BIND and AD integration

[Tom Schmitt]

Hi,

> I came across the "BIND + AD HOWTO" and

Where do you found this? Do you have a link?

> Both describe the setup of four sub-domains
> with the the BIND configuration (_msdcs, _sites, _tcp, and _upd). 

Yep. This is the way we did it too. And it works fine with Windows2003.


> I'd also be interesting in hearing from anyone
> that has this type of setup (any "gotchas", or major configuration
> changes to be aware of?).

The changings between the AD of W2K and W2003 are internal and do not
concern the DNS/DHCP. (But none the less: The changes are very important,
especially if you are a bigger company, because the the AD of W2K did not
scale).

There are two points in the interwork with AD:
Windows uses another RFC for signing the dynamic DNS-Updates than Bind does.
They do not understand each other. So: For allowing the DC's writing their
Updates in the four Service-Zones (_msdcs etc.) you have to permit on
IP-base instead of using a secure key.

Second: For using the ISC DHCP you should disable in the Registrie of all
your Windows-PCs the default behaviour to register themself. It does not
really harm, if you don't disable ist, but you have a lot of unnessisary
traffic and big error-logfiles.

Tom.

-- 
DSL Komplett von GMX +++ Supergünstig und stressfrei einsteigen!
AKTION "Kein Einrichtungspreis" nutzen: http://www.gmx.net/de/go/dsl

-- 
DSL Komplett von GMX +++ Supergünstig und stressfrei einsteigen!
AKTION "Kein Einrichtungspreis" nutzen: http://www.gmx.net/de/go/dsl