Re: Integrated versus non-integrated DNS

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

"voldemort" <daveshep1@xxxxxxxxx> wrote in message
news:1146426792.141832.47700@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
My problem is though that I already have bind9 running within my
network, and I'm relying on it for my enterprise applications.

In what way? What special BIND features are you
dependent upon?

I also
have the ability to have site specific DNS registration;

How are you getting multi-mastered registration with BIND?

computerA.siteB.domain , as I understand it, if I go to integrated AD
DNS I loose this,

Not if you use AD Integrated DNS -- machines will
ususually register with same-site DCs (if available)
and only register off site if they are not.

and have to rely on the sites functionality, which is
not going to be available to non-AD aware applications, or servers.

You can still point non-AD machines to a site-local DNS,
and you can use DHCP servers to register those which
are getting dynamic addresses.

From what I've read, as long as I have DDNS, and SRV record capability
( which is standard stuff in bind now), the Micorsoft domain doesn't
have any issues.

???

However it looks like I loose this "security" feature, the multi-master
and improved replication s something my existing bind DNS copes with
quite easily, albeit with primary and secondary servers.

Could you explain a little more about the enhanced security features,

Dynamic DNS can be secured as long as you require
all dynamically registering machines to be able to
authenticate (that is, domain machines and DHCP do
the registration.

There are other very minor security advantages but
they don't amount to compelling reasons.

I'd be loosing, or point me in the right direction for a good document?
Thanks.

For what specifically? The built-in help is excellent on
DNS (seach for "DNS checklist" to get in the right area and
find the "checklist" explicitly). Also the Resource Kit guides
for Windows which are all online at Microsoft.

One other point, perhaps I should have made at the top --
many people who are running BIND for an existing DNS
domain/zone should probably KEEP that BIND setup but
make the Windows domain/zone a CHILD of it.

It allows the existing BIND to co-exist with the Windows
AD 'support' DNS zone quite simply.

And all DNS servers remain free to hold a secondary (or
equivalent) for any other DNS server-zone in the environment.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]




.

Relevant Pages

  • Re: Logon problems after beginning AD migration
    ... the machines that are logging into the non-2003 ... BDCs to the DNS servers in the 2003 domain, ... It was barely adequate for 2003 server, so after I had a BDC in place, I tried to transfer the FSMO roles to the BDC so I could demote and reload it. ...
    (microsoft.public.win2000.active_directory)
  • Re: Win2k Ras/VPN and a SCO Unix Machine and some difficulty getting to the SCO Machine [LONG]
    ... address as all other machines are. ... But I also have 4 other DNS machines ... I've also been known to ssh into a client machine to check. ... through my servers, Sprint/Earthlink servers, and one client's ...
    (comp.unix.sco.misc)
  • Re: Network logins take too long!
    ... Have you been at one of these client machines when one of the longer delays ... if you have been changing the DNS configuration, ... "Domain Controller servers are two Dell PowerEdge2950 servers one with ...
    (microsoft.public.windows.server.active_directory)
  • Re: Restrict Dynamic Updates
    ... in the near future from the Windows platform is Windows ... BIND/DNS servers to resolve all non-AD queries and redirect them to ... the AD/DNS servers only for AD-specific queries, allowing the BIND ... ISP/external DNS servers. ...
    (microsoft.public.windows.server.dns)
  • RE: Sites and Services
    ... >> same as our existing Bind DNS name. ... Our Windows DNS servers then transfer the zones to ...
    (microsoft.public.windows.server.active_directory)