Recommendations on integrating BIND and AD

Barry Finkel b19141 at achilles.ctd.anl.gov
Mon Feb 2 15:24:24 UTC 2004 

Bell, William IT wrote:

>In addition, he says that ISC doesn't properly expire leases in AD.

"Mark Damrose" <mdamrose at elgin.cc.il.us> replied, in part:

>Actually, this is backwards.  MS server improperly removes DDNS.
>MS OSs don't properly remove entries they have made once they are
>no longer needed (AD DHCP doesn't add clients, they self-register).
That is not my experience with MS W2k DHCP.  I have not seen a case
where a DDNS entry was deleted improperly, but I admit that I am not
a DHCP expert, and I do not have intimate knowledge of the subnets
managed by the DHCP server.  I have not heard a complaint from users
or the subnet administrator about problems since we made a change to
the DHCP configuration over a year ago.  We have DHCP configured to
register BOTH forward and reverse entries; the W2k workstations have
self-registration disabled via group policy.

>MS DNS servers assume that clients don't clean up after themselves,
>and drop all DNS entries made dynamically.  

I am not sure I agree with this statement.  In my case, Windows
workstations are built from a common image, and that image has name

     cmtxpp

I see that the W2k DHCP server registers machines with this unqualified
name when the machine is first built; then the machine is registered
with its proper fully qualified name after its TCP/IP configuration
is complete.  These unqualified nodenames remain in W2k DNS for about
a week, and then they are deleted.  I have not checked to see 

     1) for exactly how long these entries remain in DNS, nor
     2) who deleted the entries (DNS or DHCP)

Note that I have NOT enabled DNS scavenging on the W2k DNS, as I do
not trust what it will do with some entries that were statically 
(manually) entered in DNS.

>MS OSs assume the DNS
>server is going to silently discard their DNS entries, so periodically
>re-add them.

I agree with this statement.  The OSs do not check to see if the
desired entry is already registered in DNS, so if the DDNS is refused
by a BIND server, there is an unneeded entry in the Windows event log.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Instrumentation Solutions Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994

More information about the bind-users mailing list