Avatar of Steven Vona
Steven Vona
Flag for United States of America asked on

Active Directory using BIND DNS on linux

At my company we have a domain (2003 AD) but all of our DNS is done with BIND on RHEL6.  The windows guys keep saying DNS has issues because it is not running on windows.  They can not give me a specific answer to what is not working.  The only information I have is that they say when a windows machine pings the domain name, it should get a reply from the DC that the client authenticated against.

I am fairly familiar with DNS and not very familiar with Acvtive Directory. Can someone explain to me why this is important and how I can help solve this on our RHEL servers?
Active DirectoryLinuxDNS

Avatar of undefined
Last Comment
Steven Vona

8/22/2022 - Mon
Neil Russell

Windows handles DNS for domains 100% Natively.  Do you have a very good reason why you should use a different OS and architecture to handle DNS?
motnahp00

W2k8 has the ability to support bind. It is not enabled by default.
neilpage99

The problem with DNS being ran from Linux only is handling of active updates to AD-DNS - such as SRV records. AD takes care of this extremely well, and Linux has to be administered very carefully to duplicate the same functionality. There is a lot that can go wrong when you handle Active Directory DNS zones with Linux only.

I can't see any advantage to using Linux for this purpose - and _not_ using Microsoft at all. I've administered mixed environments that use Linux BIND to compliment AD DNS, and that worked very well. But Native AD DNS was still the under-layer.

The ping to the domain name 'should' receive a reply from the "nearest" DC that is online and responding. This is also, usually the authenticating DC - if things are working normally.

Run 'dcdiag' and 'netdiag' from the DC that your host 'should' be receiving ping replies from when it pings the domain.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
ASKER CERTIFIED SOLUTION
Adam Brown

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
arnold

_msdcs.youraddomain must exist and allow for all updates there are other entries that are used to locate dfs targets if any among other things.
 To avoid exposing windos DNs to the outside, you could subordinate the centos bind to be a slave to the windows youraddomain while the _msdcs.youraddomain zone will be managed by the windows server.

Several data sets are stored/referenced within an AD integrated Dsn zone.
Steven Vona

ASKER
Thanks!