Hwo to setup DNS Subdomain (Child) as UNIX DNS

Discussion in 'Server Migration' started by Mugen, Mar 1, 2005.

  1. Mugen

    Mugen Guest

    If i am going to do the option 3 in the link below: Create a Subdomain of our
    exisiting UNIX DNS server while in DCPromo.


    When i am in the Dcpromo. It will ask me to setup a Windows DNS and let's
    say if our existing UNIX DNS is "corp.com". What do i need to enter in
    "example.corp.com" as a subdomain of "corp.com"? Also, In DCPromo will ask
    to enter Netbios Domain, can i just enter my prvious NT 4 domian (it is an
    in-place upgrade)? After DCPormo, how do i set/configure UNIX DNS as the
    Parent of "example.corp.com" ? I have been keep seraching but just don't
    find how to set the first new build subdomain windows 2003 DNS communicate
    with the parent UNIX DNS server?

    Mugen, Mar 1, 2005
    1. Advertisements

  2. Mugen

    Herb Martin Guest

    That's it.

    (Later you need to go to Unix and actually delagate
    it from there: parent domain -> child domain DNS
    Yes. It usually defaults to the LEFT-most lable of
    the DNS name which is a GOOD practice but it can
    literally be anything that conforms to NetBIOS name
    Delegate on UNIX by adding the correct "delagation records"
    or "GLUE records".

    Usually this will be a PAIR of records for each child DNS
    server: on NS for the child domain pointing to the child
    DNS server, and on A record for that DNS server's address.
    The above does NOT allow for the child to find the parent;
    that is a separate design decision with other steps:

    Simplest is to let the 'child' DNS server also hold a
    copy of the parent zone as a "secondary" or a similar
    concept with a "stub zone" if you run this on Win2003.
    (There are other ways.)
    Herb Martin, Mar 1, 2005
    1. Advertisements

  3. Mugen

    Mugen Guest

    Forgot to mentioned couple things. The UNIX DNS will not enable dynamic DNS
    but it will support SRV record. And all of our current client are pointing to
    UNIX DNS. If we do child subdomain, are Windows clients able to locate Active
    Directory domain if they are still pointing to UNIX DNS?

    Just had a quick thought.... what if i don't setup/install any Windows DNS
    at all and just create SRV reords (AD name and ip) in UNIX. Is it going to
    work. I only know DNS in Windows is for locating AD. What else?

    Mugen, Mar 1, 2005
  4. Mugen

    Herb Martin Guest

    That doesn't change anything since you are
    delegating the zone that will support AD.

    Even the SRV records are irrelevant if the
    UNIX box will hold no zones in support of
    They can do that but it is more efficient to have
    the clients point to their "own" DNS server and
    let that server hold a secondaries (etc) for the
    other zones you need to resolve (UNIX parent,
    No. You need dynamic DNS to effectively
    support an AD Domain. Best to delegate and
    let the Win2003 DNS servers handle the child

    Point all of the machines in that domain to their
    own DNS server(s) and let those servers resolve
    parent (and Internet etc.)
    Herb Martin, Mar 1, 2005
  5. Mugen

    Mugen Guest

    hI Herb,

    I am really apprecaite your help and you really help me on the DNS issue we
    have for in-place upgrade from NT 4 to W2K3. I have some other questions and
    hope you can help me out below.
    We CANNOT do that because we have Windows, Unix, Mac clients are all getting
    UNIX DNS address from UNIX DHCP server. DHCP server will not able to define
    which client getting which DNS address (Unix or Windows). Therefore, all
    clients have to point to UNIX DNS.
    If like original plan to delegate a Windows 2003 DNS child domain
    "example.corp.com" in Parent UNIX DNS. Could you explain how Windows clients
    able to locate Acitive direcotry Domain and do dynamic update since all
    Windows clients are pointing to Parent UNIX DNS?

    If the child subdomain (First new build Windows 2003 DNS server) NOT allow
    for the child to find the parent (UNIX DNS). Is it neccessary to make child
    to find parent?
    Mugen, Mar 1, 2005
  6. Mugen

    Herb Martin Guest

    Although the above can be avoided (reservations,
    different subnets/VLANs, or overiding the value
    on the client NIC) it can still work as long as the
    parent DNS server either delegates properly or
    holds a copy of the child zone (secondary to the
    child DNS master.)
    WinClients->Parent-DNS-server-->Child zone

    (Technically from the clients point of view they can
    use ANY DNS server and the fact that "their" DNS
    server holds a copy of "their" zone is actually irrelevent
    AS LONG AS the names can be resolved.

    It is so common to point the machines of a domain
    to the DNS server holding the zone for that domain
    that many people forget this is true.
    All (internal) DNS servers must be able to
    resolve ALL internal DNS names.

    Easiest way to resolve from ClientDNS to ParentDNS
    zone is to hold a secondary for the parent on the child

    Remember that the term "child DNS server" is not
    really a "true" description but just a common way of
    describing it -- any DNS server can hold as many DNS
    zones a necessary.

    So we will make the "child DNS server" in to a DNS
    server for the PARENT ALSO. That is, this server
    holding the child.domain.com, will also be a secondary
    for the domain.com zone. Now it can resolve both.
    Herb Martin, Mar 1, 2005
  7. Mugen

    Mugen Guest

    If like original plan to delegate a Windows 2003 DNS child domain
    OK but is that mean windows client are still able to dynamically register
    their host name, srv records to child (example.corp.com) windows DNS server
    through UNIX DNS?

    Is it neccessary to resolve both since all of our clients are poiting to
    Parent UNIX DNS? If needs to, How to set child subdomain to hold a copy of
    Parent UNIX DNS?

    Mugen, Mar 2, 2005
  8. Mugen

    Herb Martin Guest

    It is supposed to work (we occasionally here
    of problems but never on a system where I know
    it was setup correctly.)

    The reason: client requests the SOA record which
    includes the "(top) master" name which indicates the
    Primary, or other master (AD integrated), DNS server
    and registers with that server.
    Make it a secondary of the UNIX DNS server's zone(s).

    Any DNS server can be Primary for (many) zones and
    secondary for many other zones.

    I call the concept of two DNS servers for "different"
    zones which choose to hold a copy of the "other"
    zone: "cross secondaries".

    This (cross secondaries) is not an official term but
    it describes what they do quite simply: A holds
    copy of "B's zone" and B holds copy of "A's zone".

    (Technically they both just hold both zones but the
    phrase "cross secondary" preserves our human
    assumption that each DNS server is mainly there
    to services it's "own" zone/domain.)
    Herb Martin, Mar 2, 2005
  9. Mugen

    Mugen Guest

    I found an very good article of deploying DNS. We are doing option 3 for
    createing child domain. In option 4, it is the most poplular from MS web cast
    What is the difference if we do option 4 and can it be done in here. Because
    it said
    "This option would be used where Active Directory domain names (for example,
    reskit.com) that are the same as the name of the root of a zone (for example,
    reskit.com), cannot be delegated directly to a Windows 2000-based server
    running DNS"
    Our NT 4 domain is called "ABC" and UNIX DNS is called "company.com"


    Mugen, Mar 3, 2005
  10. Mugen

    Herb Martin Guest

    Stick with 3 -- #4 may well be a nightmare.

    It is what I have been telling you.

    (I use #4 only for VERY special case -- i.e.,
    not AD -- purposes.)
    Herb Martin, Mar 3, 2005
  11. Mugen

    Mugen Guest

    Is it possible to turn off DDNS feature? If possible, where i can do it? I
    just want to have child subdomain Windows DNS to be AD Domain locator and
    logon serivce.

    Mugen, Mar 4, 2005
  12. Mugen

    Herb Martin Guest

    AD Domains do not work correct without
    a dynamic DNS zone to support them.

    You are trying to swim uphill, against the
    Herb Martin, Mar 4, 2005
  13. Mugen

    Mugen Guest


    I just ran a test but not able to login to new AD and here is what i did.

    I added 2 records (NS and A) to Parent UNIX DNS server to delegate first new
    build AD Windows 2003 DNS as the child subdomain.

    Here is the records i entered into UNIX Parent DNS:

    example.corp.com IN NS host.example.corp.com
    host.example.corp.com IN A

    I tested in 2 XP machines and changed the DNS entry to point to UNIX Parent
    DNS, and then tried to join new AD domain but it failed. It said something
    like "DNS" name does not exist. The query was for the SRV record for _ldap
    _tcp.dc_msdcs etc. Error 0x0000232B RCODE_NAME_ERROR
    Supposely Unix Parent DNS should past XP client request to child domain for
    AD srv record but it did not work that as we discuss in earlier posts.
    The only way i can have XP clients to join new AD is to change the DNS entry
    to point to Windows child subdomain DNS directly. But we can't do this since
    our Unix DHCP server is giving out UNIX DNS address to all clients (Windows,
    Mac, Unix). I turned on the Debug log in Windows DNS but did not give me any
    good information about that.

    Any help will be very appreciated.
    Mugen, Mar 10, 2005
  14. Mugen

    Herb Martin Guest

    That looks good for delegation, assuming the
    new (child) zone is example.corp.com. and that
    it's DNS server is host.example.corp.com.

    AND assuming you have been "casual" in typing
    those names above since if they appeared as written
    in a zone file they least a "." (dot) on the end of the
    DNS server host name. (Probably not an issue with
    the GUI, but it would be WRONG in UNIX zone
    files if edited directly.

    Correct would be:
    example.corp.com. IN NS host.example.corp.com.
    host.example.corp.com. IN A

    (Without the dots the parent domain name would get
    appended again to each name.)
    Check the "." (dots) and also try NSLookup of the
    host.example.corp.com. DNS server directly.

    Asking the parent DNS questions like:

    nslookup -q=NS example.corp.com. PARENT.DNS.IP.ADRESS
    Herb Martin, Mar 11, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.