Re: Unix DNS - DHCP - Windows

Leonard wrote:
> I have 2 questions;
>
> 1. I have a windows 2003 network with Active Directory and would like
> to use free bsd (Bind 9) as the dns server. My question is how do I set
> that up? Add the IP of the unix box running dns in the dns area of the
> tcpip properties?

I'd recommend getting a copy of the DNS & Bind Cookbook. That will
help you out quite a bit.

IMHO, there are two popular schools of though on managing the
underscore zones that AD needs... 1. Continue to run DNS on the
AD box with just the underscore zones and delegate those out
on your bind box. 2. Add the underscore zones to your bind
box and allow updates by IP (this may be deemed as too risky...
but I can usually find larger holes on someone's network).

>
> also, if im running dhcp on the network, how does bind keep updates of
> the ip changes corresponding with the host names on the network?

The answer is... well... on M$, the clients themselves update their
names usually (which is pretty bad from a security point of view).
If you choose to run ISC DHCP (which I recommend), the DHCP server
is the one that needs authority to update the records. However,
it doesn't keep the clients from sending their messages repeatedly
to the bind server anyhow (though they will be denied update.. it
tends to fill up the logs).

IMHO, the best solution is to disable this "feature" as a part
of the policies of the domain.. so that clients won't keep trying
to update the DNS (bind) server. ISC dhcp will update the entries
instead.

I suppose you could give authority to the M$ dhcp server to
update zones and enable that feature (I think there is an option
to allow the M$ dhcp server to make the name updates... I think?).
I really don't even want to consider giving the clients the rights
to update the zone for their names... ick.... you are MUCH
better off using the ISC DHCP. Especially in a mixed network
where its not all Window dhcp clients.