Kevin: So I think you separated services and updated Bind statically, sorry If my brevity description of your design is incorrect. Did you try or have any success or difficulties of having Bind as master and AD resolve directly to it as well as everyone else?
Thanks for the feed back and the input on the survey! Survey Request: Active Directory with ISC Bind and DHCPD http://www.surveymonkey.com/s/2VYNKW Aaron - Aaron Thompson Network Architect for IT Operations Berklee College of Music 1140 Boylston Street, MS-186-NETT Boston, MA 02215-3693 www.berklee.edu 617.747.8656 Twitter: @thomp318 On Oct 18, 2012, at 4:17 PM, Kevin Darcy <k...@chrysler.com> wrote: > You should think of DNS hosting, DNS resolution and DHCP, as separate > services that can either be put together on a single platform, or run on > separate platforms in various combinations, interoperating with each other. > Another important factor is whether your AD domain is colocated with a bunch > of other non-AD stuff, or whether it's a separate namespace (either a > descendant of your main domain, or some namespace entirely). > > In our case, our AD folks insist on AD-integrated zones, but on the other > hand, they're in completely different namespaces. So it's a fairly simple > matter of delegating from and (for reasons of performance and resiliency) > replicating that data into our BIND-based infrastructure. We handle the DNS > resolution and DHCP, and all of the clients can resolve the AD names from us, > even though we're not the primary master for any of the zones. YMMV. One of > the drawbacks of this approach is that Domain Controllers and certain other > types of AD-related servers need to be added twice -- once into the > AD-integrated zone for AD infrastructure purposes, and then again into a more > generic zone, so that the proper forward/reverse mappings are created and > kept in sync. Ideally, AD would generate outbound Dynamic Updates for the > maintenance of reverse records for their resources, if they don't happen to > control the relevant reverse zone(s), but good luck with that -- it's not in > Microsoft's o wn best economic interests to foster interoperability with non-Microsoft DNS server implementations... > > - > Kevin > > On 10/18/2012 2:03 PM, Aaron Thompson wrote: >> Hi All, >> >> I'm hopping to get some feedback from people who use ISC Bind and DHCPD in >> Active Directory environments. >> >> Currently we use Bind/DHCPD for dynamic DNS and DHCP. It's been a pretty >> stable service, redundant and we are polling statistics with Cacti. There >> is concern by Management of using a somewhat non standard approach for >> Active Directory SRV records being handled by ISC services and not AD. >> >> The options we are looking at is migrating to AD for DNS and DHCP services >> or to have Bind/DHCPD handle SRV records for AD. >> >> Some technical info on our our BIND environment. >> >> Some Client Identifiers >> 300 DHCP Pools >> Dynamic DNS >> Cacti Graphs - Reporting >> Syslog via Splunk >> >> Overall it's been a very stable design for the last 5+ years. >> >> If you have any relevant feed back I would appreciate it. I'm looking for >> information on experience with Active Directory integration with ISC or if >> anyone has had problems/stability issues with AD doing DNS/DHCP or AD >> working with ISC. >> >> Thanks in advance. >> >> Here's a brief survey for Schools that have ISC running in an AD environment. >> >> http://www.surveymonkey.com/s/2VYNKWR >> >> - >> Aaron Thompson >> Network Architect for IT Operations >> >> Berklee College of Music >> 1140 Boylston Street, MS-186-NETT >> Boston, MA 02215-3693 >> >> www.berklee.edu >> 617.747.8656 >> >> - >> Aaron Thompson >> Network Architect for IT Operations >> >> Berklee College of Music >> 1140 Boylston Street, MS-186-NETT >> Boston, MA 02215-3693 >> >> www.berklee.edu >> 617.747.8656 >> >> >> >> _______________________________________________ >> Please visit >> https://lists.isc.org/mailman/listinfo/bind-users >> to unsubscribe from this list >> >> bind-users mailing list >> >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
