BIND DNS with Windows DNS

We currently have with BIND DNS servers that are the authorative for our main
zone tom.com. The bind servers hand off the AD zones _msdcs.tom.com
_tcp.tom.com etc. Everything functions fine, our upgrade went without
trouble.
This setup is fine for our corporate users since the BIND servers are
located in house. However we have about 30 branches that have clients who use
the main DNS servers for resolution. That works just fine if the WAN links
stay up. They are pretty stable, but there is always that chance. This came
up during planning, but was nixed because the reliability was good.
I know that if for some resaon these links do fail clients will not be able
to logon...especially if when we go native. A thought I had was to setup DNS
on each branch server.....create a secondary zone called tom.com, pull all of
the info to windows from BIND and point users to their local server for DNS
resolution.
If we decided to go full Windows DNS we could then change the zone
properties to Primary AD integrated.
Any thoughts?

 

Hi MT,

You've got it pretty good covered. BTW - how are clients and server
registering in the BIND-DNS? Everything manual?

To provide some reliability if the WAN fails you could do the following
1. Install DNS in each Branch, make it caching only (if the WAN Failures
are not very often and recover soon)
2. Install DNS in each Branch and make it a secondary zonetransfer for
tom.com, make sure that _msdcs.tom.com is available there too
3. Install DCs in each Branch, make them DNS-Servers, make sure they get
tom.com as secondary and _msdcs... via AD.
4. Install DNS-Servers or DCs in each Branch, make sure they have
_msdcs.tom.com, create a separate zone (e.g. branch1.tom.com) for each
branch and configure the clients to be in that subzone.

You are also right - if you go full Windows DNS you can have multimaster
DNS by integrating everything in AD. Just make it primary on one server,
delete the secondary zones on others, and the other DCs will get the
zone informations depending on the replication scope (WS2k3 Default
would be all DNS-DCs in the domain get tom.com and all DNS-DCs in the
forest get _msdcs.tom.com).

--
Gruesse - Sincerely,

Ulf B. Simon-Weidner

MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org

 

Everything on the BIND side is static for security reasons. So the transfer
traffic wouldn't be too high.
My MS DNS servers handle the AD zones _msdcs _tcp etc. (our ad domain name
is the same as our bind dns name) and those zones are all AD integrated. All
Branch servers will be DC's. My plan was to also make them DNS
servers.....all of the ad zones will automatically come over since they are
AD integrated...... create a secondary zone and point clients to the local
DNS server to cover us.

 

You could install bind secondaries in the remote offices. Not sure how
the NT port of bind is these days but it should be stable.

Other's suggestions should work too.

~Jason

--