Solved

DNS on Unix with Windows Server

Posted on 2006-10-31
5
265 Views
Last Modified: 2010-04-10
Hi,

we have a Suse Linux DNS.  we are integrating some windows 2003 server. I undertand that it can be done.

I wante to put a dns on windows as secondary ( backup of suse ).  

getting all kind of error, manage to setup most of option.

still getting zone expired message on windows box.
the DC put the netlogon on paused, because ( i think ) it cannot register every all info.  only have one error in system log,

"The dynamic registration of the dns record 'gc._msdcs.ourdomaine.net' 600 in a 10.10.10.10 failed on the following DNS server:
DNS server IP address: 10.10.10.1
returned response code (RCODE) : 5
returned status code: 9017
..."

putting only DNS on Linux, is this a solution ?

thanks
0
Comment
Question by:Martin_Dalpe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 1

Author Comment

by:Martin_Dalpe
ID: 17844086
did a little investigation, when doing on command prompt of the main DC, netdiag /fix
it fail to fix:  DC DNS entry gc._msdcs.mydomain.net ... re-registeration on dns server failed.

I check on my dns server, my dc has all the rights to update DNS...  nothing showing in the logs.
0
 
LVL 26

Expert Comment

by:jar3817
ID: 17844168
I'm a little confused, you have a linux DNS server (bind/djbdns?) that is acting as primary DNS for your active directory? And now you want your windows server (presumably a domain controller) to slave this zone?

When I first setup AD I was tempted to do this (unless I'm mistaken) and got it working. But since DNS is so vital to the operation and health of AD I felt it was safer to just let the domain controllers handle the dns for that particular zone. What I did was create my AD domain as a subdomain (addomain.mydomain.org), this way my linux nameservers are still masters for the mydomain.org zone, but I delegated the addomain.mydomain.org zone to the domain controllers. Then I setup forwarding on teh DCs back to the linux servers and all has been well.

If I'm pointed totally in the wrong direction, please explain where are you are and where you want to go.
0
 
LVL 1

Author Comment

by:Martin_Dalpe
ID: 17844375
yes you got it.

technily, it should work, you know how politic work, since unix guy are here since forever, the decision was made to implement it this way.

the slave zone could be anywhere. don't care.

I have the feeling it's working 99% of the way.

after proving and demonstrate how it work like this, what the pro and con, I can propose a solution like the one you propose.

but if I'm going the way you propose, my domain is  "mydomain.org"  my dns on linux is "mydomain.org"  if I create a dns sub domain "windows.mydomain.org" I need to rename the domaine ?

0
 
LVL 26

Accepted Solution

by:
jar3817 earned 500 total points
ID: 17844460
Unfortunately yes, but it's a good thing you're using windows server 2003, it comes with a utility to rename a domain.

I totally understand the whole politics things, but sometimes changes are just necessary.

The other reason I went with a subdomain is for the website. If you name your AD domain "mydomain.org", the DNS "A" records for that name will point to your domain controllers. This is fine assuming you run your website on the domain controllers (which I really hope you don't), but I have a feeling your unix guy has this setup on some other server. This doesn't really cause a problem for http://www.mydomain.org, but it does for http://mydomain.org. I'm a lazy person and often leave off www's for websites, and in your case those two sites (with www's and without) will point to different servers and hence not the same website.

This might not be a problem for you, but it was for me.

Having active directory in a subdomain enables you to totally separate it from other services that might not want to play nice. Think about the whole public vs private network structure. You don't want your AD publicly accessible, but your dns servers and the mydomain.org domain might be.
0
 
LVL 1

Author Comment

by:Martin_Dalpe
ID: 17849651
on the compatibility issue, I found the problem, by default the dns on linux ( bind 9.2.3 ) do a 'check_name' that block some entry made by the DC. so I disable that and everything seem to work perfectly according to the idee of a DNS on Linux. no error in event logs, all test pass (dcdiag, nltest, etc )

in my understanding, it seem that , if you do a sub-zone for Windows, then if you have more than one domain per forest, and different sub zone for unix ( like one for production, one for developpement, one for testing.. etc..) you will endup doing a lot of subzones.... going to a lot of headake .

the way I see it, look like microsoft is doing thing so you endup putting everything on windows..... disapointing.. childish from there part.

thanks for your help.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question