You should think of DNS hosting, DNS resolution and DHCP, as separate
services that can either be put together on a single platform, or run on
separate platforms in various combinations, interoperating with each
other. Another important factor is whether your AD domain is colocated
with a bunch of other non-AD stuff, or whether it's a separate namespace
(either a descendant of your main domain, or some namespace entirely).
In our case, our AD folks insist on AD-integrated zones, but on the
other hand, they're in completely different namespaces. So it's a fairly
simple matter of delegating from and (for reasons of performance and
resiliency) replicating that data into our BIND-based infrastructure. We
handle the DNS resolution and DHCP, and all of the clients can resolve
the AD names from us, even though we're not the primary master for any
of the zones. YMMV. One of the drawbacks of this approach is that Domain
Controllers and certain other types of AD-related servers need to be
added twice -- once into the AD-integrated zone for AD infrastructure
purposes, and then again into a more generic zone, so that the proper
forward/reverse mappings are created and kept in sync. Ideally, AD would
generate outbound Dynamic Updates for the maintenance of reverse records
for their resources, if they don't happen to control the relevant
reverse zone(s), but good luck with that -- it's not in Microsoft's own
best economic interests to foster interoperability with non-Microsoft
DNS server implementations...
- Kevin
On 10/18/2012 2:03 PM, Aaron Thompson wrote:
Hi All,
I'm hopping to get some feedback from people who use ISC Bind and
DHCPD in Active Directory environments.
Currently we use Bind/DHCPD for dynamic DNS and DHCP. It's been a
pretty stable service, redundant and we are polling statistics with
Cacti. There is concern by Management of using a somewhat non
standard approach for Active Directory SRV records being handled by
ISC services and not AD.
The options we are looking at is migrating to AD for DNS and DHCP
services or to have Bind/DHCPD handle SRV records for AD.
Some technical info on our our BIND environment.
Some Client Identifiers
300 DHCP Pools
Dynamic DNS
Cacti Graphs - Reporting
Syslog via Splunk
Overall it's been a very stable design for the last 5+ years.
If you have any relevant feed back I would appreciate it. I'm looking
for information on experience with Active Directory integration with
ISC or if anyone has had problems/stability issues with AD doing
DNS/DHCP or AD working with ISC.
Thanks in advance.
Here's a brief survey <http://www.surveymonkey.com/s/2VYNKWR> for
Schools that have ISC running in an AD environment.
http://www.surveymonkey.com/s/2VYNKWR
-
Aaron Thompson
Network Architect for IT Operations
Berklee College of Music
1140 Boylston Street, MS-186-NETT
Boston, MA 02215-3693
www.berklee.edu
617.747.8656
-
Aaron Thompson
Network Architect for IT Operations
Berklee College of Music
1140 Boylston Street, MS-186-NETT
Boston, MA 02215-3693
www.berklee.edu
617.747.8656
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
