Robert, I've only seen this type of configuration in higher-ed environments, where the "legacy" DNS predates Active Directory and there are security, configuration or political reasons for reverse zones staying on the BIND servers. A few thoughts: Caching the entire zone for test.com by putting a secondary copy of that zone on the ad.test.com DNS servers may prove useful. By default, Windows servers will want to dynamically register PTR records - something not allowed with a typical BIND config (and probably not allowed in this scenario, or ad.test.com would probably be a BIND zone) Some 3rd party applications can get picky or even break if you're not careful about name resolution. Licensing based on host name, in particular.
I've also seen some applications break if you have forward lookups in a BIND zone and in AD DNS (dc1.sub.test.com and dc1.ad.test.com). I spent all weekend diagnosing an AD sync for an application that would crash out because it was pointed to dc1.sub.test.com instead of dc1.ad.test.com. I can only gather that somehow, an LDAP query told it the AD domain FQDN and it got confused... My $0.02, James Wells ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, October 17, 2006 1:16 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Reverse lookup Zone (Integration with Bind and AD-DNS) Hello all, Here is the scenario: Bind DNS 9.2 - test.com Active Directory integrated-DNS - ad.test.com (delegated sub domain) Ad.test.com configured to forward to test.com DNS servers All clients point to ad.test.com DNS servers What has been the overall consensus as it relates to placement of reverse lookup zones in this config? I have typically left the reverse lookup zones in the root in this situation (test.com). Tia, RC List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
