Integrating Bind and Win2K AD DNS

[Barry Finkel]

flavinw64 at yahoo.com (William Flavin) wrote:

>My company has an existing Windows 2000 domain with several domain
>controllers. In the past year or so we have deployed many Linux
>servers, including 2 registered BIND 9.2.0 DNS servers to host our
>internet domains. One of the internet domains uses the same name as
>our internal Win2K domain. We have been discussing integrating the 2
>systems. I've read a lot about bringing a new Win2K domain into an
>existing internal Bind environment, but I haven't seen much
>documentation about how it would work in an existing Win2K environment
>like we have.
>
>My main concern is that since the Bind DNS servers allow public access
>to resolve the internet address, I don't want our internal DNS
>information exposed. Is is possible to allow public access to the
>public addresses while protecting the internal information? What are
>the benefits of integrating these systems? What are the drawbacks?
>I've seen in some other posts that the systems should be kept seperate
>and forwarders should be used on the Win2K side to resolve the
>internet addresses. I'm just looking for some suggestions on how to
>procede.

First, what information is in your internal W2k domain DNS?  I assume
you have the four "_" zones

     _msdcs.example.com
     _sites.example.com
     _tcp.example.com
     _udp.example.com

But do you have any other information?  I cannot say how (or if) you
can merge your W2k data with your BIND data without knowing this
information.  Also, the archives of this list and its sister list
bind9-users contain many W2k-related postings.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Instrumentation Solutions Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994