Active Directory using BIND DNS on linux

Steven Vona
Steven Vona used Ask the Experts™
on
At my company we have a domain (2003 AD) but all of our DNS is done with BIND on RHEL6.  The windows guys keep saying DNS has issues because it is not running on windows.  They can not give me a specific answer to what is not working.  The only information I have is that they say when a windows machine pings the domain name, it should get a reply from the DC that the client authenticated against.

I am fairly familiar with DNS and not very familiar with Acvtive Directory. Can someone explain to me why this is important and how I can help solve this on our RHEL servers?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Neil RussellTechnical Development Lead

Commented:
Windows handles DNS for domains 100% Natively.  Do you have a very good reason why you should use a different OS and architecture to handle DNS?
W2k8 has the ability to support bind. It is not enabled by default.
The problem with DNS being ran from Linux only is handling of active updates to AD-DNS - such as SRV records. AD takes care of this extremely well, and Linux has to be administered very carefully to duplicate the same functionality. There is a lot that can go wrong when you handle Active Directory DNS zones with Linux only.

I can't see any advantage to using Linux for this purpose - and _not_ using Microsoft at all. I've administered mixed environments that use Linux BIND to compliment AD DNS, and that worked very well. But Native AD DNS was still the under-layer.

The ping to the domain name 'should' receive a reply from the "nearest" DC that is online and responding. This is also, usually the authenticating DC - if things are working normally.

Run 'dcdiag' and 'netdiag' from the DC that your host 'should' be receiving ping replies from when it pings the domain.
Acronis in Gartner 2019 MQ for datacenter backup

It is an honor to be featured in Gartner 2019 Magic Quadrant for Datacenter Backup and Recovery Solutions. Gartner’s MQ sets a high standard and earning a place on their grid is a great affirmation that Acronis is delivering on our mission to protect all data, apps, and systems.

Senior Systems Admin
Top Expert 2010
Commented:
AD utilizes DNS for the vast majority of its functions. DNS refers client machines to a Domain Controller for authentication, for one thing. Domain replication, site assignment, and a lot of other functions are controlled by DNS as well. If a domain client machine is not pointing to a DNS server that has the appropriate DNS references for AD integration, it won't work right. You should, however, be able to configure your BIND so the zone that controls the internal domain is forwarded to a Domain Controller. That *should* make things work right. But that's only if it's a relatively small domain with only one Active Directory Site. If you have multiple AD Sites configured, it's really best to let Windows DNS handle the DNS for internal clients that are members of the domain. Otherwise you'll probably have a lot of trouble with authentication. AD is very heavily integrated with DNS, so there are a lot of things that it can do with Windows DNS that it can't really do with BIND.

But as for the statement of having domain.com resolve to a domain controller, that is absolutely necessary for proper operation in Active Directory.

If you want, http://www.kuro5hin.org/story/2009/2/1/235152/2142 looks like it has some good information on the subject.
Distinguished Expert 2017

Commented:
_msdcs.youraddomain must exist and allow for all updates there are other entries that are used to locate dfs targets if any among other things.
 To avoid exposing windos DNs to the outside, you could subordinate the centos bind to be a slave to the windows youraddomain while the _msdcs.youraddomain zone will be managed by the windows server.

Several data sets are stored/referenced within an AD integrated Dsn zone.
Thanks!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial