Question about best practices...

Simon Hobson dhcp1 at thehobsons.co.uk
Tue Sep 30 19:54:04 UTC 2008


Luis Fernando Lacayo wrote:

>We run a multi-platform DNS -  We have DNS running on a Linux Box 
>for the Static Devices (servers, firewall, etc) under cps.k12.il.us 
>... but all the windows boxes which are part of the Windows domain 
>are handled by MS_DNS under admin.cps.k12.il.us (the admin is 
>delegated to the windows environment).
>
>Now for the question...  If I do DDNS, and I wan't the reverse to 
>point to the "admin.cps.k12.il.us" domain will that also try to 
>update the forward "admin.cps.k12.il.us" zone?   Will that break 
>anything?

Yes, and Dunno.

I suspect that the clients will do their own forward updates anyway, 
assuming they are all part of the Active Directory setup. In that 
case, the ISC server would only try and update the reverse pointer 
record and there would be no problem.

If clients don't try and do their own forward updates, your ISC 
server will try - and you can't do signed updated with a Windows 
server as Microsoft won't say how the signing is done. As long as you 
configure the Windows DNS server to allow unsigned updated from your 
DNS server it will work.

What also might work for you would be to move the admin zone to a 
BIND DNS server and delegate all the subzones (6 I think) used by the 
Active Directory stuff to the Windows DNS server. I have that setup 
with a client where a Linux box does all the routing etc (with 
multiple VLANs), DHCP, DNS, and the Windows server does the Active 
Directory stuff. I haven't had to touch it for a good few months now 
- it "just works" :-)


More information about the dhcp-users mailing list