Re: Making windows 2003 DNS work with old BIND 8 DNS
From: Ace Fekay [MVP] (PleaseSubstituteMyActualFirstName&LastNameHere_at_hotmail.com)
Date: 11/02/04
- Next message: Bob Qin [MSFT]: "RE: Migrating from Windows nt 4.0 to Windows 2003"
- Previous message: GG: "Making windows 2003 DNS work with old BIND 8 DNS"
- In reply to: GG: "Making windows 2003 DNS work with old BIND 8 DNS"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 2 Nov 2004 01:24:03 -0500
In news:5f146bfd.0411012106.10efc74b@posting.google.com,
GG <gretzkygirl44@yahoo.com> made a post then I commented below
> OK - SO here is the set up. Have an NT 4.0 domain now. About 10,000
> clientmachines, some part of the domain, some not. I am migrating the
> domain
> to a Win 2003 Active Directory domain. The main DNS servers are AIX
> machines,BIND 8.0.x. The DNS team will not make any changes to play
> nice with AD - well they will add any static type entries we need, but
> they won't up
> the bind level. The clients can not change anything on their side.
> Their machines need to continue to point to the main company AIX DNS
> servers. SO - the questionis, how do I (or can I) configure DNS on the
> Windows server and what entriesif any do I have the DNS team make so
> that a client (whose DNS entries pointto that of the main AIX box) can
> access the domain resources with their usual windows domain ID???
> Right now most customers access the shared data with a simple
> start - run \\servername.austin.company.com
>
>
> Thanks for any and all information!
> Maria
With all due respect, this is totally political.
If they want that type of full control, the best way around it is to allow
the BIND folks access to the system32\config\netlogon.dns file from EACH
DOMAIN CONTROLLER, and let them manually enter the data. There's alot of
data in there, and it's ALL REQUIRED.
This is required due to the logon process, DC locator service, accessing
resources & authentication, replication requests, and about 50+ other things
that occur in AD. AD stores all of it's resources and services locaitons in
the form of SRV records. They are those four folders that have an underscore
in the beginning of their name: (_tcp, _udp, _sites, _msdcs). And to note,
the _msdcs zone is delegated to itself, and the zone is created on the same
DNS and should be Active DIrectory integrated in the ForestDnsZones, so the
zone is available for all DCs in the forest for proper functionality. They
are queried anytime anything in AD (DCs, clients and member servers),
require to locate a DC.
Keep in mind, you also have the application partition zones to be created,
as well (the ForestDnsZones and DomainDnsZones folders).
Ideally, recommended BIND version is 8.2.3 or better. If they're running
anything older, I'm kind of surprised they haven't upgraded yet. The lates
BIND version is 9.3.0.
It is really beneficial for a company of 10,000 seats for the BIND
administrators to fully understand AD's DNS requirements, or you will have a
very difficult time upgrading/migrating your system, along with many
problems, and may find that you may just have to hold back upgrading until
the understanding is there.
-- Regards, Ace Please direct all replies ONLY to the Microsoft public newsgroups so all can benefit. This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP Microsoft Windows MVP - Windows Server - Directory Services Security Is Like An Onion, It Has Layers HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a pig. -- =================================
- Next message: Bob Qin [MSFT]: "RE: Migrating from Windows nt 4.0 to Windows 2003"
- Previous message: GG: "Making windows 2003 DNS work with old BIND 8 DNS"
- In reply to: GG: "Making windows 2003 DNS work with old BIND 8 DNS"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
