Subdomain on parent server?

Barry Finkel b19141 at achilles.ctd.anl.gov
Wed Jul 23 12:49:47 UTC 2003 

"Jim" <jimbart at magma.ca> wrote:

>I am migrating from Win2K dns to BIND 9.2.2. I need to offer DDNS to our
>largely Windoze network, but I also want to protect the static entries for
>our Unix development group. They sometimes get overwritten by the Win2K
>clients when a duplicate name is chosen.
>
>My first thought is to create a subdomain (ie dev.domain.com), place it in a
>separate zone file and not allow dynamic updates (no allow-update
>statement). Can I place this subdomain (in a different zone) on the parent
>server (and run a slave for both zones)? Is this recommended? Or should I
>make the slave server to the 'domain.com' zone, the master for the
>'dev.domain.com' zone?

The only way to protect the static entries is to put the W2k clients
or the Unix clients in a subdomain.  If you have more W2k than Unix
clients, then your suggestion of a Unix subdomain

     dev.example.com    (using the proper example domain)

is what I would do.  The problem with W2k/DDNS/BIND is that you can not
have secure DDNS from the W2k boxes to the BIND server.  The MS security
that is built into W2k and MS DHCP is implemented only with MS W2k DNS.
I have lots of subdomains of my domain anl.gov, and only one subdomain
administrator wanted DDNS, so I delegated his forward and six reverse
zones to my one W2k DNS Server.  We had to adjust the MS W2k DHCP
Server parameters to get the updates to the zone fairly clean.
(I am not a DHCP expert, so I do not have details.)  I do not allow
DDNS on my BIND servers, and a few times each year I look through the
"update denied" messages on my BIND master and see which non-DC
W2k workstations are attempting to self-register.  I then contact the
administrators of those boxes.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Instrumentation Solutions Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994

More information about the bind-users mailing list