BIND DNS with Windows DNS

Discussion in 'DNS Server' started by MT, Jul 12, 2005.

  1. MT

    MT Guest

    We currently have with BIND DNS servers that are the authorative for our main
    zone tom.com. The bind servers hand off the AD zones _msdcs.tom.com
    _tcp.tom.com etc. Everything functions fine, our upgrade went without
    trouble.
    This setup is fine for our corporate users since the BIND servers are
    located in house. However we have about 30 branches that have clients who use
    the main DNS servers for resolution. That works just fine if the WAN links
    stay up. They are pretty stable, but there is always that chance. This came
    up during planning, but was nixed because the reliability was good.
    I know that if for some resaon these links do fail clients will not be able
    to logon...especially if when we go native. A thought I had was to setup DNS
    on each branch server.....create a secondary zone called tom.com, pull all of
    the info to windows from BIND and point users to their local server for DNS
    resolution.
    If we decided to go full Windows DNS we could then change the zone
    properties to Primary AD integrated.
    Any thoughts?
     
    MT, Jul 12, 2005
    #1
    1. Advertisements

  2. Hi MT,

    You've got it pretty good covered. BTW - how are clients and server
    registering in the BIND-DNS? Everything manual?

    To provide some reliability if the WAN fails you could do the following
    1. Install DNS in each Branch, make it caching only (if the WAN Failures
    are not very often and recover soon)
    2. Install DNS in each Branch and make it a secondary zonetransfer for
    tom.com, make sure that _msdcs.tom.com is available there too
    3. Install DCs in each Branch, make them DNS-Servers, make sure they get
    tom.com as secondary and _msdcs... via AD.
    4. Install DNS-Servers or DCs in each Branch, make sure they have
    _msdcs.tom.com, create a separate zone (e.g. branch1.tom.com) for each
    branch and configure the clients to be in that subzone.

    You are also right - if you go full Windows DNS you can have multimaster
    DNS by integrating everything in AD. Just make it primary on one server,
    delete the secondary zones on others, and the other DCs will get the
    zone informations depending on the replication scope (WS2k3 Default
    would be all DNS-DCs in the domain get tom.com and all DNS-DCs in the
    forest get _msdcs.tom.com).

    --
    Gruesse - Sincerely,

    Ulf B. Simon-Weidner

    MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
    Weblog: http://msmvps.org/UlfBSimonWeidner
    Website: http://www.windowsserverfaq.org
     
    Ulf B. Simon-Weidner [MVP], Jul 12, 2005
    #2
    1. Advertisements

  3. MT

    MT Guest

    Everything on the BIND side is static for security reasons. So the transfer
    traffic wouldn't be too high.
    My MS DNS servers handle the AD zones _msdcs _tcp etc. (our ad domain name
    is the same as our bind dns name) and those zones are all AD integrated. All
    Branch servers will be DC's. My plan was to also make them DNS
    servers.....all of the ad zones will automatically come over since they are
    AD integrated...... create a secondary zone and point clients to the local
    DNS server to cover us.
     
    MT, Jul 12, 2005
    #3
  4. MT

    Jason Gurtz Guest

    You could install bind secondaries in the remote offices. Not sure how
    the NT port of bind is these days but it should be stable.

    Other's suggestions should work too.

    ~Jason

    --
     
    Jason Gurtz, Jul 15, 2005
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.