Moving to AD - Quick Question about Zone Files

[Kevin Vaughn]

I'm fixing to upgrade to Active Directory in the next month (going from NT4
to 2003), but I'm concerned about DNS. I'm currently storing all of my
records in a SQL Server 2000 database, and then generating the zone files
from that database with a Perl script.

As I understand things, if I move to AD then my zones will be stored in the
AD database.

- Is there still a way to generate the zones via script (and then maybe
force a reload of the AD database or something similar)?
- Is AD integration optional?
- Is dynamic update optional?
- What is the REAL advantage of having the DNS integrated (besides
replication)?

We've built our entire help desk and mangement systems around our hosts
database, so we really need to keep it.

I'm VERY new to AD (never thought much about it until two days ago). I've
found some good resources, but none that address the actual zone files too
well.

Please help if you can.

-Kevin

 

[Herb Martin]

As I understand things, if I move to AD then my zones will be stored in
the

AD database.

If you so choose, you may optionally continue to work with a
Primary/Secondary set.

- Is there still a way to generate the zones via script (and then maybe
force a reload of the AD database or something similar)?

You can just use the files - or you could right LDAP/ADSI to feed
AD if you CHOOSE an Active Directory Integrated Zone.

- Is AD integration optional?
Yes

- Is dynamic update optional?

Not really. (Technically yes, but don't go there.)

- What is the REAL advantage of having the DNS integrated (besides
replication)?

You said replication (more secure, compressed between sites, incremental,
already setup by the AD replication setup which you must do anyway.)

And also:

Multimastered dynamic registration (at each site)
Secure dynamic updates

We've built our entire help desk and mangement systems around our hosts
database, so we really need to keep it.

Go the other way -- store it in AD instead of SQL server and write
something to let you view it as web pages or in an app (ADSI or LDAP)

I'm VERY new to AD (never thought much about it until two days ago). I've
found some good resources, but none that address the actual zone files too
well.

It's just a database -- but a hierarchical database instead of a relational
database.

Hierarchical databases are frequently more efficient if you know the
structure of the data and types of common queries A PRIORI -- the
design can follow the data access pattern.

Relational databases shine for arbitrary data where the structure of the
data relationships cannot be predicted and may even be ad hoc as
users find ways to use and abuse the data.

 

[Kevin Vaughn]

Thanks for helping me understand a little better. I still need some
clarification on a couple of points.

You can just use the files - or you could right LDAP/ADSI to feed
AD if you CHOOSE an Active Directory Integrated Zone.

So I've got these zone files that I build dynamically and ftp to the server.
I would love to use an AD integrated zone, but if I choose to go active
directory integrated it seems like the database (zone file) is moved off
somewhere else. You see, I can't just ftp a new file anymore. So what do I
have to do? Interface with the AD database via ADSI? This dynamic update
thing is also clouding my mind...

Not really. (Technically yes, but don't go there.)

If I use dynamic update, I can't ftp my file because I'll overwrite the
dynamically generated list (assuming it's stored in a flat file at all).

I'm sure I'm going to have to change what I'm doing, but I'm unsure how.
Forgive me - I'm working on this project with one other person. He is
handling the main aspect, such as DC setup, etc. I am the DNS admin, so I
don't have a full picture of what's going on. I'm planning on getting an AD
book and studying up some on this. Perhaps then it will become more clear.

I really appreciate the help.

-Kevin

 

[Herb Martin]

So I've got these zone files that I build dynamically and ftp to the
server.

I would love to use an AD integrated zone, but if I choose to go active
directory integrated it seems like the database (zone file) is moved off
somewhere else. You see, I can't just ftp a new file anymore. So what do

I

That's probably correct -- but I wouldn't do it that way probably.
Ok, you can just FTP to CREATE the zones on Win2000 but
after that I would start using ADSI or LDAP to send them
directly into AD.

You can then do much more efficient (incremental) transfers to
any of your DCs and they will replicate to the others. You say
you have an extensive help desk built around this which implies
you have skills or resources with programming skills -- you can
actually make this whole thing better (I bet.)

Or you can move it to AD, and have your programs read FROM
the AD database -- which I recommend you consider. Then all
the information of AD can be part of your system as you need it.

have to do? Interface with the AD database via ADSI? This dynamic update
thing is also clouding my mind...

ADSI is the native programmatic interface of AD (Active Directory
Sercices Interface, I think) and AD also exposes an LDAP interface
which is an alternative programmatic interface -- both work on the
network.

If I use dynamic update, I can't ftp my file because I'll overwrite the
dynamically generated list (assuming it's stored in a flat file at all).

True -- you really want to use ADSI or LDAP; and you really want
to end up with AD managing your former zone files with you system
READING from it -- they spent a LOT of programmer years getting
the AD stuff write, so take advantage of it.

Might be one step back, but you will end up 2 to 10 ahead -- and
more flexible in the future.

I'm sure I'm going to have to change what I'm doing, but I'm unsure how.
Forgive me - I'm working on this project with one other person. He is
handling the main aspect, such as DC setup, etc. I am the DNS admin, so I
don't have a full picture of what's going on. I'm planning on getting an AD
book and studying up some on this. Perhaps then it will become more

clear.

Call me if you wish -- visit my website for the phone instead of me posting
it here.

www.LearnQuick.com

 

[Kevin Vaughn]

Thanks for all your help Herb. You've set me off in the right direction. I
appreciate it!

-Kevin