Re: Unix Bind and Windows DNS coexist problem with forwarder ON
- From: "Mugen" <Mugen@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 14 Apr 2005 13:28:56 -0700
> You can do this by just delegating the _subdomains, but you have to create
> the LDAP IP address record for the domain name that must resolve to the IP
> address of the domain controller so client can access the DFS share at
> \\abc.com\SYSVOL you will also need to create an A record for the Domain
> controller's name.
If that's the case, can you tell me where/how to create the LDAP IP address
record for the domain name? In Windows or DNS ?
>Just to add, abc.com MUST resolve to the IP address of
> the domain controller only, not a web server. If the record points to a web
> server your domain members will be looking to the web server for their Group
> Policy Objects.
I created an A record in UNIX Bind to point to Domain server. Here is what i
have created in Unix bind server.
_TCP IN NS hostname.domain.com
_UDP IN NS hostname.domain.com
_MSDCS IN NS hostname.domain.com
_SITES IN NS hostname.domain.com
ForestDNSZones IN NS hostname.domain.com
DomainDNSZones IN NS hostname.domain.com
192.168.1.1 IN A hostname.domain.com # Windows 2K3 Domain
Controller
Here is the MS KB link of how i setup in Microsoft DNS server. I am doing
option 4.
http://support.microsoft.com/kb/q255913/
Thanks.
Mugen
"Kevin D. Goodknecht Sr. [MVP]" wrote:
> Mugen wrote:
> >> Therefore, I setup delegation in UNIX BIND server to Windows 2003
> >> DNS. UNIX BIND setup remainsd the authoritative name server and
> >> Windows 2003 DNS just for SRV records and all Window clients are
> >> stil pointing to UNIX BIND server.
> >
> >> The above does not describe delegation.
> >
> >> Were you to delegate then you would be delegating
> >> an entire zone.
> >
> >> Even if you tried to delegate just the _underscore zones
> >> you would still need to deal with the domain-zone itself
> >> needing to be dynamic.
> >
> > I just delegate _underscore zones in UNIX BIND and Windows DNS (like
> > the attached URL from my previous email). The dymanic is not working
> > in the way we setup but we don't really need it. Is it necessary to
> > deal with dynamic update? How to do it?
> >
> >> Here is the problem, If i turn OFF forwarder in UNIX BIND server,
> >> Windows clients are able to join the new Windows 2k3 AD (by entering
> >> DNS FQDN) without any problem.
> >
> >> Then the delegation is likely incorrect.
> >
> >> Is the Windows domain using a child (DNS) zone
> >> of the UNIX? If not, what is the relationship.
> >
> > Not using child domain. Just _underscore zones.
> >
> >
> >> But if i turn ON the forwarder in UNIX BIND server, none
> >> of the Windows clients are able to join the new W2K3 AD (it said
> >> cannot find the SRV records etc). It looks like UNIX BIND server
> >> treat the windows client request as out of zone request and forward
> >> to the external DNS servers. Anyone seem that before?
> >
> >> If the forwarding and the delegation are done incorrectly.
> >
> >> For instance (but this may not be your problem precisely):
> >> A DNS server cannot (easily) check two full namespaces
> >> (from the root down) -- if it forwarders it cannot check it's
> >> own root, and vice versa reliably.
> >
> >> If you simplify:
> >> Unix fully delegated to the child DNS zone for the AD domain,
> >> or holding a Secondary (or stub or some other way to find it) for
> >> the AD domain-Zone.
> >
> >
> > If setup incorrectly. How come when i turn OFF forwarder would work
> > (This is what i need but we need to have Forwarder turn ON)
> > This must be DNS BIND just forward the SRV record request to external
> > server.
> >
> > The UNIX BIND server is like "abc.com"
> > Windows 2003 Server is also same "abc.com"
> >
> > When i setup a test Windows XP client to try to join the new AD. I put
> > "abc.com" and it failed when forwarder ON.
>
>
> You can do this by just delegating the _subdomains, but you have to create
> the LDAP IP address record for the domain name that must resolve to the IP
> address of the domain controller so client can access the DFS share at
> \\abc.com\SYSVOL you will also need to create an A record for the Domain
> controller's name. Just to add, abc.com MUST resolve to the IP address of
> the domain controller only, not a web server. If the record points to a web
> server your domain members will be looking to the web server for their Group
> Policy Objects.
> This would have been much simpler to set up had you named the AD domain a
> sub domain name of abc.com such as ad.abc.com. Then you would only had to
> create one delegation for ad and not "A" records and abc.com could resolve
> to your website.
>
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
>
.
- References:
- Unix Bind and Windows DNS coexist problem with forwarder ON
- From: Mugen
- Re: Unix Bind and Windows DNS coexist problem with forwarder ON
- From: Herb Martin
- Re: Unix Bind and Windows DNS coexist problem with forwarder ON
- From: Mugen
- Re: Unix Bind and Windows DNS coexist problem with forwarder ON
- From: Kevin D. Goodknecht Sr. [MVP]
- Unix Bind and Windows DNS coexist problem with forwarder ON
- Prev by Date: RE: server confusion about workstation ip address
- Next by Date: Unable to bind to the destination server in DNS
- Previous by thread: Re: Unix Bind and Windows DNS coexist problem with forwarder ON
- Next by thread: win2k dns vs. win2k3 dns upgrade?
- Index(es):
Relevant Pages
|
