In
Kevin Emore said:
Thanks Keith;
Just a few more questions. Do you know of any good articles to
support the switch from Bind to 2000 ?
Configuring Berkeley Internet Name Domain (BIND) to Support Active
Directory:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn
ol/iis/deploy/depovg/cfgbind.asp
Support WebCast Microsoft Windows 2000 DNS and UNIX BIND DNS
Interoperability:
http://support.microsoft.com/default.aspx?scid=/servicedesks/webcasts/
wc022602%2fwcblurb022602.asp
257462 - Dynamic Update Does Not Work Using BIND DNS Forwarder [shows Event
ID 5781]:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q257462
Re DNS & Active Directory Questions - BIND Users ML Archive:
http://www.isc.org/ml-archives/bind-users/2001/01/msg00612.html
301191 - HOW TO Integrate DNS with Existing DNS Infrastructure If Active
Directory Is Enabled in Windows 2000:
http://support.microsoft.com/?id=301191
Q298448 - Windows 2000 DNS and Active Directory Information and Technical
Resources [Also Talks about how to use DCDIAG and NetDIAG Infrastructure
Implementation]:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q298448
Is there a name for the 2000 equivilant of Bind ? What is is Bind
Release Candidate 9.2.0 because that supports 2000.
Not sure, but BIND 8.23 or better is recommended, preferrably the later
versions, but as Keith mentioned, BIND does have some vulnerabilities that
MS DNS doesn't. It'a actually your choice to incorporate BIND or W2k DNS.
This can come down to a political decision too. Either way, BIND will work,
however, you don't have the advantage of AD Integrated Zones. Besides,
Secure Updates in BIND do not work with W2k DHCP due to incompatible
methods.
Here's some info on AD Integrated Zones and AD and DNS in general:
Active Directory-Integrated Zones -Win 2003 (most applies to Win 2000 except
Application Partitions):
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/depl
oyguide/dssbc_logi_lhld.asp
291382 - Frequently Asked Questions About Windows 2000 DNS and Windows
Server 2003 DNS:
http://support.microsoft.com/?id=291382
Choosing a Zone Type:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/depl
oyguide/dnsbd_dns_nuql.asp
Windows 2000 DNS - Active Directory integration, multimaster replication,
dynamic and secure dynamic update, and aging and scavenging.:
http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/cncf/cnc
f_imp_orav.asp
In my opinion, W2k DNS is way easier to configure and support and I believe
is much more secure than BIND. Pretty much just install it and it works.
My secondary DNS server would be for example microsoft..com and the
server that the users would authenticate to would be
finance.microsoft.com if the finance went away would the users be
able to authenticate using microsoft.com ?
Thanks
With regard to AD, user accounts are domain specific and will only
authenticate by a DC in the domain that the account exists in. SO if the
account exists in example.microsoft.com, then a DC in that domain can only
authenticate that user account. Of course, the way it finds the domain
controller to authenticate it (as well as the GC for login and searches and
the Kerberos service for authentication) it queries DNS for the service
location and their resolve to the resource locations of those services.
Hope these links and info helps out.
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
