Re: BIND and AD integration

John Welch <jrw3319@nospamcomcast.net> wrote:

>In the near future my company will be migrating from a Windows NT
>domain to a Windows 2003 Active Directory infrastructure. We are
>currently using BIND version 9.2 running on Linux servers for our
>internal DNS needs. We are also using ISC's DHCP server, which is
>configured to do Dynamic DNS updates for the clients. My goal is to
>continue to use BIND and our current DHCP server setup and not have to
>get involved with setting up these services on the MS side of things.
>My knowledge of AD is limited at this point, but I will be getting
>some training soon, and we will also have some outside help with the
>migration process. However, I have a feeling that both the training
>and the outside help will be slanted toward Microsoft. I want to be
>prepared to make the necessary adjustments to our BIND configuration,
>so that we don't get forced into using the Microsoft services.
>
>I've been searching around for some information on this topic and have
>found some relevant things. I came across the "BIND + AD HOWTO" and
>I also found a Linux Magazine article written by Cricket Liu
>describing this setup. Both describe the setup of four sub-domains
>with the the BIND configuration (_msdcs, _sites, _tcp, and _upd).
>
>The one thing that has me concerned is the fact that both of these
>documents were written in 2001. I'm wondering if this type of setup
>still applies, especially under Windows 2003, as opposed to Windows
>2000, which is referenced in both documents. I'm looking for any
>additional reference material that may be available for BIND
>integration with AD. I'd also be interesting in hearing from anyone
>that has this type of setup (any "gotchas", or major configuration
>changes to be aware of?).

Check the archives of this list and its sister list

bind9-users@isc.org (combined with bind-users in June, 2004)

as there are many AD-related postings in the past years. As for W2k+3,
there are two new AD zones that you need to create

ForestDNSZones.example.com
DomainDNSZones.example.com

These zones contain SRV records, which are registered by DCs, I assume
dynamically by the netlgon process.

I have no experience with ISC's DHCP with DDNS in an AD enviromnent;
I do have one forward zone and five reverse zones managed dynamically
by a MS W2k DHCP Server. I would check the archives of

dhcp-server@isc.org

to see if there are any postings regarding AD.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 222, Room D209 Internet: BSFinkel@anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994