How can I get BIND and also Microsoft DNS to interact well?

I would love to attempt and also relocate as much of our firm DNS config right into BIND, due to the fact that I locate it less complicated to collaborate with, yet having Active Directory suggests we need to contend the very least the domain name is area in Microsoft DNS.

Possibly I can have the domain name is area (as an example company.local) in MSDNS, yet have an additional area in BIND (as an example that has onward and also turn around areas for the very same computer systems. The DHCP server can assign BIND to be key and also second DNS, and also we simply make use of that area for day-to-day usage. We can additionally create servant areas for the domain name area in BIND, we simply relocate all specific DNS procedure to BIND, yet maintain the domain name area readily available via BIND to make sure that ADVERTISEMENT can function.

Has any person done this and also done well? Or is it a very negative suggestion?

2019-05-18 23:48:49
Source Share
Answers: 2

I've done this in the past, and also I'll attempt to rebuild from memory what I did.

The scenario:

Win2K domain name controller, numerous Windows desktop computers, ADVERTISEMENT setting. The DNS server would certainly require reactivating every couple of days because, well, it would certainly simply quit working.

The remedy:

I had a Linux box on the network running a tiny intranet website, so I went down BIND on that particular box. I set BIND up as a servant on the area, and also set up the Win2K box to send domain name transfers to it. After that I set up the DHCP server on the Win2K box to provide the BIND box as the key DNS server, and also the Win2K box as the second DNS server. Currently all updates to the DNS table on the Win2K box (consisting of customer boxes, as they were all DHCP) would certainly get released to the BIND server, and also every little thing functioned wonderful. Never ever needed to reactivate the Win2K DNS server once more.

2019-05-21 10:26:49

We do this. I'm not exactly sure I would certainly advise it, yet we do it:

Solaris web server running BIND

  • runs reliable for every single forward domain name other than
  • runs reliable for every single in - area other than ones offered by ADVERTISEMENT DHCP
  • draws servant for and also DHCP arrays from ADVERTISEMENT DNS web servers

linux web server running BIND

  • draws servant for and also DHCP arrays from ADVERTISEMENT DNS web servers
  • draws servant for every little thing else from solaris key.


  • runs master for
  • runs understand for any kind of in - area offered by ADVERTISEMENT DHCP.
  • forwards all recursive demands to the solaris/linux BIND mounts

Windows Clients

  • Assigned the ADVERTISEMENT DNS web servers by ADVERTISEMENT DHCP. We trying out this and also located that "the microsoft family members of items" we made use of did not like not having the ADVERTISEMENT DNS web server. We might have surrendered to early, yet it really did not work out from what I bear in mind.

UNIX/Linux/operational customers:

  • tough coded BIND DNS web servers

In technique, below are some plans we've established:

  • any kind of document that describes IT - class solutions (exchange, etc) obtains an A document in and also obtains a CNAME to in
  • any kind of document that describes functional or network equipment obtains an A document in and also a CNAME in

Our arrangement is in fact also a little bit extra intricate than that due to the fact that we acquired a firm that makes use of Netware/AD for DNS/DHCP so we have a comparable set of regulations for them.

I'm not exactly sure I would certainly advise doing this if your hand isn't compelled. Our install is an effort to reconcile a negative set of conditions. Nonetheless, I do need to confess that I such as making use of BIND a lot greater than ADVERTISEMENT DNS, so, given that we are plainly not going to get eliminate ADVERTISEMENT, it is a wonderful means to have some use BIND.

One trouble we've had is caching in the ADVERTISEMENT DNS web server. We've attempted to enlighten our functional consumers that their laptop computers make use of ADVERTISEMENT DNS, yet adjustments are made in BIND, so if they make an adjustment and also they intend to validate it they need to by hand look it up versus the proper web servers. That is an aggravation, yet it is a concern that shows up remarkably usually.

Hope that aids.

2019-05-21 10:25:23