BIND 8.2 based DNS and AD
Michael E. Hanson
MEHanson at GryphonsGate.com
Tue Nov 12 00:01:12 UTC 2002
While not an overly popular opinion here, I maintain that if you're going to
go with a primarily Win2K Active Directory infrastructure, your
infrastructure DNS should be M$ DNS setup in an AD-Integrated mode. M$-DNS
is made to work with AD and does it very well, better (IMHO) than any
version of BIND.
That said, I would still recommend that you use BIND for your Public
Namespace. BIND still handles that better than M$ DNS. Therefore, either
delegate a sub-domain to the M$-DNS for your infrastructure (LAN), or use
totally separate namespaces.
_______________
Michael E. Hanson
President, Gryphon Consulting Services
(http://www.GryphonsGate.com)
P.O. Box 1151
Bellevue, NE 68005-1151
(402) 871-9622
MEHanson at GryphonsGate.com (primary)
Gryphons_Master at yahoo.com
----- Original Message -----
From: "Richard Davies" <hightower_it at hotmail.com>
Newsgroups: comp.protocols.dns.bind
To: <comp-protocols-dns-bind at isc.org>
Sent: Monday, November 11, 2002 8:58 AM
Subject: BIND 8.2 based DNS and AD
>
> During extensive lab testing, we seem to have found something of an
> issue with both Nortel NetID 4.2.x and Lucent QIP 5.2 in an AD
> environment.
> Out of the box AD (as we'd like very much to leave it) relies on
> individual DCs and GCs being able to dynamically register SRV records.
> Both of these products support the relevent RFC, all good so far.
> However, both products appear to 'clean up' (remove) dynamically
> registered SRV records intermittently. This, if it occurs during an
> attempt by AD to run a replication cycle causes all manner of merry
> hell to break loose. The SRVs are normally de-registered and
> re-registered by individual DCs every 60 minutes by default, which
> often leaves us with between 1 and 59 minutes with potentially no SRV
> records existing for our DNS zones.......not good. Lucent have a
> workaround which effectively hard codes the SRVs by running a CLI
> using 'append mode', and we presume Nortel have a similar 'fix'.
> Wanting to implement the most suitable product for a primarily AD
> based infrastructure, I would like to know whether anyone else has
> encountered this issue and if it is (as it seems) a feature of BIND??
>
>
More information about the bind-users
mailing list