We run
split brain and munge the public zones into the MS DDNS servers. All
internal host point to the Internal DNS. Works fine for us. To avoid
Munging use either a non routable DNS name like .LOCAL. or a sub domain
off the main domain. AD.XYZ.COM and don't put the AD zone on your public
zones. I would avoid any contact with the outside to your AD
environment if I were you. Just because it uses DNS and Internet
technology doesn't mean you should put your stuff on the Internet. If I
can bang against your severs from the Internet, I can lock out accounts, DOS
your box, etc.
Ted
Great Link.
Toddler
-----Original Message-----
From: Strand, Ted [mailto:[EMAIL PROTECTED]
Sent: Friday, September 26, 2003 8:10 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Bind or Microsoft DNSWe started out by using Bind on the external (SOA) and using AD DNS on the inside with split brain. After 2-3 months (the UNIX bind server owners hate everything about Microsoft), and listening to millions of shots about how Microsoft doesn't follow the standards we got the solution working......Or so we thought. Once we installed MOM, we noticed that the environment was degrading. We finally gave up and registered a NEW domain name and are implementing a pure Microsoft solution for the new domain. I really don't think that any of our problems were to serious to be worked out from a technical perspective, but quite honestly I got tired of the constant political battles. If you have a choice, I see no reason to stay on BIND. The UNIX guys will tell you how great it is, but check out this web site http://cr.yp.to/djbdns/blurb/unbind.html for a list of problems with BIND.
From: Juan Ibarra [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 25, 2003 2:47 PM
To: [EMAIL PROTECTED]Hi, we are planning the upgrade from NT to Win2k 2003. Currently we use Unix DNS, the question is should I keep it just make sure it supports NDR records or replace it with Microsoft DNS.
Any pros and cons?
Thanks,
Juan
