Mixed environments: DHCP Secure Update
Glenn.Satchell at uniq.com.au
Thu Mar 22 14:02:25 UTC 2007
>Date: Thu, 22 Mar 2007 14:34:12 +0100
>From: "Michele Vetturi" <mvetturi at yahoo.it>
>> I have successfully run a mixed BIND/AD environment for several years.
>> This is a largish network (3500 clients, originally Win2000 now XP)
>> using AD, but all DNS is run using BIND, in this case running on
>> Solaris. Originally used Bind 8, now Bind 9.2.x.
>> These articles gives a pretty good run down on using AD and BIND:
>> (seems you need to register to read this now)
>> is/deploy/depovg/CfgBIND.asp (link no longer available)
>> (general MS DNS articles)
>> (specific details about integrating AD into existing BIND setup)
>> On your DNS servers you create 4 extra zones for each main zone, and
>> allow the domain controllers access to update them. Make sure you
>> delegate them correctly.
>> The domain controllers will add a number of SRV records and also A records in
>> the top level zones. It was easier to just let them do this so that DNS
>> properly. There is a tool called dcdiag.exe that you can run on the domain
>> controller toverify that DNS is set up properly from AD's perspective.
>> The only option is to allow update by IP address, but hopefully the
>> Domain Controllers are fairly secure and no-one should be spoofing
>> their IP addresses. We didn't allow individual clients to do DNS updates.
>> For DNS management we used an open source web based tool downloaded from
>> dominium.sourceforge.net which we then hacked on pretty severely. I
>> haven't seen the original updated in a long time.
>Great *How-To*... :) Thank you.
>I appreciate all your efforts to support me.
No problem - this was something I had saved from about 5 years ago, I
only had to follow up the links as the old ones had disappearred.
More information about the dhcp-users