Announcement

Collapse
No announcement yet.

AD with Bind Secondary DNS

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD with Bind Secondary DNS

    Good morning everyone,

    I have an AD that uses BIND servers for DNS.
    These BIND machines host a bunch of other zones as well.

    The plan is to start hosting AD's zones inside of ADI-DNS.

    Now, on all the servers in the domain, the LAN configuration will specify the windows DNS servers, so they will register properly.

    But all workstations will remain set to connect to the BIND. My question is: if they connect to the bind, how can we make secure updates work ?

    Would it be possible to use bind as a Secondary, with the master being the ADI-DNS and still update the workstations dynamically?

    Thank you
    VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

  • #2
    Re: AD with Bind Secondary DNS

    Gepeto,


    You could stand up a windows DNS box and then from the BIND server delegate which zone you are going to use for you domain to the windows DNS server. Then configure forwarding on the windows server to point to the BIND server for anything that it is not authoritative for (or make the BIND server a secondary)

    This may be your only option if you are going to use AD Integrated Zones.

    Ryan

    Comment


    • #3
      Re: AD with Bind Secondary DNS

      That is the plan, and I am afraid it does mean that workstations pointing to the BIND DNS will not be able to securely dynamically update their records.

      This might be the only/best solution though.
      VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

      Comment


      • #4
        Re: AD with Bind Secondary DNS

        Gepeto,

        I did want to point out that BIND does support dynamic updates as well as SRV records, but I think you are limited if you are going to use AD Integrated zones. Maybe some else will chime in and drop their two cents.

        Ryan

        Comment


        • #5
          Re: AD with Bind Secondary DNS

          Originally posted by ryansmitty View Post
          Gepeto,

          I did want to point out that BIND does support dynamic updates as well as SRV records, but I think you are limited if you are going to use AD Integrated zones. Maybe some else will chime in and drop their two cents.

          Ryan
          I do know that BIND 8+ supports dynamic updates, but as far as I know, there is no way to make them secure as with Windows DNS (well maybe some third party add-ons can do it but that is besides the point).
          VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

          Comment


          • #6
            Re: AD with Bind Secondary DNS

            Originally posted by gepeto View Post
            I do know that BIND 8+ supports dynamic updates, but as far as I know, there is no way to make them secure as with Windows DNS (well maybe some third party add-ons can do it but that is besides the point).
            You don't HAVE to select the secure option ...

            Comment


            • #7
              Re: AD with Bind Secondary DNS

              Yes, it has to be secure. You really really do not want to open the door to DNS poisoning and other attacks that make using DNS for man in the middle attacks so easy.

              I'm investigating BlueCat DNS which apparently integrates with AD, I will test it on a lab and see if secure updates get registered properly from workstations.
              VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

              Comment

              Working...
              X