Re: Unix Bind and Windows DNS coexist problem with forwarder ON

---

• From: "Herb Martin" <news@xxxxxxxxxxxxxx>
• Date: Mon, 11 Apr 2005 17:24:39 -0500

---

"Mugen" <Mugen@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6E8A58FA-A7BB-4202-8C6A-59105C2E61D7@xxxxxxxxxxxxxxxx
> Hi,
>
> We are planning to upgrade NT 4 to 2003 AD. I setup a lab for all the
testing.
> Our current DNS server is running in UNIX BIND and all windows clients are
> point to UNIX BIND for hostname/internet resoulution. We need to keep it
that
> way.

Then the UNIX BIND must either hold the Dynamic
DNS Zone for you domain OR be able to find it (e.g.,
on your MS DNS servers which might be child DNS
or another tree entirely.)

> Therefore, I setup delegation in UNIX BIND server to Windows 2003 DNS.
UNIX
> BIND setup remainsd the authoritative name server and Windows 2003 DNS
just
> for SRV records and all Window clients are stil pointing to UNIX BIND
server.

The above does not describe delegation.

Were you to delegate then you would be delegating
an entire zone.

Even if you tried to delegate just the _underscore zones
you would still need to deal with the domain-zone itself
needing to be dynamic.


> Here is the problem, If i turn OFF forwarder in UNIX BIND server, Windows
> clients are able to join the new Windows 2k3 AD (by entering DNS FQDN)
> without any problem.

Then the delegation is likely incorrect.

Is the Windows domain using a child (DNS) zone
of the UNIX? If not, what is the relationship.


> But if i turn ON the forwarder in UNIX BIND server, none
> of the Windows clients are able to join the new W2K3 AD (it said cannot
find
> the SRV records etc). It looks like UNIX BIND server treat the windows
client
> request as out of zone request and forward to the external DNS servers.
> Anyone seem that before?

If the forwarding and the delegation are done incorrectly.

For instance (but this may not be your problem precisely):
A DNS server cannot (easily) check two full namespaces
(from the root down) -- if it forwarders it cannot check it's
own root, and vice versa reliably.

If you simplify:
Unix fully delegated to the child DNS zone for the AD domain,
or holding a Secondary (or stub or some other way to find it) for
the AD domain-Zone.



.

---

• Follow-Ups:
  • Re: Unix Bind and Windows DNS coexist problem with forwarder ON
    • From: Mugen

• References:
  • Unix Bind and Windows DNS coexist problem with forwarder ON
    • From: Mugen

• Prev by Date: Re: Question on larger dns system
• Next by Date: Re: Should DNS forwarders to the internet point to each other?
• Previous by thread: RE: Unix Bind and Windows DNS coexist problem with forwarder ON
• Next by thread: Re: Unix Bind and Windows DNS coexist problem with forwarder ON
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: NT Domain to AD migration ... Windows 2000/XP always prefer Kerberos authentication, ... Server 2003 Active Directory service, ensure that you have designed a DNS ... (microsoft.public.windows.server.active_directory) Re: Secondary DNS and PIX ... Of course I updated them with the DNS ... WINDOWS SERVER 2003 FOR SMALL BUSINESS SERVER, ... Windows SBS 2003 SP1 is available. ... (microsoft.public.windows.server.sbs) Re: Find AD hostname from Linux command line ... The Windows XP workstation gets an IP ... "Register this connection's addresses in DNS" turned ON. ... If I am on a Linux server and do "ping lancelot.ad.mydomain.com", ... (microsoft.public.win2000.dns) Re: Secondary DNS and PIX ... SBS SP1 was a very specific service pack comprising several ... Root hints for DNS means you leave the forwarders ... WINDOWS SERVER 2003 FOR SMALL BUSINESS SERVER, ... (microsoft.public.windows.server.sbs) Re: Unix Bind and Windows DNS coexist problem with forwarder ON ... I setup delegation in UNIX BIND server to Windows 2003 DNS. ... (microsoft.public.windows.server.dns)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)