Questions about Win2k Active Directory and BIND

[Barry Margolin]

In article <9r24ns$9sr at pub3.rc.vix.com>,
Balzer, Ned <N.BALZER at CGNET.COM> wrote:
>
>Hi all,
>
>Please pardon the newbie questions.  I'm hoping to get off on the right foot
>here and I'm hoping this will reach the attention of some folks with Win2k
>DNS experience as well as BIND.
>
>We're an ISP and one of our clients is about to implement Win2k active
>directory.  We run DNS on Bind 8.2.x (Solaris) and we're authoritative on
>the client's 2ld (I don't want to name them, so for this example let's call
>them "foundation.org") -- we host www.foundation.org and ftp.foundation.org
>on our servers.  They want to run their own DNS server, and they want to
>call their root int.foundation.org since it's only going to be an internal
>namespace.  
>
>1) Do we need to delegate int.foundation.org to them, or is it sufficient to
>allow them to consider themselves authoritative without actually being
>authoritative? I'm afraid that by delegating we let the world know about
>their internal namespace.

If this subdomain doesn't need to be visible to the rest of the Internet,
you don't need to delegate it to them.

>2) Can they be authoritative on int.foundation.org (i.e. we delegate it to
>them) and still run a separate caching DNS server so that they can resolve
>hostname.foundation.org in case the T-1 between them and us goes down?

If they're caching-only for everything outside int.foundation.org, how
would the caching part look up hostname.foundation.org if the T-1 were
down?  What I think you want to do is be primary for int.foundation.org and
secondary for foundation.org.  It will then be caching for everything else.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.