Mixed environments: DHCP Secure Update
mvetturi at yahoo.it
Thu Mar 22 13:34:12 UTC 2007
> I have successfully run a mixed BIND/AD environment for several years.
> This is a largish network (3500 clients, originally Win2000 now XP)
> using AD, but all DNS is run using BIND, in this case running on
> Solaris. Originally used Bind 8, now Bind 9.2.x.
> These articles gives a pretty good run down on using AD and BIND:
> (seems you need to register to read this now)
> is/deploy/depovg/CfgBIND.asp (link no longer available)
> (general MS DNS articles)
> (specific details about integrating AD into existing BIND setup)
> On your DNS servers you create 4 extra zones for each main zone, and
> allow the domain controllers access to update them. Make sure you
> delegate them correctly.
> The domain controllers will add a number of SRV records and also A records in
> the top level zones. It was easier to just let them do this so that DNS worked
> properly. There is a tool called dcdiag.exe that you can run on the domain
> controller toverify that DNS is set up properly from AD's perspective.
> The only option is to allow update by IP address, but hopefully the
> Domain Controllers are fairly secure and no-one should be spoofing
> their IP addresses. We didn't allow individual clients to do DNS updates.
> For DNS management we used an open source web based tool downloaded from
> dominium.sourceforge.net which we then hacked on pretty severely. I
> haven't seen the original updated in a long time.
Great *How-To*... :) Thank you.
I appreciate all your efforts to support me.
More information about the dhcp-users