On 5/22/2017 10:48 AM, bind-users-requ...@lists.isc.org wrote:
On 05/22/2017 07:16 AM, Barry S. Finkel wrote:
Maybe I am misinterpreting the problem. When I was managing a mixed
AD-BIND DNS scenario, ALL of the computers used the BIND servers for
their DNS resolution; none used the AD servers. But I had all of the
AD zones slaved on my BIND servers, so there was no need for any machine
to use the AD servers for DNS resolution. The AD servers had only
the AD zones, so if any machine queried the AD server for a non-AD zone,
the request would have been forwarded to the BIND servers anyway.
On Mon, 22 May 2017 08:46:59 -0600 Grant Taylor replied:
Could your AD clients still reach the AD DNS servers? (It sounds like
they could.)
It's been my experience that AD clients still want to reach the master
name server (in the SOA record) to do Dynamic DNS updates.
(I've also successfully forced those through a BIND secondary configured
to forward the dynamic updates to the AD master.)
-- Grant. . . . unix || die
The only dynamic updates were to the AD"_" zones. Windows desktops and
servers had static IP addresses, so they did not use DHCP. One forward
zone and five /24 reverse zones were completely dynamic, and those zones
were mastered on a Windows DNS Server and slaved on my BIND servers.
As I have written before, there were lots of serial number updates
in these zones (forward, reverse, and "_") were the one contents did
not change. This caused a lot of unnecessary zone transfers between
the Windows DNS masters and my BIND slaves.
--Barry Finkel
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
