|  win
2k3 ads and bind 9.2.1 integration
Hi,
Thanks for your response. Were using dhcp3 on redhat. We have the
= clients get their fqdn from our dns server through the dhcp server.
For =
example: xpcomputer1.aviationbuilding.company.com. I'm not too knowledgeab=
le about bind at all, thats why I'm here. =20
At this moment I have changed my named.conf to the
current:
zone "ads.company.com" {
type slave;
file "db.ads.company.com";
masters { ip of w2k3 dns server; };
};
Are you recomending that I add these zones also?
_msdcs.ads.company.com
_tcp.ads.company.com
_udp.ads.company.com
_sites.ads.company.com
DomainDNSZones.ads.company.com
ForestDNSZones.ads.company.com
So it would look like
zone "_msdcs.ads.company.com" {
type slave;
file "_msdcs.ads.company.com";
masters { ip of w2k3 dns server };
};
zone "_tcp.ads.company.com" {
type slave;
file "_tcp.ads.company.com";
masters { ip of w2k3 dns server };
};
zone "_udp.ads.company.com" {
type slave;
file "_udp.ads.company.com";
masters { ip of w2k3 dns server };
};
zone "_sites.ads.company.com" {
type slave;
file "_sites.ads.company.com";
masters { ip of w2k3 dns server };
};
zone "DomanDNSZones.ads.company.com" {
type slave;
file "domaindsnzones.ads.company.com";
masters { ip of w2k3 dns server };
};
zone "ForestDNSZones.ads.company.com"
{
type slave;
file "forestdnszones.ads.company.com";
masters { ip of w2k3 dns server };
};
As for the "A" records to the bind master, I have them
in my root zone =
file:
ads1 A xxx.xxx.xxx.xxx
ads2 A xxx.xxx.xxx.xxx
Would this be good enough?
Also, usually you have a reverse zone file definition
for your slave zones = right? Well I don't think I can do that with
these zones because these = servers are in the same subnets as all
of our other servers.
Sorry for so many questions. I'm a bind newb.
thanks for your help,
jamie
Barry Finkel <b19141@achilles.ctd.anl.gov 8/3/2005 9:19:31 AM
"Jamie Crawford" <crawford@cmsu1.cmsu.edu wrote:
Hello,
I've got a domain structure of "company.com". I've seperated
active directory by creating its own subdomain of "ads.company.com".
We are using bind 9.2.1 for our root domain of "company.com"
and I want to use the Windows2k3 servers to handle all the active
directory dns requests in "ads.company.com". I want to
do this without changing our client configurations through dhcp.
Through documentation I've read on the web and books (Oreilly Active
Directory Cookbook for 2k3 and 2k pg 551-552) all I should have
to do is enter this in my /etc/named.conf and the 2k3 = dc should
dynamically update my zone files with all relevant information.
###/etc/named.conf####
zone "ads.company.com" IN {
type master;
file "db.ads.company.com";
allow update { ip of dc's; };
};
###db.ads.company.com###
$TTL 3600
@ IN SOA ads1.ads.company.com. hostmaster.ads.company.com. ( 1025
900
600 86400 3600 )
ads.company.com. IN NS ads1
ads.company.com. IN NS ads2
ads1 IN A 15x.xxx.xxx.xxx
ads2 IN A 15x.xxx.xxx.xxx
After restarting bind and restarting the domain controllers, I expected
=
to
have the domain controllers to dynamically update the zone file
with
all the relevant information that would be in the netlogon.dns file.
To
my surprise, no updates occured. Instead I got the domain controllers
=
trying
to update my reverse zone of "xx.xxx.in-addr.;arpa/IN' denied"
and
erroring out with the usual "cant update dns message"
I then went into
the reverse zone config in named.conf and allowed both domain
controllers to "allow-updates". I restarted named and
the dc's and=3D20
that made the dc's happy, but it didn't update my ads.company.com
zone
file with any information.
If anyone has any ideas or experience where to go
next, it would be
greatly appreciated.
Thanks,
jamie
First, the list archives of this list and of its
late sister list
bind9-users@isc.org=20
are searchable. There have been many W2k/W2k+3 -related
postings in the past years. What I would suggest is what I have
for my setup:
1) Have a MS W2k+3 DNS Server handle the six AD-related
zones. The MS
Server can do secure DDNS, which the BIND servers can not yet do.
2) Have those zones slaved on your BIND servers,
so any client that
queries the BIND server will be able to retrieve info from the AD
zones without BIND having to refer the query to another DNS server.
3) Add the domain "A" records to your
BIND master, as these records
are not in the six AD-related zones.
What DHCP server are you using? I have little experience
with DHCP.
I do have one forward zone and five reverse zones on my MS W2k+3
DNS Server, all updated by a MS DHCP Server. There are problems,
but the clients are not complaining.
----------------------------------------------------------------------
|
Latest
articles