Supporting domaindnszones forestdnszones in Active Directory

Kevin Darcy kcd at daimlerchrysler.com
Thu Jul 8 03:41:11 UTC 2004 

My guess would be that AD is ignoring the underscore for the "root" 
domain that it uses. This could either be a simple GUI bug (the 
underscore is dropped), or it could be something deeper, like an 
inconsistent attempt to obey Internet hostname requirements (which 
technically forbid underscores). Why do you *want* underscores in those 
domain names? What does it buy you?

                                                                         
                                       - Kevin

Martin McCormick wrote:

>	One of the models for supporting Microsoft Active Directory
>with bind is to create 6 zones of the form _msdcs.ad.my.domain,
>_sites.ad.my.domain, etc.  I am looking at the zone file from a
>running MS DNS and most of it fits right in to the way DNS and Bind
>4TH Edition describes it as well as some helpful souls on this list
>who had related their experiences.  One thing confuses me, however,
>and I must figure it out if we are to begin providing service for our
>AD environment.
>
>	I defined two more zones called
>
>_domaindnszones.ad.my.domain and _forestdnszones.ad.my.domain but when 
>I look at the actual zone transfer output, I see something like:
>
>DomainDnsZones.ad.my.domain. 600 IN	A	169.254.241.253
>
>_ldap._tcp.OZX._sites.DomainDnsZones.ad.my.domain. 600 IN SRV	
>0 100 389 OZXdc02.ad.my.domain.
>
>	It looks like there is a bunch of records in the domain
>domaindnszones.ad.my.domain.  I do not see the word forest anywhere in
>any form in the zone so I assume this server isn't using that domain.
>
>	The question is whether or not there needs to be an underscore _
>in that name like the 4 Windows 2000 zones or not?
>I certainly thought there was supposed to be one, but all the records
>for that domain have none.  The domain simply reads
>domaindnszones.ad.my.domain.
>
>	Is there a problem with the MS DNS or should I set up
>domaindnszones and forestdnszones sans _?
>
>	I am writing a shell script to filter out all those zones from
>the ad.my.domain zone and, of course, the bind dns must be looking for
>the right record names for it to work with those 2 Windows2003 zones.
>
>Thank you
>
>Martin McCormick 405 744-7572   Stillwater, OK
>Information Technology Division
>Network Operations Group
>
>
>
>  
>

More information about the bind-users mailing list