BIND and AD integration

Barry Finkel b19141 at achilles.ctd.anl.gov
Wed Mar 9 14:57:45 UTC 2005 

John Welch <jrw3319 at nospamcomcast.net> wrote:

>In the near future my company will be migrating from a Windows NT
>domain to a Windows 2003 Active Directory infrastructure.  We are
>currently using BIND version 9.2 running on Linux servers for our
>internal DNS needs.  We are also using ISC's DHCP server, which is
>configured to do Dynamic DNS updates for the clients.  My goal is to
>continue to use BIND and our current DHCP server setup and not have to
>get involved with setting up these services on the MS side of things.
>My knowledge of AD is limited at this point, but I will be getting
>some training soon, and we will also have some outside help with the
>migration process.  However, I have a feeling that both the training
>and the outside help will be slanted toward Microsoft.  I want to be
>prepared to make the necessary adjustments to our BIND configuration,
>so that we don't get forced into using the Microsoft services.
>
>I've been searching around for some information on this topic and have
>found some relevant things.   I came across the "BIND + AD HOWTO" and
>I also found a Linux Magazine article written by Cricket Liu
>describing this setup.  Both describe the setup of four sub-domains
>with the the BIND configuration (_msdcs, _sites, _tcp, and _upd). 
>
>The one thing that has me concerned is the fact that both of these
>documents were written in 2001.  I'm wondering if this type of setup
>still applies, especially under Windows 2003, as opposed to Windows
>2000, which is referenced in both documents.  I'm  looking for any
>additional reference material that may be available for BIND
>integration with AD.  I'd also be interesting in hearing from anyone
>that has this type of setup (any "gotchas", or major configuration
>changes to be aware of?).

Check the archives of this list and its sister list

     bind9-users at isc.org    (combined with bind-users in June, 2004)

as there are many AD-related postings in the past years.  As for W2k+3,
there are two new AD zones that you need to create

     ForestDNSZones.example.com
     DomainDNSZones.example.com

These zones contain SRV records, which are registered by DCs, I assume
dynamically by the netlgon process.

I have no experience with ISC's DHCP with DDNS in an AD enviromnent;
I do have one forward zone and five reverse zones managed dynamically
by a MS W2k DHCP Server.  I would check the archives of

     dhcp-server at isc.org

to see if there are any postings regarding AD.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994

More information about the bind-users mailing list