[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Active Directory coexist with Unix DNS and no sub domains

Posted on 2010-09-01
2
Medium Priority
?
819 Views
Last Modified: 2012-05-10
Guys,

Please bare with me on this.  If there's anything missing I will try and add it in following on anwers.

Years ago when we installed our first Windows 2000 PDC we needed to continue using our Unix (BIND) DNS server (we have a number of critical unix servers and many non-PC clients on our network).  So we set up bind to handle DDNS updates from the clients, and we made it also host the special AD sub-domains (eg _udp.xx,_tcp.xx,_sites.xx,_msdcs.xx, etc).

This seemed to work well. Moving forward a few years and unfortunately we've been having a few issues with DNS stuff of late. One of the main issues being that each DC wants to register itself an A record for domain.com (which means that a external lookup of domain.com shows all our private DCs).  There's also some issues with us retrofitting the forest/domain DNS subdomains).

After talking to other folks it was recommended that we let Windows AD manage its own DNS however this presents some unacceptable issues for us as we discovered during a test run.

Currently we have 3x Win2008 DCs and our windows AD domain is company.com and every machine in the company uses a FQDN like user-pc.company.com.  We have NO subdomains and do not want any.

When we set up a test domain on ad.company.com (so it could use it's own DNS) it ended up naming all the test clients userid-pc.ad.company.com.  For various reasons it is unacceptable that PCs and servers be in a subdomain.

So my first question is, is there a better way of making our Unix DNS and AD DNS coexist such that all our servers and clients can live in the company.com domain ?

0
Comment
Question by:router_doctor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 1500 total points
ID: 33584280

If sub-domains are a bad idea you only have two choices:

1. Split Brain (two different, separate, versions of domain.com). The problem with this is you won't be able to get to your website using http://domain.com

2. Reserved Private. Either by using an unassigned TLD such as .local, or by purchasing another domain name for internal use.

The second option doesn't have any real catches, although my preferred method is the one you don't like, the sub-domain.

You could, of course, implement the first option using Views on BIND, but you must give the A record for the domain name to AD if you expect AD to work properly (DFS, Group Policy deployment, etc, etc).

Chris
0
 
LVL 3

Author Closing Comment

by:router_doctor
ID: 34251214
Didn't really get the solution I was looking for but this is good input.
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question