FW: MS Active Directory using BIND DDNS
Tomica Crnek
Tomica.Crnek at hrt.hr
Tue Aug 6 20:45:58 UTC 2002
Let's say you have a domain yourdomain.com which contains AD. You have to
configure 4 subzones for it: _msdcs, _tcp, _udp and _sites. The
configuration will look something like:
// Domain controllers for yourdomain.com
acl DC-yourdomain.com {
1.2.3.4;
5.6.7.8;
};
// Active Directory - _msdcs
zone "_msdcs.yourdomain.com" {
type master;
allow-update {
localnets;
DC-yourdomain.com;
};
check-names ignore;
file "_msdcs.yourdomain.com.db";
};
// Active Directory - _sites
zone "_sites.yourdomain.com" {
type master;
allow-update {
localnets;
DC-yourdomain.com;
};
check-names ignore;
file "_sites.yourdomain.com.db";
};
// Active Directory - _tcp
zone "_tcp.yourdomain.com" {
type master;
allow-update {
localnets;
DC-yourdomain.com;
};
check-names ignore;
file "_tcp.yourdomain.com.db";
};
// Active Directory - _udp
zone "_udp.yourdomain.com" {
type master;
allow-update {
localnets;
DC-yourdomain.com;
};
check-names ignore;
file "_udp.yourdomain.com.db";
};
You see that you must allow your AD domain controlers to send DDNS updates
to all these zones. Therefore you could use configuration like this one with
access list which contains addresses of AD controlers. I have put two
controlers with addresses 1.2.3.4 and 5.6.7.8. Then, you must not check
names in theese subzones, as MS is using underscores "_" in names.
Make sure you allow DDNS updates from your AD controlers to yourdomain.com
also.
I hope this will help for the start.
Tomica
-----Original Message-----
From: Cinense, Mark [mailto:macinen at sandia.gov]
Sent: Tuesday, August 06, 2002 10:18 PM
To: 'Tomica Crnek'
Subject: RE: MS Active Directory using BIND DDNS
Tomica, Would you be able to tell me more of what you had to do? Also any
technical gotcha's that may have come up.
thanks a bunch,
Mark Cinense
Dept. 9329
Unix Systems Administrator/SNL TLDNS Administrator
505.540.3092 Pager
-----Original Message-----
From: Tomica Crnek [mailto:Tomica.Crnek at hrt.hr]
Sent: Tuesday, August 06, 2002 2:12 PM
To: 'Cinense, Mark'
Cc: Bind-Users-Group (E-mail)
Subject: RE: MS Active Directory using BIND DDNS
Yes, and it is working fine. There are some things in ISC bind configuration
that have to be done but after that I can't see any problems.
-----Original Message-----
From: Cinense, Mark [mailto:macinen at sandia.gov]
Sent: Tuesday, August 06, 2002 8:51 PM
To: Bind-Users-Group (E-mail)
Subject: MS Active Directory using BIND DDNS
Greetings,
Our group just finished visiting with an MS consultant, that we are
paying top dollar for. I had asked him if he has worked with integrating an
Active Directory environment using a BIND DDNS. Well, his answer was no.
Is there anyone using a BIND DDNS server that is seperate, with a Microsoft
Active Directory, Domain Controller. Any pros and con experience input
highly welcomed.
thanks...
Mark Cinense
-----------------------------------------------------------------
Poruka je prilikom prijema u HRTNet
pregledana s obzirom na viruse.
-----------------------------------------------------------------
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
**********************************************************************
-----------------------------------------------------------------
Poruka je prilikom prijema u HRTNet
pregledana s obzirom na viruse.
-----------------------------------------------------------------
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
**********************************************************************
More information about the bind-users
mailing list