Re: active directory, bind9, windows dns - TOGETHER - DNS

This is a discussion on Re: active directory, bind9, windows dns - TOGETHER - DNS ; This is not an easy task. I'm just going to give an overview here of one way to solve the problem - there may be other approaches that meet your criteria. What is the name of your AD domain? If ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Re: active directory, bind9, windows dns - TOGETHER

  1. Re: active directory, bind9, windows dns - TOGETHER

    This is not an easy task. I'm just going to give an overview here of
    one way to solve the problem - there may be other approaches that
    meet your criteria.

    What is the name of your AD domain? If it's network.prv, you'll need
    to do some fancy footwork to delegate just the parts necessary for AD
    to the DC. It's doable - instead of one delegation or stub zone, you
    would need 6. The subzones are _udp, _tcp, _sites, _msdcs,
    DomainDnsZones, and ForestDnsZones. You should also create an A
    record named network.prv pointing to your DC.

    If your AD domain is something else, you won't need to do all that.
    Just make sure the BIND server can find that zone using either a
    delegation or a stub zone.

    Create the necessary delegation(s) or stub zone(s) in the BIND server
    pointing to the DC. Make sure that the BIND server is not forwarding
    when asked anything ending in the name of your AD domain - you want
    it to be able to perform recursion internally and find data from the DC.

    Configure any DHCP server to perform both forward and reverse dynamic
    DNS updates to register leases in DNS. This way, client machines
    won't be doing that. Make sure the DHCP server is configured to send
    DNS queries to MS DNS, so that it also sends updates there.

    Configure MS DNS to forward all unknown queries to the BIND server.

    No changes are required on the client machines.

    Chris Buxton
    Men & Mice
    Take control of your network

    On Sep 21, 2006, at 9:13 AM, jaro80@gmail.com wrote:

    > Hi All
    >
    > I have local network. Clients use WindowsXP, Linux Debian is my
    > router,
    > www, ftp server etc and additionally DNS cache server (192.168.0.1).
    > I'd like setup Active Directory in my network. I installed Windows
    > 2003
    > Server as PDC with DNS (192.168.0.2). So, now have two DNS server.
    >
    > Bind works well, it resolves names like :
    >
    > john.network.prv - 192.168.0.10
    > mark.network.prv - 192.168.0.11
    > mat.network.prv - 192.168.0.12
    > ...
    >
    > network.prv is my LOCAL domain, i don't have public domain.
    >
    > I'd like still use this server (bind) both with DNS server from
    > windows
    > 2003.
    >
    > How i should configure bind and Windows DNS? I don't want change
    > client
    > configuration (they use 192.168.0.1 (bind) as DNS)
    >
    >
    > --------------
    > my setup:
    >
    > ++++++++++++++++++++++++++++++++
    > file db.network.prv
    >
    > $ORIGIN network.prv.
    > $TTL 1D
    > @ IN SOA deb hostmaster
    > 20060919
    > 8H;
    > 4H;
    > 4W;
    > 1D;
    > )
    >
    > NS deb
    >
    > deb A 192.168.0.1
    > 2k3 A 192.168.0.1
    > john A 192.168.0.10
    > mark A 192.168.0.11
    > ..
    > ++++++++++++++++++++++++++++++++
    > file db.192.168.0:
    >
    > $ORIGIN 0.168.192.in-addr.arpa.
    > $TTL 1D
    >
    > @ IN SOA deb.network.prv. hostmaster.network.prv. (
    > 200609192
    > 28800
    > 14400
    > 2419200
    > 86400
    > )
    >
    > @ NS deb.network.prv.
    >
    > 1 PTR deb.network.prv.
    > 2 PTR 2k3.network.prv.
    > 10 PTR john.network.prv.
    > 11 PTR mark.network.prv.
    > ..
    > ++++++++++++++++++++++++++++++++
    >
    > --
    > Best Regards
    >
    >
    >




  2. Re: active directory, bind9, windows dns - TOGETHER

    Hi

    > What is the name of your AD domain?


    Yes name of my domain is network.prv :-)

    I created six zones: _msdcs.network.prv, _udp.network.prv,
    _tcp.network.prv, _tcp.network.prv, _sites.network.prv,
    _DomainDNSZones.network.prv, _ForestDNSZones.network.prv and right
    files db.msdcs.network.prv, db.udp.network.prv etc.

    But this config still doesn't working??? For example i can't join
    clients to domain network.prv. Something must be wrong in my confing
    because when i changed (only for test) at ones machine DNS to MS DNS
    (192.168.0.1) I can join to domain.

    I always have DHCP server at Linux server. Linux (192.168.0.1) and
    Windows 2003 (192.168.0.2) have static IP, other computers clients get
    IP from DHCP. What I need add to my DHCP config?


    +++++++++++++++++++++++++++++++++++++++++++

    my zones:

    zone "network.prv" IN {
    type master;
    file "/etc/bind/db.network.prv";
    };

    zone "0.168.192.in-addr.arpa" {
    type master;
    file "/etc/bind/db.192.168.0";
    };

    acl ad_dns {
    //DNS at Windows 2003
    192.168.0.2;
    };

    zone "_msdcs.network.prv" IN{
    type master;
    file "/etc/bind/db.msdcs.network.prv";
    allow-update {ad_dns;};
    //check-names ignore;
    //allow-transfer {ad_dns;};
    };


    zone "_udp.network.prv" IN{
    type master;
    file "/etc/bind/db.udp.network.prv";
    allow-update {ad_dns;};
    //check-names ignore;
    //allow-transfer {ad_dns;};
    };

    ..
    ..

    +++++++++++++++++++++++++++++++++++++++++++

    file db.msdcs.network.prv:

    $ORIGIN _msdcs.network.prv.

    $TTL 1D

    @ IN SOA 2k3.network.prv hostmaster (
    200609211;
    8H;
    4H;
    4W;
    1D;
    )
    NS 2k3.network.prv

    ----------------

    file db.udp.network.prv
    $ORIGIN _udp.network.prv.

    $TTL 1D

    @ IN SOA 2k3.network.prv hostmaster (
    200609211;
    8H;
    4H;
    4W;
    1D;
    )
    NS 2k3.network.prv

    ..
    ..

    +++++++++++++++++++++++++++++++++++++++++++

    my DHCP config:

    ..
    ..
    option domain-name "network.prv";
    option domain-name-servers 192.168.0.1;

    option subnet-mask 255.255.255.0;
    default-lease-time 259200;
    max-lease-time 518400;
    ..
    ..

    subnet 192.168.0.1 netmask 255.255.255.0{
    range 192.168.0.10 192.168.0.200;
    option broadcast-address 192.168.0.255;
    option routers 192.168.0.1;
    }
    ..
    ..

    --
    Best Regards



  3. Re: active directory, bind9, windows dns - TOGETHER

    Well, this isn't a DHCP group and it isn't an Active Directory group.
    The configuration mentioned below works at a lot of sites. So, if it's
    not working for you, about the most you could do from a DNS/BIND
    perspective is to make some lookups to verify that things are resolving
    the way they should. Beyond that, you'd have to followup with DHCP
    and/or AD mailing-lists/groups to determine what further configuration
    or config changes are necessary to get this working for you.


    - Kevin

    jaro80@gmail.com wrote:
    > Hi
    >
    >
    >> What is the name of your AD domain?
    >>

    >
    > Yes name of my domain is network.prv :-)
    >
    > I created six zones: _msdcs.network.prv, _udp.network.prv,
    > _tcp.network.prv, _tcp.network.prv, _sites.network.prv,
    > _DomainDNSZones.network.prv, _ForestDNSZones.network.prv and right
    > files db.msdcs.network.prv, db.udp.network.prv etc.
    >
    > But this config still doesn't working??? For example i can't join
    > clients to domain network.prv. Something must be wrong in my confing
    > because when i changed (only for test) at ones machine DNS to MS DNS
    > (192.168.0.1) I can join to domain.
    >
    > I always have DHCP server at Linux server. Linux (192.168.0.1) and
    > Windows 2003 (192.168.0.2) have static IP, other computers clients get
    > IP from DHCP. What I need add to my DHCP config?
    >
    >
    > +++++++++++++++++++++++++++++++++++++++++++
    >
    > my zones:
    >
    > zone "network.prv" IN {
    > type master;
    > file "/etc/bind/db.network.prv";
    > };
    >
    > zone "0.168.192.in-addr.arpa" {
    > type master;
    > file "/etc/bind/db.192.168.0";
    > };
    >
    > acl ad_dns {
    > //DNS at Windows 2003
    > 192.168.0.2;
    > };
    >
    > zone "_msdcs.network.prv" IN{
    > type master;
    > file "/etc/bind/db.msdcs.network.prv";
    > allow-update {ad_dns;};
    > //check-names ignore;
    > //allow-transfer {ad_dns;};
    > };
    >
    >
    > zone "_udp.network.prv" IN{
    > type master;
    > file "/etc/bind/db.udp.network.prv";
    > allow-update {ad_dns;};
    > //check-names ignore;
    > //allow-transfer {ad_dns;};
    > };
    >
    > .
    > .
    >
    > +++++++++++++++++++++++++++++++++++++++++++
    >
    > file db.msdcs.network.prv:
    >
    > $ORIGIN _msdcs.network.prv.
    >
    > $TTL 1D
    >
    > @ IN SOA 2k3.network.prv hostmaster (
    > 200609211;
    > 8H;
    > 4H;
    > 4W;
    > 1D;
    > )
    > NS 2k3.network.prv
    >
    > ----------------
    >
    > file db.udp.network.prv
    > $ORIGIN _udp.network.prv.
    >
    > $TTL 1D
    >
    > @ IN SOA 2k3.network.prv hostmaster (
    > 200609211;
    > 8H;
    > 4H;
    > 4W;
    > 1D;
    > )
    > NS 2k3.network.prv
    >
    > .
    > .
    >
    > +++++++++++++++++++++++++++++++++++++++++++
    >
    > my DHCP config:
    >
    > .
    > .
    > option domain-name "network.prv";
    > option domain-name-servers 192.168.0.1;
    >
    > option subnet-mask 255.255.255.0;
    > default-lease-time 259200;
    > max-lease-time 518400;
    > .
    > .
    >
    > subnet 192.168.0.1 netmask 255.255.255.0{
    > range 192.168.0.10 192.168.0.200;
    > option broadcast-address 192.168.0.255;
    > option routers 192.168.0.1;
    > }
    > .
    > .
    >
    > --
    > Best Regards
    >
    >
    >
    >
    >
    >




+ Reply to Thread