Bind 9.2 and Active Directory... whats the right way ?
Barry Finkel
b19141 at achilles.ctd.anl.gov
Wed Feb 13 15:20:58 UTC 2002
Berger Harald <hotline at harryworld.dyndns.org> wrote:
>im testing Bind 9.2 with W2k-Active Directory... after hours of work
>the bind server runs and the W2k server works also.
>
>a look at the zone file of the domain shows......
>
>$origin.
>test.com in SOA ........
> (......
> ....)
> NS ns1.test.com.
>
> .... that the w2k server has created an A record:
>
>$TTL 600 ; 10 minutes
> A 172.16.10.10
>
>my question:
>
>if i take a real domainname (for internal and maybe also for
>external use) -> is it a good idea to create the
>w2k domain at the top or
>is it better to create a subdomain (ex: win.test.com)
>to put all the server and clients into the subdomain.
It depends. Are you going to allow W2k DDNS? If so, then you should
move the dynamic zones to a MS W2k DNS server, because only that server
can handle GSS-API TSIG/TKEY secure DDNS updates. If you are not
going to allow DDNS, then I would suggest delegating the four "_"
zones
_msdcs
_sites
_tcp
_udp
to a MS W2k DNS server and leaving your static zones on a BIND server.
As for the "A" record
$TTL 600 ; 10 minutes
A 172.16.10.10
it is explained in MS articles Q258213 and Q246804. The netlogon
process will attempt to register/re-register it, but if you add the
record manually into a static zone, you can ignore the DDNS failures
on your BIND server.
----------------------------------------------------------------------
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 222, Room D209 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994
More information about the bind-users
mailing list