Using Active Directory with a DNS on another computer

[SuperFreaky]

I'm setting up a Windows 2003 server to be a Domain Controller running Active Directory. The problem is I have to use an already existing DNS server running on Unix that doesn't support Dynamic Updates.

Does anybody know if this is possible? or better yet how to set it up?

 

[ahurtt]

Wrong forum. Try maybe the Operating System forum, the Networking forum, or the Tech support one.

 

[Wizkid]

Just an idea... but maybe you could run DNS on the win2003 box, and then run a slave copy of that zone on your unix box. Might save a lot of manual entry that way...

 

[OmegaXero]

If you setup DHCP to run on your domain controller then you can set your DNS servers to be whatever you want. I would configure DHCP to have a primary DNS address that points to your Domain controller, this will be used to resolve internal stuff. Have a secondary DNS config that points to the unix box. Or, you could just configure your Domain Controller to forward any requests that it couldn't resolve straight to the Unix box. Do you have a test system that you can stick on the network really quick and see if this will work?

Ahurtt, is this not the networking forum?

 

[cleverhandle]

The cleanest way to accomplish this, if you have any cooperation from the DNS operator, is to use a subdomain for the AD and have the Unix server delegate that subdomain to the Windows DNS server. So if the Unix domain is domain.com, delegate internal.domain.com to Windows. Then everything's peachy.

Also, as OmegaXero describes, you may be able to set up some kind of primary/secondary system. I'd prefer the subdomain, though.

If you have to actually use the Unix server, then things get uglier. At the very least there are a bunch of DNS entries that must be entered on the Unix box in order for AD's LDAP/Kerberos stuff to work properly. Even once those are present, I'm guessing that there will be other issues that pop up to remind you that you're not following the true MS path, but I've never tried it myself. Or you could just allow dynamic updates, but there's no way for BIND to do that in a secure way that MS understands so then you're wide open.

 

[stash]

cleverhandle's got the right idea. There's no need to have to use the Unix box for DNS, just delegate a zone to the 2003 server. You can then use the Unix server as a forwarder.

Using BIND will work, since the only requirement is support for SRV records. But you will need to register all those SRV records manually. If you have multiple domain controllers, that can be a chore. The records that you need to input are in the netlogon.dns file in %systemroot%\system32\config