Integrating BIND with Active Directory

[Barry Finkel]

"Cinense, Mark" <macinen at sandia.gov> wrote:

>That is what I am trying to find out.  I am not saying this, the MS
>conslutant is saying this. 

Ask the consultant for documentation as to what he/she is saying.
If it is true, then there should be some MS documentation somewhere.

>                            What I am asking is there anyone out there that
>is running DDNS on BIND with an AD environment, and MS Exchange?  Most
>companies are delegating a zone to be the forest root, and then letting the
>AD server also run DDNS, so that the security is integrated, and there will
>be less cost. 
>
>I personally think that we can run BIND as our service, but if we do run
>BIND for our DDNS service with AD, we would probably want to have more
>backup BIND machines.  Well, with running DDNS on the directory server, it
>would not require anymore hardware.  Whereas running the BIND servers on
>UNIX boxes will.  	

I do not see why running BIND for DDNS will require more backup BIND
machines.  But I do not run DDNS BIND.  My W2k DNS server is a hidden
master, and I have the "_" zones slaved on the public DNS servers that
all of the Argonne clients use.

I have solved most of my MS W2k DNS problems, and I have enough
experience as to its workings that I can compensate for its
deficiencies.  I have not seen any problems with the latest
dns.exe (Q304653 - August 15, 2002); this build (6014) seems to have
fixed the serial number decrease problem.  But I will never know if
the problem has been completely fixed, as the lack of a serial number
decrease after a reboot is not conslusive proof.
----------------------------------------------------------------------
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994