100's of reverse lookup zones on other (bind) dns server

  • Thread starter Thread starter Marty Egan
  • Start date Start date
M

Marty Egan

I work for a large ISP (> 100,000 employees). Hundreds of routers on
our customer network, each on different subnets across the Internet.
It's imperative that when our staff in various job functions perform a
tracert, they can see the router name, rather than an IP.

Prior to our move to AD, all clients (Solaris and Windows) pointed to
2 BIND on Solaris DNS servers. This included our Windows clients in
the WinNT4 domain. The Solaris/BIND servers run a script each day to
import information from which they generate all the reverse lookup
zones, so that the tracert commands on the clients display correct
router names for the various hops on the tracert, if they are pointed
at Solaris/BIND.

Now that we've moved to AD, we have 2 win2k dns servers for our active
directory where our Windows clients are pointed for name resolution.
Here's the problem. There are *hundreds* of reverse lookup zones on
the Solaris/BIND systems (from the routers) and the number grows
daily. We've written a script that grabs all the reverse lookup zone
files from the BIND server, parses them, and uses the dnscmd.exe
command to create reverse lookup zones and populate them in the Win2k
DNS. This is a bit clumsy, though. I'd like to be able to use
"normal" features of DNS to have the Win2k DNS servers look to the
Solaris/BIND servers for ALL reverse-lookup zones. We do have a
WIn2k3 DNS server, which we are using to do selective forwarding for
some internal zones to a number of other DNS servers, if that helps.
There are some other internal DNS servers to which we must point for
selective forward zones.

Any suggestions?
 
I don't do *NIX, but you should be able to create secondaries of these zones
on your Wintel DNS servers and tell them to pull (transfer) from the BIND
primaries. Then on the BIND, you will allow transfer of these zones to your
Wintel boxes.

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - COMPLETE SPAM Protection
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
 
In
Deji Akomolafe said:
I don't do *NIX, but you should be able to create secondaries of
these zones on your Wintel DNS servers and tell them to pull
(transfer) from the BIND primaries. Then on the BIND, you will allow
transfer of these zones to your Wintel boxes.
Click to expand...


I second the reverse zone secondaries! Have the script parse for new reverse
zones and create the secondaries as the show up.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
Thanks for the reply. As I said, we currently have a script which
creates the secondary zones on our Windows DNS servers, but I really
don't want to host them there at all. Also, remember that there are
*HUNDREDS* of reverse lookup zones, and it's a very dynamic thing.
There's already a system maintaining those records (on the Solaris /
BIND servers), and people who add manually the records which don't
make it in through the automated process. There's no good reason for
me to be maintaining a script on my Windows DNS server that does
exactly the same thing as is already done on the Solaris / BIND
server. I just want to be able to globally have the Windows clients
be able to use the Windows DNS servers for name resolution, but still
have transparent (to the end user) access to all those reverse-lookup
zones on the Solaris / BIND servers.
 
In
Marty Egan said:
Thanks for the reply. As I said, we currently have a script which
creates the secondary zones on our Windows DNS servers, but I really
don't want to host them there at all. Also, remember that there are
*HUNDREDS* of reverse lookup zones, and it's a very dynamic thing.
There's already a system maintaining those records (on the Solaris /
BIND servers), and people who add manually the records which don't
make it in through the automated process. There's no good reason for
me to be maintaining a script on my Windows DNS server that does
exactly the same thing as is already done on the Solaris / BIND
server. I just want to be able to globally have the Windows clients
be able to use the Windows DNS servers for name resolution, but still
have transparent (to the end user) access to all those reverse-lookup
zones on the Solaris / BIND servers.
Click to expand...


Sorry, from your original post you said:

We've written a script that grabs all the reverse lookup zone
files from the BIND server, parses them, and uses the dnscmd.exe
command to create reverse lookup zones and populate them in the Win2k
DNS.

Sorry, I didn't realize you were creating Secondary zones. Hence, why Deji
and I suggested secondaries.

Why not just forward from the W2k DNS to the Solaris DNS?

Ace
 
Back
Top