Zakaria Lodi wrote:
> I recently upgraded our DNS from bind 4 to bind 9 running on Solaris 2.6.
> The migration went well. Now we want to introduce Active directory in
> windows which requires dynamic DNS. I want to keep UNIX servers with static
> entries and windows desktop and servers with dynamic DNS. Any suggestion
> will be greatly appreciated.
>


Some will recommend two zones... one for AD DDNS and one for the static
hosts. However, I prefer to have my ISC dhcp server dole out a particular
set of IPs with DDNS to the Bind server using one TSIG key (ignoring
the client nsupdate requests) and use a different TSIG key to populate
my "static" entries into the same zone. How the DNS records got there
is not interesting with regards to serving up records. The fact that
some were populate dynamically from the DHCP servers while others
where populate via nsupdate's doesn't really matter.

This way I can have one zone with DHCP populated entries (never allowing
the Windows clients themselves to do an update.. just the dhcp server) and
my "static" entries which I just so happened to have populated using
nsupdate.

AD servers in the domain will want to populate their "_"/SRV information
though... some will say you need to delegate those zones to a DNS
under Windows AD... the alternative is to secure using simple IP security to
allow those servers to update your Bind DNS zones (some don't like this
due to security concerns, but there's a lot lower hanging fruit out there!).

Just my thoughts,
Chris