Bind slave to Windows 2008 AD/DNS
Jukka Pakkanen
and it's working fine as far as I can see (except that the slaves after
a period of times lose the data and never update it unless restart the
Bind process, but that's another matter) but browsing the web I noticed
there should be 6 zones I need to slave to have it correctly:
>What zones are you slaving on your BIND server? There should be six:
>
>DomainDNSZones.example.com
>ForestDNSZones.example.com
>_msdcs.example.com
>_sites.example.com
>_tcp.example.com
>_udp.example.com
>
>If you have these six zones slaved on your BIND server, and these
zones are being transferred successfully, then there should be no
problems. "
What exactly does this mean? I only have this:
zone "company.local" {
type slave;
file "company.local.cache";
masters { 62.x.x.x; };
};
Should I instead have these six zones in the named.conf, like:
zone "DomainDNSZones.company.local" {
type slave;
file "domaindnszones.company.local.cache";
masters { 62.x.x.x; };
};
zone "ForestDNSZones.company.local" {
type slave;
file "forestdnszones.company.local.cache";
masters { 62.x.x.x; };
};
zone "_msdcs.company.local" {
type slave;
file "_nsdcs.company.local.cache";
masters { 62.x.x.x; };
};
etc...??
Chris Buxton
> I have out Bind servers running as slaves to Windows 2008 DNS server, and it's working fine as far as I can see (except that the slaves after a period of times lose the data and never update it unless restart the Bind process, but that's another matter) but browsing the web I noticed there should be 6 zones I need to slave to have it correctly:
>
> >What zones are you slaving on your BIND server? There should be six:
> >
> >DomainDNSZones.example.com
> >ForestDNSZones.example.com
> >_msdcs.example.com
> >_sites.example.com
> >_tcp.example.com
> >_udp.example.com
> >
> >If you have these six zones slaved on your BIND server, and these zones are being transferred successfully, then there should be no problems. "
>
> What exactly does this mean? I only have this:
>
> zone "company.local" {
> type slave;
> file "company.local.cache";
> masters { 62.x.x.x; };
> };
>
> Should I instead have these six zones in the named.conf
That depends on whether they're declared as delegated subzones or included in the company.local zone. By default, the AD wizard will create just company.local and _msdcs.company.local as zones - the other subdomains are not separated into their own individual zones.
Chris Buxton
Professional Services
Men & Mice
Jukka Pakkanen
are covered. What about the _msdcs.company.local, is that needed in slaves?
bsfi...@anl.gov
>Thanks. Those 6 zones are subdomains to company.local so I guess they
>are covered. What about the _msdcs.company.local, is that needed in
>slaves?
If the zone
company.local
is mastered on a MX Windows DNS Server, then that zone will contain
the records that would be found in the
ForestDNSZones.company.local
DomainDNSZones.company.local
_msdcs.company.local
_sites.company.local
_tcp.company.local
_udp.company.local
zones. Look at the full zone on the BIND slave server, and you should
see records like these:
_kerberos._tcp 10M IN SRV 0 100 88 abcaddc0
_kpasswd._tcp 10M IN SRV 0 100 464 abcaddc0
_ldap._tcp 10M IN SRV 0 100 389 abcaddc0
_kerberos._udp 10M IN SRV 0 100 88 abcaddc0
_kpasswd._udp 10M IN SRV 0 100 464 abcaddc0
These are taken from a forward zone I have on an MS Windows DNS Server.
In all my other cases, the AD "_" zones are on Windows, while the
forward zone is on my BIND master, so I needed to add NS delegation
records for the six (or four) AD zones.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 240, Room 5.B.8 Internet: BSFi...@anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994