Steven Vona
asked on
Active Directory using BIND DNS on linux
At my company we have a domain (2003 AD) but all of our DNS is done with BIND on RHEL6. The windows guys keep saying DNS has issues because it is not running on windows. They can not give me a specific answer to what is not working. The only information I have is that they say when a windows machine pings the domain name, it should get a reply from the DC that the client authenticated against.
I am fairly familiar with DNS and not very familiar with Acvtive Directory. Can someone explain to me why this is important and how I can help solve this on our RHEL servers?
I am fairly familiar with DNS and not very familiar with Acvtive Directory. Can someone explain to me why this is important and how I can help solve this on our RHEL servers?
Windows handles DNS for domains 100% Natively. Do you have a very good reason why you should use a different OS and architecture to handle DNS?
W2k8 has the ability to support bind. It is not enabled by default.
The problem with DNS being ran from Linux only is handling of active updates to AD-DNS - such as SRV records. AD takes care of this extremely well, and Linux has to be administered very carefully to duplicate the same functionality. There is a lot that can go wrong when you handle Active Directory DNS zones with Linux only.
I can't see any advantage to using Linux for this purpose - and _not_ using Microsoft at all. I've administered mixed environments that use Linux BIND to compliment AD DNS, and that worked very well. But Native AD DNS was still the under-layer.
The ping to the domain name 'should' receive a reply from the "nearest" DC that is online and responding. This is also, usually the authenticating DC - if things are working normally.
Run 'dcdiag' and 'netdiag' from the DC that your host 'should' be receiving ping replies from when it pings the domain.
I can't see any advantage to using Linux for this purpose - and _not_ using Microsoft at all. I've administered mixed environments that use Linux BIND to compliment AD DNS, and that worked very well. But Native AD DNS was still the under-layer.
The ping to the domain name 'should' receive a reply from the "nearest" DC that is online and responding. This is also, usually the authenticating DC - if things are working normally.
Run 'dcdiag' and 'netdiag' from the DC that your host 'should' be receiving ping replies from when it pings the domain.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
_msdcs.youraddomain must exist and allow for all updates there are other entries that are used to locate dfs targets if any among other things.
To avoid exposing windos DNs to the outside, you could subordinate the centos bind to be a slave to the windows youraddomain while the _msdcs.youraddomain zone will be managed by the windows server.
Several data sets are stored/referenced within an AD integrated Dsn zone.
To avoid exposing windos DNs to the outside, you could subordinate the centos bind to be a slave to the windows youraddomain while the _msdcs.youraddomain zone will be managed by the windows server.
Several data sets are stored/referenced within an AD integrated Dsn zone.
ASKER
Thanks!