BIND integration with windows DNS
Phil Mayers
p.mayers at imperial.ac.uk
Tue Jul 27 07:47:41 UTC 2010
On 07/27/2010 08:31 AM, Arnoud Tijssen wrote:
> From previous mail;
>
>
>>
>> Since I don`t want all dynamic updates from windows clients
>> polluting my main zone file, but still want one primary DNS serving
>> the main domain instead of two, BIND and windows, what it is the
>> best option if there is one.
>
> Sorry - I don't follow. You say you don't want windows clients
> updating the zone, and they're not. So what's the problem (i.e what
> have I misunderstood)?
>
>
> The problem is that I want a clean zonefile, since it gets
> synchronized to our slave server, which get used by the outside
> world. But I do want the clients to register themselves in DNS. We
> use DHCP for most of the desktop systems internally and for
> troubleshooteing it is very convenient to be able to deduct which
> client system belongs to which ip address. Therefor I tried to
> delegate all off the windows specific subdomains to windows DNS and
> put a forward on BIND for these subdomains, but unfortunately that
> doesn`t work.
>
> So basically I would like to have all to reside on our BIND master
> and slave servers and be able to let windows clients update the dns
> dynamically, preferably secure, without polluting the zonefile with
> all of the extra data produced by the clients.
Ok, I see. In that case you have several options:
1. Move the clients into a sub-domain as suggested by the other poster
and allow them to make dynamic updates. I am pretty sure this requires
reconfiguring the clients
2. On your DHCP server, use DHCP option 81 to tell the clients you are
overriding their choice, and that the DHCP server will update the names.
Then, ignore the client-supplied names and use names in a sub-domain.
This will require you have MAC address -> name mappings, and a DHCP
server that can do this (which basically means ISC DHCPd)
3. Alternatively you could run split DNS - have two separate copies of
the zone, one which the external world sees and one which the internal
one sees, only allowing DNS updates to the latter. You'll then have to
have some way to sync the "common" names, and it could get complex.
>
> Is there a tutorial of some where hwo to implement what you are
> suggesting?
Much of the needed info is either out-of-date, fragmented or plain wrong
I'm afraid. I've spent quite a bit of time looking into this at one
point, and kept coming back to the same old HOWTOs and half-baked
microsoft KB articles :o(
This is somewhat useful:
http://support.microsoft.com/kb/816592
More information about the bind-users
mailing list