Solved

Adding BIND to Windows AD Netowork

Posted on 2004-04-26
7
281 Views
Last Modified: 2010-03-18
All,

We have an Active Directory network w/ the only DNS Servers running in our HQ building.  We have 4 remote offices connected via VPNs.  In the interest of cutting back network traffic and keeping the remote offices running even if the tunnel goes down (but their internet connection stays up) we want to add remote DNS Servers to each office.  Money, among other things,  dictates they be Linux/BSD boxes.  We have RedHat runnig DHCP/SAMBA out there already, so we will probably just use them.  

I would like the clients to query the local DNS boxes and have those boxes forward the queries to our primary DNS Servers @ HQ for internal addresses and out to the big dot in the sky for internet addresses.  I also need the client information to be updated on our Windows 2000 DNS.  The remote offices are subnetted but all one domain and needs to stay that way IF possible.

So all this leads to my question(s);

What is the procedure to ADD a BIND server to an existing Windows 2000 AD Domain, using the BIND boxes as secondary/forwarding/caching DNS Servers?

If possible, give me an example of what the named.cof file should look like along
0
Comment
Question by:lpullen
  • 4
  • 3
7 Comments
 
LVL 8

Expert Comment

by:da99rmd
ID: 10926633
Is the HQ DNS a windows one ?
Dont konw so much about win DNS.
But here is an example for the linux slave BIND NS.
 
#for the slave out in the ext offices named.conf
options {
   directory "/var/named";
allow-query {
                192.168.0/24;
                (ips of comp allowed to query);
                };
   forwarders {
            # This will make the the slaves first ask the HQ DNS if down then go to your ext DNS(But will do this on ext and internal)).  
           (The ip of the master);
           (The ip of the masters DNS(for times when the VPN is down));
     };

zone "111.111.111.in-addr.arpa" {
        type slave;
# Set this to no if dont you want the outside to know
        notify yes;
        file "111.111.111.in-addr.arpa";
        masters { (ip of master); };
        allow-transfer { (ip to master); };
        allow-query { any; };
};

zone "testdomain.com" {
        type slave;
        notify yes;
        file "testdomain.com";
        masters { (ip of master); };
        allow-transfer { (ip to master); };
        allow-query { any; };
};
#end

Then make the master transfer the changes out to the other slaves(ext offices)

/Rob
0
 

Author Comment

by:lpullen
ID: 10930997
Thanks for the reply, Rob.

Yes the HQ DNS is Windows 2000

So if one of the Remote Offices is on the 192.168.23.1/25 network and HQ is on the 10.10.10.1/24 network w/ the Primary DNS being @ 10.10.10.10, everyone on the test.loc domain and the ISPs DNS (used for backup) being 68.168.192.17;

Would it look like this?

#for the slave out in the ext offices named.conf
options {
   directory "/var/named";
allow-query {
                192.168.23.1/25;
                                };
   forwarders {
            # This will make the the slaves first ask the HQ DNS if down then go to your ext DNS(But will do this on ext and internal)).  
           10.10.10.10;
           68.168.192.17;
     };

zone "111.111.111.in-addr.arpa" {
        type slave;
# Set this to no if dont you want the outside to know
        notify yes;
        file "111.111.111.in-addr.arpa";
        masters { 10.10.10.10; };
        allow-transfer { (ip to master); };
        allow-query { any; };
};

zone "test.loc" {
        type slave;
        notify yes;
        file "test.loc";
        masters { 10.10.10.10; };
        allow-transfer { 10.10.10.10; };
        allow-query { any; };
};
#end
0
 
LVL 8

Accepted Solution

by:
da99rmd earned 500 total points
ID: 10936350
This is the reverse lookup zone to resolve from ip to adress so it should be:

zone "23.168.192.in-addr.arpa" {
        type slave;
# Set this to no if dont you want the outside to know
        notify yes;
        file "23.168.192.in-addr.arpa";
        masters { 10.10.10.10; };
        allow-transfer { 10.10.10.10; };
        allow-query { any; };
};

Do you know how write the zone files ?

/Rob
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 8

Expert Comment

by:da99rmd
ID: 10936356
The rest looks good.

/Rob
0
 

Author Comment

by:lpullen
ID: 10938317
Great, thanks, Rob.

No I am not familiar w/ writing the zone files.  What do I need to do that?
0
 
LVL 8

Expert Comment

by:da99rmd
ID: 10938480
ill give you 2 examples an ordinary and a reverse lookup:
;
; Zone file for trollis.net
;
; The full zone file
;
$TTL 3D
@       IN      SOA     domainname.net. hostmaster.domainname.net. (
                        2004022702      ; serial, todays date + todays serial #
                        8H              ; refresh, seconds
                        2H              ; retry, seconds
                        4W              ; expire, seconds
                        1D )            ; minimum, seconds
;
                NS      ns              ; Inet Address of name server
                NS      ns2
                                         MX      10 mail.domainname.net.    ; Primary Mail Exchange
                                         MX             20 mail2.domainname.net.
;
localhost             IN A       127.0.0.1
servername        IN A      (IP)
ns                      IN A       (IP)
ns2                    IN A       (IP)
mail                   IN A      (IP)
mail2                 IN A       (IP)
;clients
client1               IN A       (IP)
client2               IN A           (IP)
; end
# A reverse lookup only those that are in the 192.168.23.1/25
$TTL 3D
@               IN      SOA     domainname.net. postmaster.domainname.net. (
                                2004022702        ; Serial
                                8H                                ; Refresh
                                2H                                   ; Retry
                                4W                                ; Expire
                                1D)                       ; Minimum TTL
                        NS      ns.trollis.net.
                        NS      ns2.trollis.net.
                        MX      10 mail.domainname.net.    ; Primary Mail Exchange
                        MX      20 mail2.domainname.net.
; Just put the last number in the ip here like 2 in 192.168.23.2
;
;       Servers
;
2         PTR     ns.trollis.net.
2         PTR     mail.trollis.net.
;
;       Workstations
;
20       PTR   client1.domainname.net.
21       PTR   client2.domainname.net.

;end

here is an good howto
http://www.tldp.org/HOWTO/DNS-HOWTO.html#toc3
http://langfeldt.net/DNS-HOWTO/BIND-9/

/Rob
0
 

Author Comment

by:lpullen
ID: 10998874
That should help, thanks!
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to add a new SAN disk to a linux vmware box 8 32
Centos Rescue and NFS Share 4 66
for ssh without password, are both ways correct 16 73
centos7 firewalld udp ports 33 74
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question