AD with BIND 9.2.2

[Matthias Link]

Hi!

I'm trying to implement Active Directory in W2k Adv. Server SP3 with BIND
9.2.2.

In my root-zone everything's working fine, but in the sub-zone, only my
first DC is written into the dns zones correctly.

I bought the oreilly book and the cookbook - created 4 separate zones for
the ad stuff (_tcp,_upd,_msdcs,_sites) within my root and my sub-zones.

But if i try to add the second dc via "dcpromo" i got some error messages
with dns to be the cause.

After some time, i could install the 2.nd dc without failure, but in the
dns, it isn't recognized - only my 1.st dc is in there.

I even can't remove the 2.nd dc again, as dns does not function properly...
:-(

Any idea about this?

DNSLint tells me, the CNAME-Glue Record is missing for the 2.nd server -
even though both (1.st and 2.nd) are in my "allow-update" list for these
zones.

I have no idea about this so far - do you have?

Regards,
Matthias.

 

[Herb Martin]

I'm trying to implement Active Directory in W2k Adv. Server SP3 with BIND

9.2.2.

In my root-zone everything's working fine, but in the sub-zone, only my
first DC is written into the dns zones correctly.

I bought the oreilly book and the cookbook - created 4 separate zones for
the ad stuff (_tcp,_upd,_msdcs,_sites) within my root and my sub-zones.

You really don't want to do it that way -- make the BIND server for the
child zones DYNAMIC, and let the DCs handle their OWN record update.

While it is technically and theorectically possible to hand edit all the DNS
entries for an AD Domain, it is impractical: small companies/zones/domains
don't have a lot of extra admin personel to monitor and watch over EVERY
possible change and big companies have to many record to even wish to
attempt this or dedicate someone to maintaining it.

BIND will work -- there is no sufficiently good reason to want to go through
the trouble unless you are ALREADY a BIND expert.