Solved

DNS on Unix with Windows Server

Posted on 2006-10-31
5
263 Views
Last Modified: 2010-04-10
Hi,

we have a Suse Linux DNS.  we are integrating some windows 2003 server. I undertand that it can be done.

I wante to put a dns on windows as secondary ( backup of suse ).  

getting all kind of error, manage to setup most of option.

still getting zone expired message on windows box.
the DC put the netlogon on paused, because ( i think ) it cannot register every all info.  only have one error in system log,

"The dynamic registration of the dns record 'gc._msdcs.ourdomaine.net' 600 in a 10.10.10.10 failed on the following DNS server:
DNS server IP address: 10.10.10.1
returned response code (RCODE) : 5
returned status code: 9017
..."

putting only DNS on Linux, is this a solution ?

thanks
0
Comment
Question by:Martin_Dalpe
  • 3
  • 2
5 Comments
 
LVL 1

Author Comment

by:Martin_Dalpe
ID: 17844086
did a little investigation, when doing on command prompt of the main DC, netdiag /fix
it fail to fix:  DC DNS entry gc._msdcs.mydomain.net ... re-registeration on dns server failed.

I check on my dns server, my dc has all the rights to update DNS...  nothing showing in the logs.
0
 
LVL 26

Expert Comment

by:jar3817
ID: 17844168
I'm a little confused, you have a linux DNS server (bind/djbdns?) that is acting as primary DNS for your active directory? And now you want your windows server (presumably a domain controller) to slave this zone?

When I first setup AD I was tempted to do this (unless I'm mistaken) and got it working. But since DNS is so vital to the operation and health of AD I felt it was safer to just let the domain controllers handle the dns for that particular zone. What I did was create my AD domain as a subdomain (addomain.mydomain.org), this way my linux nameservers are still masters for the mydomain.org zone, but I delegated the addomain.mydomain.org zone to the domain controllers. Then I setup forwarding on teh DCs back to the linux servers and all has been well.

If I'm pointed totally in the wrong direction, please explain where are you are and where you want to go.
0
 
LVL 1

Author Comment

by:Martin_Dalpe
ID: 17844375
yes you got it.

technily, it should work, you know how politic work, since unix guy are here since forever, the decision was made to implement it this way.

the slave zone could be anywhere. don't care.

I have the feeling it's working 99% of the way.

after proving and demonstrate how it work like this, what the pro and con, I can propose a solution like the one you propose.

but if I'm going the way you propose, my domain is  "mydomain.org"  my dns on linux is "mydomain.org"  if I create a dns sub domain "windows.mydomain.org" I need to rename the domaine ?

0
 
LVL 26

Accepted Solution

by:
jar3817 earned 500 total points
ID: 17844460
Unfortunately yes, but it's a good thing you're using windows server 2003, it comes with a utility to rename a domain.

I totally understand the whole politics things, but sometimes changes are just necessary.

The other reason I went with a subdomain is for the website. If you name your AD domain "mydomain.org", the DNS "A" records for that name will point to your domain controllers. This is fine assuming you run your website on the domain controllers (which I really hope you don't), but I have a feeling your unix guy has this setup on some other server. This doesn't really cause a problem for http://www.mydomain.org, but it does for http://mydomain.org. I'm a lazy person and often leave off www's for websites, and in your case those two sites (with www's and without) will point to different servers and hence not the same website.

This might not be a problem for you, but it was for me.

Having active directory in a subdomain enables you to totally separate it from other services that might not want to play nice. Think about the whole public vs private network structure. You don't want your AD publicly accessible, but your dns servers and the mydomain.org domain might be.
0
 
LVL 1

Author Comment

by:Martin_Dalpe
ID: 17849651
on the compatibility issue, I found the problem, by default the dns on linux ( bind 9.2.3 ) do a 'check_name' that block some entry made by the DC. so I disable that and everything seem to work perfectly according to the idee of a DNS on Linux. no error in event logs, all test pass (dcdiag, nltest, etc )

in my understanding, it seem that , if you do a sub-zone for Windows, then if you have more than one domain per forest, and different sub zone for unix ( like one for production, one for developpement, one for testing.. etc..) you will endup doing a lot of subzones.... going to a lot of headake .

the way I see it, look like microsoft is doing thing so you endup putting everything on windows..... disapointing.. childish from there part.

thanks for your help.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question