ISC Bind in Active Directory
Michael Sinatra
michael at rancid.berkeley.edu
Thu Oct 18 21:00:42 UTC 2012
On 10/18/12 11:03 AM, Aaron Thompson wrote:
> Hi All,
>
> I'm hopping to get some feedback from people who use ISC Bind and DHCPD
> in Active Directory environments.
>
> Currently we use Bind/DHCPD for dynamic DNS and DHCP. It's been a
> pretty stable service, redundant and we are polling statistics with
> Cacti. There is concern by Management of using a somewhat non standard
> approach for Active Directory SRV records being handled by ISC services
> and not AD.
Microsoft may tell management that it's non-standard, but it's not.
What you're describing is very common, especially among EDUs.
Management's attitude appears to be based on two myths:
1. You must use AD integrated DNS for your AD installation.
2. You must use DDNS for your AD installation (at least for the relevant
SRV records).
Neither of these are true, and plenty of places have gotten by for at
least a decade with *static* SRV records in a BIND server.
A few years ago, Gartner did a paper where they discussed "new features"
that Microsoft claims "require" AD-integrated DNS. Gartner's conclusion
was that this is basically not true and that if the current BIND-AD
integration is working for you, then you should stick with it.
[snip]
> Overall it's been a very stable design for the last 5+ years.
It sounds like something that's not broken and shouldn't be fixed.
Again, this is the experience at other EDUs.
> If you have any relevant feed back I would appreciate it. I'm looking
> for information on experience with Active Directory integration with ISC
> or if anyone has had problems/stability issues with AD doing DNS/DHCP or
> AD working with ISC.
>
> Thanks in advance.
>
> Here's a brief survey <http://www.surveymonkey.com/s/2VYNKWR> for
> Schools that have ISC running in an AD environment.
>
> http://www.surveymonkey.com/s/2VYNKWR
Done, on behalf of the "other" Berkeley. :)
michael
More information about the bind-users
mailing list