNS for the main domain 
done properly on Bind, and the AD stuff done on the MS server. Having 
recently had another look at a Windows box, I'm "not impressed" !

>Does those Web GUIs supports such operations?

Webmin certainly does.

>Googling, I found mysqlBind, GAdminTools (GTK+, not Web) and WebBind.
>Which one is the better, in your opinion?
>Someone know any others GUI for BIND, stable and complete?

Webmin - http://www.webmin.com/

Will handle all this. I suspect that you might find your Windows 
admins overwhelmed by the options it can manage - so spend some time 
removing unused modules and setting up an account for them that just 
gives them what they need.

More information about the dhcp-users mailing list