DNS forwarding for Active Directory Clients

[Ziek]

This is a new Active Directory implementation, and DNS has been installed on
the DC's, however, the company would like clients to point to a
non-microsoft DNS server (cisco).

If the cisco DNS is setup to forward to the Microsoft DNS on the DC's, will
clients successfully be able to authenticate and locate domain controllers
through their Cisco DNS?

I guess I'm a bit confused about how forwarding would work in this
situation. If the Cisco DNS does not support the resource locator records,
but it can forward to the DNS server which does contain these records, will
it redirect clients to the Microsoft DNS, or will the resolution fail
because the cisco DNS does not understand resource records, and although it
forwards correctly, the replies that it receives from the Domain Controllers
is not understood and doesn't arrive to the client?

 

[Danny Sanders]

the company would like clients to point to a

non-microsoft DNS server (cisco).

If the Cisco DNS support SRV records you will be OK.


If the Cisco DNS does not support the resource locator records,

but it can forward to the DNS server which does contain these records,
will it redirect clients to the Microsoft DNS, or will the resolution fail
because the cisco DNS does not understand resource records, and although
it forwards correctly, the replies that it receives from the Domain
Controllers is not understood and doesn't arrive to the client?

If the Cisco DNS server does not support SRV records think about pointing
your AD clients to the Windows DNS server and having the Windows DNS server
forward to the Cisco DNS server.

If the Cisco DNS server does not support SRV records and you point your
clients to this DNS server you will notice a long delay in logging on, Group
policy will not work properly, Kerberos errors, etc..

hth
DDS W 2k MVP MCSE

 

[Jorge_de_Almeida_Pinto]

This is a new Active Directory implementation, and DNS has
been installed on
the DC's, however, the company would like clients to point to
a
non-microsoft DNS server (cisco).

If the cisco DNS is setup to forward to the Microsoft DNS on
the DC's, will
clients successfully be able to authenticate and locate domain
controllers
through their Cisco DNS?

I guess I'm a bit confused about how forwarding would work in
this
situation. If the Cisco DNS does not support the resource
locator records,
but it can forward to the DNS server which does contain these
records, will
it redirect clients to the Microsoft DNS, or will the
resolution fail
because the cisco DNS does not understand resource records,
and although it
forwards correctly, the replies that it receives from the
Domain Controllers
is not understood and doesn't arrive to the client?

I think for this to work the CISCO DNS must understand srv records

I have seen implementations where the domain with A records was hosted
on UNIX DNS and service records domains (_msdcs, etc) where delegated
to MS DNS

You can try it by configuring forwarding on the CISCO DNS, use a
client with a static DNS address that points to CISCO DNS and logon
locally and use DNS lookup TO SEE what happens

NSLOOKUP
set typ=srv
_ldap._tcp.dc._msdcs.<domain>.<tld>
_ldap._tcp.<site>._sites.dc._msdcs.<domain>.<tld>

Cheers,

 

[Herb Martin]

This is a new Active Directory implementation, and DNS has been installed on
the DC's, however, the company would like clients to point to a
non-microsoft DNS server (cisco).

If the cisco DNS is setup to forward to the Microsoft DNS on the DC's, will
clients successfully be able to authenticate and locate domain controllers
through their Cisco DNS?

Technically clients can point to ANY DNS server WHICH can provide
them with the correct answers they need.

As long as the server used directly by the clients understands requests for
SRV records AND will find the zone server (or it itself a secondary for
that zone) that supports the AD then it will work.

I guess I'm a bit confused about how forwarding would work in this
situation. If the Cisco DNS does not support the resource locator

records,

Then it isn't likely to understand the requests, or be able to return the
answers.

but it can forward to the DNS server which does contain these records, will
it redirect clients to the Microsoft DNS, or will the resolution fail

There is no such "redirection" -- forwarding involves the request DNS server
performing the lookup on behalf of the clients by querying the forwarder who
either has those records OR can find the server which has them.

because the cisco DNS does not understand resource records, and although it
forwards correctly, the replies that it receives from the Domain Controllers
is not understood and doesn't arrive to the client?

Then it is unlikely to work.

Why would the clients be required to use the Cisco if it isn't a modern
server?

(SRV has been defined and implemented generally since about 2000 -- even
NT 4 DNS servers with enough service pack level can handle SRV records.)