BIND integration with windows DNS

Phil Mayers p.mayers at imperial.ac.uk
Tue Jul 27 07:47:41 UTC 2010 

On 07/27/2010 08:31 AM, Arnoud Tijssen wrote:
> From previous mail;
>
>
>>
>> Since I don`t want all dynamic updates from windows clients
>> polluting my main zone file, but still want one primary DNS serving
>> the main domain instead of two, BIND and windows, what it is the
>> best option if there is one.
>
> Sorry - I don't follow. You say you don't want windows clients
> updating the zone, and they're not. So what's the problem (i.e what
> have I misunderstood)?
>
>
> The problem is that I want a clean zonefile, since it gets
> synchronized to our slave server, which get used by the outside
> world. But I do want the clients to register themselves in DNS. We
> use DHCP for most of the desktop systems internally and for
> troubleshooteing it is very convenient to be able to deduct which
> client system belongs to which ip address. Therefor I tried to
> delegate all off the windows specific subdomains to windows DNS and
> put a forward on BIND for these subdomains, but unfortunately that
> doesn`t work.
>
> So basically I would like to have all to reside on our BIND master
> and slave servers and be able to let windows clients update the dns
> dynamically, preferably secure, without polluting the zonefile with
> all of the extra data produced by the clients.

Ok, I see. In that case you have several options:

  1. Move the clients into a sub-domain as suggested by the other poster 
and allow them to make dynamic updates. I am pretty sure this requires 
reconfiguring the clients

  2. On your DHCP server, use DHCP option 81 to tell the clients you are 
overriding their choice, and that the DHCP server will update the names. 
Then, ignore the client-supplied names and use names in a sub-domain. 
This will require you have MAC address -> name mappings, and a DHCP 
server that can do this (which basically means ISC DHCPd)

  3. Alternatively you could run split DNS - have two separate copies of 
the zone, one which the external world sees and one which the internal 
one sees, only allowing DNS updates to the latter. You'll then have to 
have some way to sync the "common" names, and it could get complex.



>
> Is there a tutorial of some where hwo to implement what you  are
> suggesting?

Much of the needed info is either out-of-date, fragmented or plain wrong 
I'm afraid. I've spent quite a bit of time looking into this at one 
point, and kept coming back to the same old HOWTOs and half-baked 
microsoft KB articles :o(

This is somewhat useful:

http://support.microsoft.com/kb/816592

More information about the bind-users mailing list