Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Adding BIND to Windows AD Netowork

Posted on 2004-04-26
7
Medium Priority
?
288 Views
Last Modified: 2010-03-18
All,

We have an Active Directory network w/ the only DNS Servers running in our HQ building.  We have 4 remote offices connected via VPNs.  In the interest of cutting back network traffic and keeping the remote offices running even if the tunnel goes down (but their internet connection stays up) we want to add remote DNS Servers to each office.  Money, among other things,  dictates they be Linux/BSD boxes.  We have RedHat runnig DHCP/SAMBA out there already, so we will probably just use them.  

I would like the clients to query the local DNS boxes and have those boxes forward the queries to our primary DNS Servers @ HQ for internal addresses and out to the big dot in the sky for internet addresses.  I also need the client information to be updated on our Windows 2000 DNS.  The remote offices are subnetted but all one domain and needs to stay that way IF possible.

So all this leads to my question(s);

What is the procedure to ADD a BIND server to an existing Windows 2000 AD Domain, using the BIND boxes as secondary/forwarding/caching DNS Servers?

If possible, give me an example of what the named.cof file should look like along
0
Comment
Question by:lpullen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 8

Expert Comment

by:da99rmd
ID: 10926633
Is the HQ DNS a windows one ?
Dont konw so much about win DNS.
But here is an example for the linux slave BIND NS.
 
#for the slave out in the ext offices named.conf
options {
   directory "/var/named";
allow-query {
                192.168.0/24;
                (ips of comp allowed to query);
                };
   forwarders {
            # This will make the the slaves first ask the HQ DNS if down then go to your ext DNS(But will do this on ext and internal)).  
           (The ip of the master);
           (The ip of the masters DNS(for times when the VPN is down));
     };

zone "111.111.111.in-addr.arpa" {
        type slave;
# Set this to no if dont you want the outside to know
        notify yes;
        file "111.111.111.in-addr.arpa";
        masters { (ip of master); };
        allow-transfer { (ip to master); };
        allow-query { any; };
};

zone "testdomain.com" {
        type slave;
        notify yes;
        file "testdomain.com";
        masters { (ip of master); };
        allow-transfer { (ip to master); };
        allow-query { any; };
};
#end

Then make the master transfer the changes out to the other slaves(ext offices)

/Rob
0
 

Author Comment

by:lpullen
ID: 10930997
Thanks for the reply, Rob.

Yes the HQ DNS is Windows 2000

So if one of the Remote Offices is on the 192.168.23.1/25 network and HQ is on the 10.10.10.1/24 network w/ the Primary DNS being @ 10.10.10.10, everyone on the test.loc domain and the ISPs DNS (used for backup) being 68.168.192.17;

Would it look like this?

#for the slave out in the ext offices named.conf
options {
   directory "/var/named";
allow-query {
                192.168.23.1/25;
                                };
   forwarders {
            # This will make the the slaves first ask the HQ DNS if down then go to your ext DNS(But will do this on ext and internal)).  
           10.10.10.10;
           68.168.192.17;
     };

zone "111.111.111.in-addr.arpa" {
        type slave;
# Set this to no if dont you want the outside to know
        notify yes;
        file "111.111.111.in-addr.arpa";
        masters { 10.10.10.10; };
        allow-transfer { (ip to master); };
        allow-query { any; };
};

zone "test.loc" {
        type slave;
        notify yes;
        file "test.loc";
        masters { 10.10.10.10; };
        allow-transfer { 10.10.10.10; };
        allow-query { any; };
};
#end
0
 
LVL 8

Accepted Solution

by:
da99rmd earned 1500 total points
ID: 10936350
This is the reverse lookup zone to resolve from ip to adress so it should be:

zone "23.168.192.in-addr.arpa" {
        type slave;
# Set this to no if dont you want the outside to know
        notify yes;
        file "23.168.192.in-addr.arpa";
        masters { 10.10.10.10; };
        allow-transfer { 10.10.10.10; };
        allow-query { any; };
};

Do you know how write the zone files ?

/Rob
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 8

Expert Comment

by:da99rmd
ID: 10936356
The rest looks good.

/Rob
0
 

Author Comment

by:lpullen
ID: 10938317
Great, thanks, Rob.

No I am not familiar w/ writing the zone files.  What do I need to do that?
0
 
LVL 8

Expert Comment

by:da99rmd
ID: 10938480
ill give you 2 examples an ordinary and a reverse lookup:
;
; Zone file for trollis.net
;
; The full zone file
;
$TTL 3D
@       IN      SOA     domainname.net. hostmaster.domainname.net. (
                        2004022702      ; serial, todays date + todays serial #
                        8H              ; refresh, seconds
                        2H              ; retry, seconds
                        4W              ; expire, seconds
                        1D )            ; minimum, seconds
;
                NS      ns              ; Inet Address of name server
                NS      ns2
                                         MX      10 mail.domainname.net.    ; Primary Mail Exchange
                                         MX             20 mail2.domainname.net.
;
localhost             IN A       127.0.0.1
servername        IN A      (IP)
ns                      IN A       (IP)
ns2                    IN A       (IP)
mail                   IN A      (IP)
mail2                 IN A       (IP)
;clients
client1               IN A       (IP)
client2               IN A           (IP)
; end
# A reverse lookup only those that are in the 192.168.23.1/25
$TTL 3D
@               IN      SOA     domainname.net. postmaster.domainname.net. (
                                2004022702        ; Serial
                                8H                                ; Refresh
                                2H                                   ; Retry
                                4W                                ; Expire
                                1D)                       ; Minimum TTL
                        NS      ns.trollis.net.
                        NS      ns2.trollis.net.
                        MX      10 mail.domainname.net.    ; Primary Mail Exchange
                        MX      20 mail2.domainname.net.
; Just put the last number in the ip here like 2 in 192.168.23.2
;
;       Servers
;
2         PTR     ns.trollis.net.
2         PTR     mail.trollis.net.
;
;       Workstations
;
20       PTR   client1.domainname.net.
21       PTR   client2.domainname.net.

;end

here is an good howto
http://www.tldp.org/HOWTO/DNS-HOWTO.html#toc3
http://langfeldt.net/DNS-HOWTO/BIND-9/

/Rob
0
 

Author Comment

by:lpullen
ID: 10998874
That should help, thanks!
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question