Integrating BIND 9 & ISC DHCP with MS AD
Martin McCormick
martin at dc.cis.okstate.edu
Fri Feb 6 18:04:26 UTC 2004
After much discussion and some compromise, we are going to let
a Microsoft DNS in to a subdomain of our domain and slave a zone off
of it on our bind master dns. Is there any kind of safe method besides
allowing the MSDNS update access to the IN.ADDR.ARPA map to make sure
that the reverse map is synchronized with any A records the MSDMS adds
or deletes? The MSDNS will only be able to modify A records in its
zone, but the IN-ADDR.ARPA zone is our entire number space. To be
fare, I wouldn't want a bind dns I couldn't turn off writing to our
reverse map.
This is all about damage control in case a box gets hacked.
I think the MSDMS will work normally most of the time except for the
serial number problem which we can look out for.
Thank you.
Martin McCormick WB5AGZ Stillwater, OK
OSU Information Technology Division Network Operations Group
More information about the bind-users
mailing list