Integrating Active Directory and BIND
Bryan
bind at nvethis.d2g.com
Wed Oct 30 19:04:08 UTC 2002
Hi,
I have a small home network that I use for email, web hosting, Secure
Shell, etc. I have a RedHat 7.3 box that is used for DNS, DHCP, Web
Hosting (HTTP, PHP, MySQL, etc.) and Secure Shell. I have a Windows
2000 Server box that I use mostly for file sharing (storage server) and
Antivirus Management (Symantec Smart Center 8).
My W2K box is currently configured with no DNS server and is also part
of a workgroup instead of a DOMAIN. I would like to upgrade this to a
Domain Controller (Active Directory) so that the client computers at my
home will fall under the AD Domain. I am not sure how to exactly go
about this. I have heard of two options, BIND is the main DNS which can
handle DDNS, and a W2K as a sub domain of your root domain, and will
handle the W2K client's DNS requests.
My top level domain is nvethis.d2g.com I use a dynamic DNS service
cause my cable company issues IP addresses via DHCP. My Linux server is
set up as a static IP internally (192.168.1.101) and so is my W2K Server
(192.168.1.110). My client computers are handled via DHCP which my
Linux box is also the server of. What I want to do is configure AD to
either be on the same domain (nvethis.d2g.com) or I would also be ok
with a sub domain name (home.nvethis.d2g.com
<http://home.nvethis.d2g.com/> ) Does anyone have any insight on how to
set this up?
I think my named.conf (/etc/named.conf) would look something like:
options {
directory "/var/named";
allow-query {
any;
};
recursion yes;
};
zone "." {
type hint;
file "root.zone";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "1.168.192.zone";
allow-update{};
};
zone "nvethis.d2g.com" {
type master;
file "nvethis.d2g.com.zone";
allow-update{};
};
// Domain controllers for nvethis.d2g.com
acl DC-nvethis.d2g.com {
192.168.1.110;
};
// Active Directory - _msdcs
zone "_msdcs.nvethis.d2g.com" {
type master;
allow-update {
localnets;
DC-nvethis.d2g.com;
};
check-names ignore;
file "_msdcs.nvethis.d2g.com.db";
};
// Active Directory - _sites
zone "_sites.nvethis.d2g.com" {
type master;
allow-update {
localnets;
DC-nvethis.d2g.com;
};
check-names ignore;
file "_sites.nvethis.d2g.com.db";
};
// Active Directory - _tcp
zone "_tcp.nvethis.d2g.com" {
type master;
allow-update {
localnets;
DC-nvethis.d2g.com;
};
check-names ignore;
file "_tcp.nvethis.d2g.com.db";
};
// Active Directory - _udp
zone "_udp.nvethis.d2g.com" {
type master;
allow-update {
localnets;
DC-nvethis.d2g.com;
};
check-names ignore;
file "_udp.nvethis.d2g.com.db";
};
but when it makes reference to the zones, _tcp.nvethis.d2g.com what
would the file look like?
My nvethis.d2g.com.zone file looks like this:
$TTL 3600 ; 1 hour
nvethis.d2g.com. IN SOA ns.nvethis.d2g.com.
webmaster.nvethis.d2g.com. (
2002090401 ; serial
3600 ; refresh (1 hour)
900 ; retry (15 minutes)
1209600 ; expire (2 weeks)
3600 ; minimum (1 hour)
)
NS ns.nvethis.d2g.com.
MX 10 mx.nvethis.d2g.com.
A 192.168.1.101
ns A 192.168.1.101
mx CNAME ns
www CNAME ns
ftp CNAME ns
sandbox A 192.168.1.110
rtr A 192.168.1.1
client01 A 192.168.1.201
client02 A 192.168.1.202
client03 A 192.168.1.203
client04 A 192.168.1.204
client05 A 192.168.1.205
client06 A 192.168.1.206
client07 A 192.168.1.207
client08 A 192.168.1.208
client09 A 192.168.1.209
My 1.168.123.zone file looks like this:
$TTL 3600 ; 1 hour
1.168.192.in-addr.arpa. IN SOA ns.nvethis.d2g.com.
webmaster.nvethis.d2g.com. (
2002090401 ; serial
3600 ; refresh (1 hour)
900 ; retry (15 minutes)
1209600 ; expire (2 weeks)
3600 ; minimum (1 hour)
)
NS ns.nvethis.d2g.com.
1 PTR rtr.nvethis.d2g.com.
101 PTR ns.nvethis.d2g.com.
110 PTR sandbox.nvethis.d2g.com.
201 PTR client01.nvethis.d2g.com.
202 PTR client02.nvethis.d2g.com.
203 PTR client03.nvethis.d2g.com.
204 PTR client04.nvethis.d2g.com.
205 PTR client05.nvethis.d2g.com.
206 PTR client06.nvethis.d2g.com.
207 PTR client07.nvethis.d2g.com.
208 PTR client08.nvethis.d2g.com.
209 PTR client09.nvethis.d2g.com.
Is that what my _tcp.nvethis.d2g.com.zone would look like?
So, there are my files, can someone please point me in the right
direction. I would really appreciate it. Email me directly at
bind at nvethis.d2g.com Thanks.
Bryan H.
Information Technology Specialist
Defense Modeling & Simulation Office (DMSO)
Science Applications International Corporation (SAIC)
More information about the bind-users
mailing list