dhcpd & AD DDNS
dhcp1 at thehobsons.co.uk
Sun May 17 08:13:43 UTC 2009
<jim.sifferle at tektronix.com> wrote:
>Our environment currently uses MS DNS and DHCP and AD integrated dns
>zones and DDNS. We're not satisfied with the split scope option for
>dhcp redundancy and don't have plans to use the MS Clustering
>Service to gain redundancy.
>I'd like to take advantage of ISC dhcpd's dhcp failover feature.
>Can ISC dhcpd perform GSS-TSIG DDNS updates to an AD integrated DNS
>zone, either directly
No, ISC and MS can't talk directly with the security stuff turned on
as the MS signing stuff is still closed.
>or through ISC BIND 9.5 as a proxy?
Sort of !
You have two options :
1) You turn off signed updates (don't know how/if you can do that on
the MS server) in which case the ISC DHCP server can update the MS
DNS server. You'll then need to figure out what security controls
need to be in place. However, if you do this, then it's only step
further to use BIND for the DNS.
2) You run the top level domain on BIND, and delegate the AD forest
zones (there are six of them IIRC) to the MS server. I did set this
up for a customer some time ago and it works fine - they aren't a
customer any more, but I know the gateway this is on is still running
and has done so without intervention for several years !
If you do it this way, ISC DHCP and BIND can play happily together
with your root level domain, the MS server can happily play with the
Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
More information about the dhcp-users