Solved

DNS on Unix with Windows Server

Posted on 2006-10-31
5
261 Views
Last Modified: 2010-04-10
Hi,

we have a Suse Linux DNS.  we are integrating some windows 2003 server. I undertand that it can be done.

I wante to put a dns on windows as secondary ( backup of suse ).  

getting all kind of error, manage to setup most of option.

still getting zone expired message on windows box.
the DC put the netlogon on paused, because ( i think ) it cannot register every all info.  only have one error in system log,

"The dynamic registration of the dns record 'gc._msdcs.ourdomaine.net' 600 in a 10.10.10.10 failed on the following DNS server:
DNS server IP address: 10.10.10.1
returned response code (RCODE) : 5
returned status code: 9017
..."

putting only DNS on Linux, is this a solution ?

thanks
0
Comment
Question by:Martin_Dalpe
  • 3
  • 2
5 Comments
 
LVL 1

Author Comment

by:Martin_Dalpe
ID: 17844086
did a little investigation, when doing on command prompt of the main DC, netdiag /fix
it fail to fix:  DC DNS entry gc._msdcs.mydomain.net ... re-registeration on dns server failed.

I check on my dns server, my dc has all the rights to update DNS...  nothing showing in the logs.
0
 
LVL 26

Expert Comment

by:jar3817
ID: 17844168
I'm a little confused, you have a linux DNS server (bind/djbdns?) that is acting as primary DNS for your active directory? And now you want your windows server (presumably a domain controller) to slave this zone?

When I first setup AD I was tempted to do this (unless I'm mistaken) and got it working. But since DNS is so vital to the operation and health of AD I felt it was safer to just let the domain controllers handle the dns for that particular zone. What I did was create my AD domain as a subdomain (addomain.mydomain.org), this way my linux nameservers are still masters for the mydomain.org zone, but I delegated the addomain.mydomain.org zone to the domain controllers. Then I setup forwarding on teh DCs back to the linux servers and all has been well.

If I'm pointed totally in the wrong direction, please explain where are you are and where you want to go.
0
 
LVL 1

Author Comment

by:Martin_Dalpe
ID: 17844375
yes you got it.

technily, it should work, you know how politic work, since unix guy are here since forever, the decision was made to implement it this way.

the slave zone could be anywhere. don't care.

I have the feeling it's working 99% of the way.

after proving and demonstrate how it work like this, what the pro and con, I can propose a solution like the one you propose.

but if I'm going the way you propose, my domain is  "mydomain.org"  my dns on linux is "mydomain.org"  if I create a dns sub domain "windows.mydomain.org" I need to rename the domaine ?

0
 
LVL 26

Accepted Solution

by:
jar3817 earned 500 total points
ID: 17844460
Unfortunately yes, but it's a good thing you're using windows server 2003, it comes with a utility to rename a domain.

I totally understand the whole politics things, but sometimes changes are just necessary.

The other reason I went with a subdomain is for the website. If you name your AD domain "mydomain.org", the DNS "A" records for that name will point to your domain controllers. This is fine assuming you run your website on the domain controllers (which I really hope you don't), but I have a feeling your unix guy has this setup on some other server. This doesn't really cause a problem for http://www.mydomain.org, but it does for http://mydomain.org. I'm a lazy person and often leave off www's for websites, and in your case those two sites (with www's and without) will point to different servers and hence not the same website.

This might not be a problem for you, but it was for me.

Having active directory in a subdomain enables you to totally separate it from other services that might not want to play nice. Think about the whole public vs private network structure. You don't want your AD publicly accessible, but your dns servers and the mydomain.org domain might be.
0
 
LVL 1

Author Comment

by:Martin_Dalpe
ID: 17849651
on the compatibility issue, I found the problem, by default the dns on linux ( bind 9.2.3 ) do a 'check_name' that block some entry made by the DC. so I disable that and everything seem to work perfectly according to the idee of a DNS on Linux. no error in event logs, all test pass (dcdiag, nltest, etc )

in my understanding, it seem that , if you do a sub-zone for Windows, then if you have more than one domain per forest, and different sub zone for unix ( like one for production, one for developpement, one for testing.. etc..) you will endup doing a lot of subzones.... going to a lot of headake .

the way I see it, look like microsoft is doing thing so you endup putting everything on windows..... disapointing.. childish from there part.

thanks for your help.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Let’s list some of the technologies that enable smooth teleworking. 
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now