Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, January 23, 2014 4:37 PM
I have a client environment where BIND servers are used as forwarding servers for Windows DNS integrated servers. BIND only provides name resolution for external queries. Windows DNS provides resolution for internal queries. However, they use BIND as both the primary and secondary DNS servers for Windows clients. I'm looking for an article or an explanation as to why they should use the Windows DNS servers as primary and secondary DNS servers on Windows clients. Or at least the primary as a Windows DNS server. We've explained but are looking for more info if available.
All replies (3)
Thursday, January 23, 2014 8:28 PM ✅Answered
Yeah I'd certainly recommend against it! So essentially the client machines are unable to update or query dynamic AD related DNS records since they're not pointing to the DNS servers actually used by your AD server(s). I could well imagine that causing issues, and meaning that some AD functionality won't work correctly.
I know you can directly integrate BIND with AD, eg so that the BIND servers are the ones used by AD, though I haven't tried it, but this seems to be neither.
I can't find any articles relating to your exact situation, presumably no one else has tried to use such a mixed and disjoined setup. I'd focus on looking for articles relating to why you shouldn't point your users at a router (most commonly in small setups on ADSL) for the DNS rather than directing them to the server for DNS and then having that query the router for external results. It's a more common scenario and you're more likely to find articles relating to it.
One article you might find useful is http://msmvps.com/blogs/acefekay/archive/2009/08/17/ad-and-its-reliance-on-dns.aspx which talks in terms of using your ISP's DNS servers on the client machines, but in your situation it sounds like the BIND servers are essentially providing an equivalent setup.
There's also various discussions and comments on the topic elsewhere on these forums, for instance http://social.technet.microsoft.com/Forums/windowsserver/en-US/c3ba3859-765e-4b3f-add0-eaf2c18e1068/i-have-dns-in-a-router-and-i-want-to-install-domain-controller?forum=winservergen and http://social.technet.microsoft.com/Forums/windowsserver/en-US/b5df8fd4-7ab2-4d1e-afe2-c5263c4d69c3/dns-server-forwarding-and-clients-getting-address-of-registrars-ip?forum=winserverNIS which are worth checking out.
Friday, January 24, 2014 12:32 AM ✅Answered
Dirk is right, I've been at places where we had limited AD, primary DNS was BIND and also has Novell.
Removed Novell and replaced authentication with AD, AD integrated DNS and the staff commented how much faster things worked! that's a nice change from the usual complaints.
This also made AD the primary DNS for the domain and all clients used AD for DNS, it was a battle against the Unix overlord but we fought the good fight and won, and made things better. all the ligts just came on and lots of the environmental issues simply went away once AD was left to manage the clients and name resoultion, AD relies on DNS to be 100%
Just make sure you have DNS setup correctly Reverse zones etc.
Also recommend that you configure DHCP account to update DNS as well, so you can disable unsecure updates.
Wednesday, February 12, 2014 2:03 AM
Hi,
Just want to confirm the current situations.
Please feel free to let us know if you need further assistance.
Regards.