?
Solved

DNS on Unix with Windows Server

Posted on 2006-10-31
5
Medium Priority
?
267 Views
Last Modified: 2010-04-10
Hi,

we have a Suse Linux DNS.  we are integrating some windows 2003 server. I undertand that it can be done.

I wante to put a dns on windows as secondary ( backup of suse ).  

getting all kind of error, manage to setup most of option.

still getting zone expired message on windows box.
the DC put the netlogon on paused, because ( i think ) it cannot register every all info.  only have one error in system log,

"The dynamic registration of the dns record 'gc._msdcs.ourdomaine.net' 600 in a 10.10.10.10 failed on the following DNS server:
DNS server IP address: 10.10.10.1
returned response code (RCODE) : 5
returned status code: 9017
..."

putting only DNS on Linux, is this a solution ?

thanks
0
Comment
Question by:Martin_Dalpe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 1

Author Comment

by:Martin_Dalpe
ID: 17844086
did a little investigation, when doing on command prompt of the main DC, netdiag /fix
it fail to fix:  DC DNS entry gc._msdcs.mydomain.net ... re-registeration on dns server failed.

I check on my dns server, my dc has all the rights to update DNS...  nothing showing in the logs.
0
 
LVL 26

Expert Comment

by:jar3817
ID: 17844168
I'm a little confused, you have a linux DNS server (bind/djbdns?) that is acting as primary DNS for your active directory? And now you want your windows server (presumably a domain controller) to slave this zone?

When I first setup AD I was tempted to do this (unless I'm mistaken) and got it working. But since DNS is so vital to the operation and health of AD I felt it was safer to just let the domain controllers handle the dns for that particular zone. What I did was create my AD domain as a subdomain (addomain.mydomain.org), this way my linux nameservers are still masters for the mydomain.org zone, but I delegated the addomain.mydomain.org zone to the domain controllers. Then I setup forwarding on teh DCs back to the linux servers and all has been well.

If I'm pointed totally in the wrong direction, please explain where are you are and where you want to go.
0
 
LVL 1

Author Comment

by:Martin_Dalpe
ID: 17844375
yes you got it.

technily, it should work, you know how politic work, since unix guy are here since forever, the decision was made to implement it this way.

the slave zone could be anywhere. don't care.

I have the feeling it's working 99% of the way.

after proving and demonstrate how it work like this, what the pro and con, I can propose a solution like the one you propose.

but if I'm going the way you propose, my domain is  "mydomain.org"  my dns on linux is "mydomain.org"  if I create a dns sub domain "windows.mydomain.org" I need to rename the domaine ?

0
 
LVL 26

Accepted Solution

by:
jar3817 earned 2000 total points
ID: 17844460
Unfortunately yes, but it's a good thing you're using windows server 2003, it comes with a utility to rename a domain.

I totally understand the whole politics things, but sometimes changes are just necessary.

The other reason I went with a subdomain is for the website. If you name your AD domain "mydomain.org", the DNS "A" records for that name will point to your domain controllers. This is fine assuming you run your website on the domain controllers (which I really hope you don't), but I have a feeling your unix guy has this setup on some other server. This doesn't really cause a problem for http://www.mydomain.org, but it does for http://mydomain.org. I'm a lazy person and often leave off www's for websites, and in your case those two sites (with www's and without) will point to different servers and hence not the same website.

This might not be a problem for you, but it was for me.

Having active directory in a subdomain enables you to totally separate it from other services that might not want to play nice. Think about the whole public vs private network structure. You don't want your AD publicly accessible, but your dns servers and the mydomain.org domain might be.
0
 
LVL 1

Author Comment

by:Martin_Dalpe
ID: 17849651
on the compatibility issue, I found the problem, by default the dns on linux ( bind 9.2.3 ) do a 'check_name' that block some entry made by the DC. so I disable that and everything seem to work perfectly according to the idee of a DNS on Linux. no error in event logs, all test pass (dcdiag, nltest, etc )

in my understanding, it seem that , if you do a sub-zone for Windows, then if you have more than one domain per forest, and different sub zone for unix ( like one for production, one for developpement, one for testing.. etc..) you will endup doing a lot of subzones.... going to a lot of headake .

the way I see it, look like microsoft is doing thing so you endup putting everything on windows..... disapointing.. childish from there part.

thanks for your help.
0

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Make the most of your online learning experience.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question