Re: Unix Bind and Windows DNS coexist problem with forwarder ON

Mugen wrote:
>> Therefore, I setup delegation in UNIX BIND server to Windows 2003
>> DNS. UNIX BIND setup remainsd the authoritative name server and
>> Windows 2003 DNS just for SRV records and all Window clients are
>> stil pointing to UNIX BIND server.
>
>> The above does not describe delegation.
>
>> Were you to delegate then you would be delegating
>> an entire zone.
>
>> Even if you tried to delegate just the _underscore zones
>> you would still need to deal with the domain-zone itself
>> needing to be dynamic.
>
> I just delegate _underscore zones in UNIX BIND and Windows DNS (like
> the attached URL from my previous email). The dymanic is not working
> in the way we setup but we don't really need it. Is it necessary to
> deal with dynamic update? How to do it?
>
>> Here is the problem, If i turn OFF forwarder in UNIX BIND server,
>> Windows clients are able to join the new Windows 2k3 AD (by entering
>> DNS FQDN) without any problem.
>
>> Then the delegation is likely incorrect.
>
>> Is the Windows domain using a child (DNS) zone
>> of the UNIX? If not, what is the relationship.
>
> Not using child domain. Just _underscore zones.
>
>
>> But if i turn ON the forwarder in UNIX BIND server, none
>> of the Windows clients are able to join the new W2K3 AD (it said
>> cannot find the SRV records etc). It looks like UNIX BIND server
>> treat the windows client request as out of zone request and forward
>> to the external DNS servers. Anyone seem that before?
>
>> If the forwarding and the delegation are done incorrectly.
>
>> For instance (but this may not be your problem precisely):
>> A DNS server cannot (easily) check two full namespaces
>> (from the root down) -- if it forwarders it cannot check it's
>> own root, and vice versa reliably.
>
>> If you simplify:
>> Unix fully delegated to the child DNS zone for the AD domain,
>> or holding a Secondary (or stub or some other way to find it) for
>> the AD domain-Zone.
>
>
> If setup incorrectly. How come when i turn OFF forwarder would work
> (This is what i need but we need to have Forwarder turn ON)
> This must be DNS BIND just forward the SRV record request to external
> server.
>
> The UNIX BIND server is like "abc.com"
> Windows 2003 Server is also same "abc.com"
>
> When i setup a test Windows XP client to try to join the new AD. I put
> "abc.com" and it failed when forwarder ON.


You can do this by just delegating the _subdomains, but you have to create
the LDAP IP address record for the domain name that must resolve to the IP
address of the domain controller so client can access the DFS share at
\\abc.com\SYSVOL you will also need to create an A record for the Domain
controller's name. Just to add, abc.com MUST resolve to the IP address of
the domain controller only, not a web server. If the record points to a web
server your domain members will be looking to the web server for their Group
Policy Objects.
This would have been much simpler to set up had you named the AD domain a
sub domain name of abc.com such as ad.abc.com. Then you would only had to
create one delegation for ad and not "A" records and abc.com could resolve
to your website.


--?
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================


.

Relevant Pages