We help IT Professionals succeed at work.

DNS on Unix with Windows Server

Medium Priority
287 Views
Last Modified: 2010-04-10
Hi,

we have a Suse Linux DNS.  we are integrating some windows 2003 server. I undertand that it can be done.

I wante to put a dns on windows as secondary ( backup of suse ).  

getting all kind of error, manage to setup most of option.

still getting zone expired message on windows box.
the DC put the netlogon on paused, because ( i think ) it cannot register every all info.  only have one error in system log,

"The dynamic registration of the dns record 'gc._msdcs.ourdomaine.net' 600 in a 10.10.10.10 failed on the following DNS server:
DNS server IP address: 10.10.10.1
returned response code (RCODE) : 5
returned status code: 9017
..."

putting only DNS on Linux, is this a solution ?

thanks
Comment
Watch Question

Author

Commented:
did a little investigation, when doing on command prompt of the main DC, netdiag /fix
it fail to fix:  DC DNS entry gc._msdcs.mydomain.net ... re-registeration on dns server failed.

I check on my dns server, my dc has all the rights to update DNS...  nothing showing in the logs.

Commented:
I'm a little confused, you have a linux DNS server (bind/djbdns?) that is acting as primary DNS for your active directory? And now you want your windows server (presumably a domain controller) to slave this zone?

When I first setup AD I was tempted to do this (unless I'm mistaken) and got it working. But since DNS is so vital to the operation and health of AD I felt it was safer to just let the domain controllers handle the dns for that particular zone. What I did was create my AD domain as a subdomain (addomain.mydomain.org), this way my linux nameservers are still masters for the mydomain.org zone, but I delegated the addomain.mydomain.org zone to the domain controllers. Then I setup forwarding on teh DCs back to the linux servers and all has been well.

If I'm pointed totally in the wrong direction, please explain where are you are and where you want to go.

Author

Commented:
yes you got it.

technily, it should work, you know how politic work, since unix guy are here since forever, the decision was made to implement it this way.

the slave zone could be anywhere. don't care.

I have the feeling it's working 99% of the way.

after proving and demonstrate how it work like this, what the pro and con, I can propose a solution like the one you propose.

but if I'm going the way you propose, my domain is  "mydomain.org"  my dns on linux is "mydomain.org"  if I create a dns sub domain "windows.mydomain.org" I need to rename the domaine ?

Commented:
Unfortunately yes, but it's a good thing you're using windows server 2003, it comes with a utility to rename a domain.

I totally understand the whole politics things, but sometimes changes are just necessary.

The other reason I went with a subdomain is for the website. If you name your AD domain "mydomain.org", the DNS "A" records for that name will point to your domain controllers. This is fine assuming you run your website on the domain controllers (which I really hope you don't), but I have a feeling your unix guy has this setup on some other server. This doesn't really cause a problem for http://www.mydomain.org, but it does for http://mydomain.org. I'm a lazy person and often leave off www's for websites, and in your case those two sites (with www's and without) will point to different servers and hence not the same website.

This might not be a problem for you, but it was for me.

Having active directory in a subdomain enables you to totally separate it from other services that might not want to play nice. Think about the whole public vs private network structure. You don't want your AD publicly accessible, but your dns servers and the mydomain.org domain might be.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
on the compatibility issue, I found the problem, by default the dns on linux ( bind 9.2.3 ) do a 'check_name' that block some entry made by the DC. so I disable that and everything seem to work perfectly according to the idee of a DNS on Linux. no error in event logs, all test pass (dcdiag, nltest, etc )

in my understanding, it seem that , if you do a sub-zone for Windows, then if you have more than one domain per forest, and different sub zone for unix ( like one for production, one for developpement, one for testing.. etc..) you will endup doing a lot of subzones.... going to a lot of headake .

the way I see it, look like microsoft is doing thing so you endup putting everything on windows..... disapointing.. childish from there part.

thanks for your help.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.