Adding BIND to Windows AD Netowork

All,

We have an Active Directory network w/ the only DNS Servers running in our HQ building.  We have 4 remote offices connected via VPNs.  In the interest of cutting back network traffic and keeping the remote offices running even if the tunnel goes down (but their internet connection stays up) we want to add remote DNS Servers to each office.  Money, among other things,  dictates they be Linux/BSD boxes.  We have RedHat runnig DHCP/SAMBA out there already, so we will probably just use them.  

I would like the clients to query the local DNS boxes and have those boxes forward the queries to our primary DNS Servers @ HQ for internal addresses and out to the big dot in the sky for internet addresses.  I also need the client information to be updated on our Windows 2000 DNS.  The remote offices are subnetted but all one domain and needs to stay that way IF possible.

So all this leads to my question(s);

What is the procedure to ADD a BIND server to an existing Windows 2000 AD Domain, using the BIND boxes as secondary/forwarding/caching DNS Servers?

If possible, give me an example of what the named.cof file should look like along
lpullenAsked:
Who is Participating?
 
da99rmdCommented:
This is the reverse lookup zone to resolve from ip to adress so it should be:

zone "23.168.192.in-addr.arpa" {
        type slave;
# Set this to no if dont you want the outside to know
        notify yes;
        file "23.168.192.in-addr.arpa";
        masters { 10.10.10.10; };
        allow-transfer { 10.10.10.10; };
        allow-query { any; };
};

Do you know how write the zone files ?

/Rob
0
 
da99rmdCommented:
Is the HQ DNS a windows one ?
Dont konw so much about win DNS.
But here is an example for the linux slave BIND NS.
 
#for the slave out in the ext offices named.conf
options {
   directory "/var/named";
allow-query {
                192.168.0/24;
                (ips of comp allowed to query);
                };
   forwarders {
            # This will make the the slaves first ask the HQ DNS if down then go to your ext DNS(But will do this on ext and internal)).  
           (The ip of the master);
           (The ip of the masters DNS(for times when the VPN is down));
     };

zone "111.111.111.in-addr.arpa" {
        type slave;
# Set this to no if dont you want the outside to know
        notify yes;
        file "111.111.111.in-addr.arpa";
        masters { (ip of master); };
        allow-transfer { (ip to master); };
        allow-query { any; };
};

zone "testdomain.com" {
        type slave;
        notify yes;
        file "testdomain.com";
        masters { (ip of master); };
        allow-transfer { (ip to master); };
        allow-query { any; };
};
#end

Then make the master transfer the changes out to the other slaves(ext offices)

/Rob
0
 
lpullenAuthor Commented:
Thanks for the reply, Rob.

Yes the HQ DNS is Windows 2000

So if one of the Remote Offices is on the 192.168.23.1/25 network and HQ is on the 10.10.10.1/24 network w/ the Primary DNS being @ 10.10.10.10, everyone on the test.loc domain and the ISPs DNS (used for backup) being 68.168.192.17;

Would it look like this?

#for the slave out in the ext offices named.conf
options {
   directory "/var/named";
allow-query {
                192.168.23.1/25;
                                };
   forwarders {
            # This will make the the slaves first ask the HQ DNS if down then go to your ext DNS(But will do this on ext and internal)).  
           10.10.10.10;
           68.168.192.17;
     };

zone "111.111.111.in-addr.arpa" {
        type slave;
# Set this to no if dont you want the outside to know
        notify yes;
        file "111.111.111.in-addr.arpa";
        masters { 10.10.10.10; };
        allow-transfer { (ip to master); };
        allow-query { any; };
};

zone "test.loc" {
        type slave;
        notify yes;
        file "test.loc";
        masters { 10.10.10.10; };
        allow-transfer { 10.10.10.10; };
        allow-query { any; };
};
#end
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

 
da99rmdCommented:
The rest looks good.

/Rob
0
 
lpullenAuthor Commented:
Great, thanks, Rob.

No I am not familiar w/ writing the zone files.  What do I need to do that?
0
 
da99rmdCommented:
ill give you 2 examples an ordinary and a reverse lookup:
;
; Zone file for trollis.net
;
; The full zone file
;
$TTL 3D
@       IN      SOA     domainname.net. hostmaster.domainname.net. (
                        2004022702      ; serial, todays date + todays serial #
                        8H              ; refresh, seconds
                        2H              ; retry, seconds
                        4W              ; expire, seconds
                        1D )            ; minimum, seconds
;
                NS      ns              ; Inet Address of name server
                NS      ns2
                                         MX      10 mail.domainname.net.    ; Primary Mail Exchange
                                         MX             20 mail2.domainname.net.
;
localhost             IN A       127.0.0.1
servername        IN A      (IP)
ns                      IN A       (IP)
ns2                    IN A       (IP)
mail                   IN A      (IP)
mail2                 IN A       (IP)
;clients
client1               IN A       (IP)
client2               IN A           (IP)
; end
# A reverse lookup only those that are in the 192.168.23.1/25
$TTL 3D
@               IN      SOA     domainname.net. postmaster.domainname.net. (
                                2004022702        ; Serial
                                8H                                ; Refresh
                                2H                                   ; Retry
                                4W                                ; Expire
                                1D)                       ; Minimum TTL
                        NS      ns.trollis.net.
                        NS      ns2.trollis.net.
                        MX      10 mail.domainname.net.    ; Primary Mail Exchange
                        MX      20 mail2.domainname.net.
; Just put the last number in the ip here like 2 in 192.168.23.2
;
;       Servers
;
2         PTR     ns.trollis.net.
2         PTR     mail.trollis.net.
;
;       Workstations
;
20       PTR   client1.domainname.net.
21       PTR   client2.domainname.net.

;end

here is an good howto
http://www.tldp.org/HOWTO/DNS-HOWTO.html#toc3
http://langfeldt.net/DNS-HOWTO/BIND-9/

/Rob
0
 
lpullenAuthor Commented:
That should help, thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.