Integrating Active Directory with BIND
Kevin Darcy
kcd at daimlerchrysler.com
Wed Oct 30 22:04:56 UTC 2002
"Bryan Heusmann (SAIC)" wrote:
> Hi,
>
> I have a small home network that I use for email, web hosting, Secure
> Shell, etc. I have a RedHat 7.3 box that is used for DNS, DHCP, Web
> Hosting (HTTP, PHP, MySQL, etc.) and Secure Shell. I have a Windows
> 2000 Server box that I use mostly for file sharing (storage server) and
> Antivirus Management (Symantec Smart Center 8).
>
> My W2K box is currently configured with no DNS server and is also part
> of a workgroup instead of a DOMAIN. I would like to upgrade this to a
> Domain Controller (Active Directory) so that the client computers at my
> home will fall under the AD Domain. I am not sure how to exactly go
> about this. I have heard of two options, BIND is the main DNS which can
> handle DDNS, and a W2K as a sub domain of your root domain, and will
> handle the W2K client's DNS requests.
>
> My top level domain is nvethis.d2g.com I use a dynamic DNS service
> cause my cable company issues IP addresses via DHCP. My Linux server is
> set up as a static IP internally (192.168.1.101) and so is my W2K Server
> (192.168.1.110). My client computers are handled via DHCP which my
> Linux box is also the server of. What I want to do is configure AD to
> either be on the same domain (nvethis.d2g.com) or I would also be ok
> with a sub domain name (home.nvethis.d2g.com
> <http://home.nvethis.d2g.com/> ) Does anyone have any insight on how to
> set this up?
>
> I think my named.conf (/etc/named.conf) would look something like:
>
> options {
> directory "/var/named";
> allow-query {
> any;
> };
> recursion yes;
> };
>
> zone "." {
> type hint;
> file "root.zone";
> };
>
> zone "1.168.192.in-addr.arpa" {
> type master;
> file "1.168.192.zone";
> allow-update{};
> };
>
> zone "nvethis.d2g.com" {
> type master;
> file "nvethis.d2g.com.zone";
> allow-update{};
> };
>
> // Domain controllers for nvethis.d2g.com
> acl DC-nvethis.d2g.com {
> 192.168.1.110;
> };
>
> // Active Directory - _msdcs
> zone "_msdcs.nvethis.d2g.com" {
> type master;
> allow-update {
> localnets;
> DC-nvethis.d2g.com;
> };
> check-names ignore;
> file "_msdcs.nvethis.d2g.com.db";
> };
>
> // Active Directory - _sites
> zone "_sites.nvethis.d2g.com" {
> type master;
> allow-update {
> localnets;
> DC-nvethis.d2g.com;
> };
> check-names ignore;
> file "_sites.nvethis.d2g.com.db";
> };
>
> // Active Directory - _tcp
> zone "_tcp.nvethis.d2g.com" {
> type master;
> allow-update {
> localnets;
> DC-nvethis.d2g.com;
> };
> check-names ignore;
> file "_tcp.nvethis.d2g.com.db";
> };
>
> // Active Directory - _udp
> zone "_udp.nvethis.d2g.com" {
> type master;
> allow-update {
> localnets;
> DC-nvethis.d2g.com;
> };
> check-names ignore;
> file "_udp.nvethis.d2g.com.db";
> };
>
> but when it makes reference to the zones, _tcp.nvethis.d2g.com what
> would the file look like?
>
> My nvethis.d2g.com.zone file looks like this:
>
> $TTL 3600 ; 1 hour
> nvethis.d2g.com. IN SOA ns.nvethis.d2g.com.
> webmaster.nvethis.d2g.com. (
> 2002090401 ; serial
> 3600 ; refresh (1 hour)
> 900 ; retry (15 minutes)
> 1209600 ; expire (2 weeks)
> 3600 ; minimum (1 hour)
> )
> NS ns.nvethis.d2g.com.
> MX 10 mx.nvethis.d2g.com.
> A 192.168.1.101
> ns A 192.168.1.101
> mx CNAME ns
> www CNAME ns
> ftp CNAME ns
> sandbox A 192.168.1.110
> rtr A 192.168.1.1
> client01 A 192.168.1.201
> client02 A 192.168.1.202
> client03 A 192.168.1.203
> client04 A 192.168.1.204
> client05 A 192.168.1.205
> client06 A 192.168.1.206
> client07 A 192.168.1.207
> client08 A 192.168.1.208
> client09 A 192.168.1.209
>
> My 1.168.123.zone file looks like this:
>
> $TTL 3600 ; 1 hour
> 1.168.192.in-addr.arpa. IN SOA ns.nvethis.d2g.com.
> webmaster.nvethis.d2g.com. (
> 2002090401 ; serial
> 3600 ; refresh (1 hour)
> 900 ; retry (15 minutes)
> 1209600 ; expire (2 weeks)
> 3600 ; minimum (1 hour)
> )
> NS ns.nvethis.d2g.com.
> 1 PTR rtr.nvethis.d2g.com.
> 101 PTR ns.nvethis.d2g.com.
> 110 PTR sandbox.nvethis.d2g.com.
> 201 PTR client01.nvethis.d2g.com.
> 202 PTR client02.nvethis.d2g.com.
> 203 PTR client03.nvethis.d2g.com.
> 204 PTR client04.nvethis.d2g.com.
> 205 PTR client05.nvethis.d2g.com.
> 206 PTR client06.nvethis.d2g.com.
> 207 PTR client07.nvethis.d2g.com.
> 208 PTR client08.nvethis.d2g.com.
> 209 PTR client09.nvethis.d2g.com.
>
> Is that what my _tcp.nvethis.d2g.com.zone would look like?
>
> So, there are my files, can someone please point me in the right
> direction. I would really appreciate it. Email me directly at
> bind at nvethis.d2g.com Thanks.
To be "proper", you should delegate each of those subzones from the main
zone, i.e.
_tcp in ns ns.nvethis.d2g.com.
_udp in ns ns.nvethis.d2g.com.
and so forth.
As for the contents of the subzones, all you need initially is an
SOA record and an NS record. The Domain Controller will then
pollute^H^H^H^H^H^H^Hprovide the rest of the zone contents through Dynamic
Update...
-Kevin
More information about the bind-users
mailing list