Active Directory and DNS

[Chang, Shu-Min]

It's an idea to separate the forward zone, but does anyone know how to
tackle the reverse?  There's no way to subdelegate the RR in a reverse zone.
The RFC2317 http://www.ietf.org/rfc/rfc2317.txt?number=2317 teaches a method
that does not work for the DDNS.  The DDNS RFC, states that CNAME is not to
be followed for record updates.

Has anyone given any thoughts to this?

Shumin
My opinion does not reflect that of my company's.

-----Original Message-----
From: devin at thecabal.org [mailto:devin at thecabal.org]
Sent: Thursday, August 24, 2000 8:34 PM
To: comp-protocols-dns-bind at moderators.isc.org
Subject: Re: Active Directory and DNS


Forgot to add this.

On 24 Aug 2000 03:33:34 -0700, Jim Reid <jim at rfc1035.com> wrote:
 
> It might be an idea to delegate _msdcs.ourzone.org to the W2K boxes.
> This would allow all those W2K systems to do all their Dynamic DNS
> stuff for Active Directory well away from your important DNS data.
> Personally, I wouldn't want Bill's software (if I ever ran any of it)
> scribbling all over my DNS zone with whatever they felt like.

This won't work.  W2K wants to be able to create A records in the parent
domain, of that domain name, where the _mcds and such subdomains reside.

You can turn of the Dynamic DNS and put all the appropriate A and SRV
RRs in by hand, but that's a pain.

This is why it's best to either use W2K as the master for a given zone,
or not use the real domain name (instead using a TLD of .local or something
like that) for the name of the root W2K AD domain.

-- 
Devin L. Ganger <dlganger at earthlink.net>
"The only difference between those with tattoos and those without tattoos
is that those with tattoos are much, much cooler and can kick your ass."
* If replying, please either send an email OR post it here, not both. *