[Newbie] including Linux server in DNS

  • Thread starter Thread starter stefano
  • Start date Start date
S

stefano

Hi all.

A customer has a small LAN with a W2k AD DC.

A new box is soon going to be added to the network, and it will be an
FTP server, based on Linux OS.

I would like all workstations on the network to be able to reach the
server typing ftp.mycustomer.com (which is by the way, the address used
by my customer's customers to reach the server from the internet, and
is therefore known on the web with an external IP address).

Of course I'd like to do that without adding a line to all hosts files
in the LAN, so I thought the DC's DNS would handle this, pointing
workstations to the internal IP address. I turned to the W2K server's
admin who told me it's not possible, "because the domain handled by the
DC is not mycustomer.com, but someothername.someotherextension"

Is this correct? I think it's unbelievable. Please remember that the
Linux box cannot participate in the AD domain (of course).

Thanks for any input

Stefano
 
Hi all.

A customer has a small LAN with a W2k AD DC.

A new box is soon going to be added to the network, and it will be an
FTP server, based on Linux OS.
Click to expand...

Not an issue....
I would like all workstations on the network to be able to reach the
server typing ftp.mycustomer.com (which is by the way, the address used
by my customer's customers to reach the server from the internet, and
is therefore known on the web with an external IP address).
Click to expand...

Then you must make sure to enter the "Ftp" record into the
INTERNAL version of the zone and supply the internal
address (if there is one) in that record.
Of course I'd like to do that without adding a line to all hosts files
in the LAN, so I thought the DC's DNS would handle this, pointing
workstations to the internal IP address. I turned to the W2K server's
admin who told me it's not possible, "because the domain handled by the
DC is not mycustomer.com, but someothername.someotherextension"
Click to expand...

If there is no internal version of the Domain (not using same
name internal and external) then he is ALMOST right.

He figures (incorrectly) that he cannot add a record for this
server since he doesn't control the zone -- and that the
external zone will have only external (correct) addresses.
Is this correct? I think it's unbelievable. Please remember that the
Linux box cannot participate in the AD domain (of course).
Click to expand...

Actually it is INCORRECT but very believable <grin>

It has nothing to do with Linux but with responsibilities for DNS
names.

IF the internal clients will use the EXTERNAL addresses there is
NOTHING to do (except make sure that external names/addresses
are resolving which should already be the case.)

IF the internal clients need to access a "multihomed" FTP (etc)
server by the INTERNAL Address only there are two approaches:

#1 give it an address in the internal zone/domain: Ftp.internal.net

#2 (the answer to your actual questio) Add a ZONE for the name
of the Unix machine (FTP.externaldomain.com) to your internal
DNS servers.

Then add an A record to that zone with the host BLANK, SAME
AS PARENT -- which means: FTP.externaldomain.com

Most admins don't realize they can just add a ZONE with a child
name that is really a "server" and not a true zone (i.e., doesn't
have a bunch of other resource records.)

Most admins never learned that technical a DNS "machine name"
IS A DNS DOMAIN.

And a ZONE can have an IP address (in effect) -- notice all those
we sites (like mine http://LearnQuick.Com ) that don't require
typing the "www" part .... works the other way around:

Mail.Learnquick.com can be a zone OR a particular HOST or BOTH.
You cannot tell without trying it.

(Even then it is difficult to be sure <grin>)
 
Thanks for everything

What I meant with Linux is "the linux machine will not join the AD
domain for obvious security reasons"

Cheers

Stefano
 
Thanks for everything

What I meant with Linux is "the linux machine will not join the AD
domain for obvious security reasons"
Click to expand...

There are no 'obvious security reasons' for this.

They will not "join the AD domain" because they cannot do this.
 
In
http://www.enterprisenetworkingplanet.com/netos/article.php/3487081
Click to expand...

I've joined a Mac OSx Panther server to a domain. What a mess. I can provide
you the docs from it, because after all it's basially BSD, but I don't think
it will help you with Linux, even though it's similar, but Apple has an AD
plugin that takes care of the Kerberos portion. You have to change a few
files in the samba config file (forget what its called at the moment) and
run a couple utilities, one if I remember right was kerbinit.

Here is a search string I found with a few relevant links for Linux:
http://www.google.com/search?hl=en&lr=&q=join+linux+to+active+directory



--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Paramount: What's up with taking Enterprise off the air??
Infinite Diversities in Infinite Combinations.
=================================
 
Back
Top