BIND and AD

[DomiNosroB]

Hi all!

I have a BIND server setup and need to delegate control of the AD domain (xxx.local) to the WIN2K AD server, I think I also need to either setup automatic updates on the BINd server or manually enter the resource records. I think the later is the best choice. What then should these RR entries look like?

Thanks for your help!

 

[ITPangaeaArchitect]

ok here's the deal. using a third party DNS server is a bad idea in the first place from an AD perspective. But if you must....

it must be 4.9.6?? or 8.x and up
its gptta support SRV records AND dynamic updates

If you don't enable dynamic updates, you are in for problems at some point most likely (unless you remember to alter every record anytime something is done, like IP change, etc.)

The PDC emulator needs to point to itself for DNS, and itself only, all other DCs in the same location should point to the PDC for the preferred and you can either standardize the alternates (use same alternates in same order on all DCs). Better than that though, you can use forwarders to forward traffic to the other DCs and DNS servers in the enterprise (you should do that anyway). Forwarders should also be used to get to the BIND DNS server. You can use the BIND server as a bridge to the ISP/outside world so all resolution traffic bound for the internet is sent through the UNIX box if you need to.
As far as remote sites, standardize the DNS there, but pick one as the primary. They should all forward to the other DCs/DNS servers as well.

After all this I'm sure I'm forgetting something. There are a few ways to do it, but the one above will help ensure no replication issues.


-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there

 

[MTVW]

I would go with DDNS. Bind has to be at least 8.2.2 pack 5 for this to work. Saves headaches.