Active Directory and DNS

Barry Finkel b19141 at achilles.ctd.anl.gov
Fri Aug 25 15:38:17 UTC 2000 

On 24 Aug 2000 03:33:34 -0700, Jim Reid <jim at rfc1035.com> wrote:
 
>> It might be an idea to delegate _msdcs.ourzone.org to the W2K boxes.
>> This would allow all those W2K systems to do all their Dynamic DNS
>> stuff for Active Directory well away from your important DNS data.
>> Personally, I wouldn't want Bill's software (if I ever ran any of it)
>> scribbling all over my DNS zone with whatever they felt like.

devin at thecabal.org (Devin L. Ganger) replied:

>This won't work.  W2K wants to be able to create A records in the parent
>domain, of that domain name, where the _mcds and such subdomains reside.
>
>You can turn of the Dynamic DNS and put all the appropriate A and SRV
>RRs in by hand, but that's a pain.

I believe that Jim's suggestion will work.  Delegate these subdomains
to their own zones:

     _msdcs.ourzone.org
     _sites.ourzone.org
     _tcp.ourzones.org
     _udp.ourzones.org

You can have these zones either on a W2k master or a BIND master (if
you allow DDNS on these four zones).  These four zones will contain all
of the SRV records that the MS Domain Controllers need to register.
The only "A" record that the DCs register is this:

     ourzones.org  IN  A  aaa.bbb.ccc.ddd

There is one "A" record per DC, and this one record can easily be added
to the parent zone manually (assuming that the record does not conflict
with any existing CNAME entries).  If you do not allow DDNS on this
zone, you will see "unapproved update" messages when the DC repeatedly
tries to re-register this "A" record.  But as long as the IP address of
the DC does not change, this "A" record should not change.
----------------------------------------------------------------------
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-9689
Building 221, Room B236              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4844             IBMMAIL:  I1004994

More information about the bind-users mailing list