Active Directory with MS DNS

[Rich Tyler]

Was wodnering if anyone can give advice on setting up
Active Directory without using MS DNS. Am using a cisco
DNS. Has anyone done this or can anyone tell me if this
can be done or is a good idea???

Any thoughts welcome,

Thanks

Rich Tyler

 

[Simon Geary]

So long as your DNS server supports SRV records (mandatory) and dynamic
updates (recommended) then it doesn't really matter who the vendor is.

 

[Matjaz Ladava [MVP]]

Apart from what Simon said, I would rather use Windows DNS than some other.
It supports all what is necessary for AD to function properly. Do you have
any strong reason not to use Windows DNS server ?

--
Regards

Matjaz Ladava, MCSE, MCSA, MVP
Microsoft MVP - Active Directory
(e-mail address removed), (e-mail address removed)
http://ladava.com

 

[Rich Tyler]

I would prefer to use MS but unfortunately AD is being
implemented onto an existing large network with Novell,
Solaris, NT and Win2K. So cannot make the change of DNS
unfortunately.

But looking at Simon's message I think I might be ok as it
supports SRV and dynamic updates, fingers crossed.

Thanks for you advice and help.

Rich

 

[Neil Ruston]

One additional point to make is that very few DNS
solutions support or offer secure DDNS.

MS and Lucent offer that feature, but if your DNS
implementation does not and you require secure DDNS, then
you may need to implement MS DNS (just for the MS zones).

HTH,
Neil

 

[Mike Miller]

One additional point to make is that very few DNS
solutions support or offer secure DDNS.

MS and Lucent offer that feature, but if your DNS
implementation does not and you require secure DDNS, then
you may need to implement MS DNS (just for the MS zones).

HTH,
Neil

I would also recommend you set up an MS DNS zone for you AD systems. We tried
integrating AD into our Solaris DNS configuration and had all kinds of issues.
We have an odd environment which did not help but it's not that odd.

 

[Robbie Allen]

While you can't take advantage of features such as AD-integrated DNS and
Windows Secure Dynamic Update, you can integrate with CNR DNS pretty easily.
I believe there was a whitepaper that described how to do it, but I can't
find it. I did find this as part of the CNR docs:
http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/ciscoasu/nr/nr3-5/nr
ug/userapf.htm

Robbie Allen
http://www.rallenhome.com/

 

[MadDHatteR]

I am not familiar with Cisco's DNS, but we use BIND (just recently moved to
v9) on Solaris for DNS. We have created a special dynamic zone just for our
Windows domain computers (ds.dept.mycompany.com). Updates are not secure,
but other than a few event log entries, this is not a problem. The static
DNS addresses (dept.mycompany.com) are used for all addressing and
functionality that's not internal to Windows. Thus, each Windows computer
has two entries -- a dynamic entry: computer1.ds.dept.mycompany.com and a
static entry: computer1.dept.mycompany.com.

I've puddled with Windows DNS and DHCP, and I have to admit, I like the
Solaris-based solutions we use much more than Windows. In a
non-Windows-centric organization, it's highly unlikely critical
organization-wide services like DNS (and maybe DHCP) will be given over to
Windows servers, so I'd recommend requesting a separate dynamic zone just
for your domain(s).

\\ MadDHatteR

 

[mk]

Hello
AD don't work without MS DNS .
you must use it

 

[MadDHatteR]

Hello
AD don't work without MS DNS .
you must use it

No, AD works fine with other DNS servers (the fact that our AD works is
proof of this). Microsoft's DNS server offers some features and
functionality that may not be available with other servers. Secure dynamic
updates is either not supported or not configured with our BIND
installation, but unsecure dynamic updates work fine.

\\ MadDHatteR