Not at all. Both BIND and MS DNS support conditional forwarding (depending on BIND version and OS version, respectively). The destination for the conditional forwarding is irrelevant, since it's the servers receiving the queries from the clients that are responsible for forwarding (or not) the queries. There is no specific interaction between the two DNS implementations beyond standard querying.
Laura > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Charlie Kaiser > Sent: Thursday, October 26, 2006 5:20 PM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] DNS setup questions > > Since the partner forest is not using AD DNS zones but a Unix > BIND system, wouldn't that eliminate the ability to do the > conditional forwarding? I thought that required both sides to > be W2K3 AD DNS... > > ********************** > Charlie Kaiser > W2K3 MCSA/MCSE/Security, CCNA > Systems Engineer > Essex Credit / Brickwalk > 510 595 5083 > ********************** > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > [EMAIL PROTECTED] > > Sent: Thursday, October 26, 2006 1:55 PM > > To: ActiveDir@mail.activedir.org > > Subject: RE: [ActiveDir] DNS setup questions > > > > You could use conditional-forwarding. You could also setup > an AD int > > stub zone. I'm not well versed in the security aspects of > either... > > but either one of those would work fine... > > > > :m:dsm:cci:mvp | marcusoh.blogspot.com > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Charlie > > Kaiser > > Sent: Thursday, October 26, 2006 4:32 PM > > To: ActiveDir@mail.activedir.org > > Subject: DNS setup questions > > > > OK; my Google-fu isn't working well today, and it's been a > while since > > I had to do any advanced DNS work. Too much BPM work, not enough AD > > admin lately... > > > > Here's the scenario: > > > > Our domain: W2K3 functional level single-domain forest using > > AD-integrated DNS, secure updates only Partner domain: W2K3 > functional > > level single-domain forest using BIND DNS. > > > > We are planning to establish a trust between the domains. > We need to > > set up DNS so that both domains can resolve at minimum SRV > records to > > keep the trust working and allow member enumeration for > selective auth > > setup. > > IIRC, we need to create secondary zones in each domain > pointing to the > > other domain, and on the W2K3 side, add the BIND servers to the > > nameservers tab, right? Anything else I need to do on the W2K3 DNS > > side? I really think I'm missing something here, but I > can't find any > > information with the answers I need... > > > > Also, if I allow zone transfers to the other domain's DNS IP > > addresses, what's to prevent them from setting up something > other than > > a secondary server? I know AD integrated won't allow another AD > > integrated DNS server outside the current domain, but I > just want to > > make sure I don't leave anything insecure... > > > > Thanks... > > > > ********************** > > Charlie Kaiser > > W2K3 MCSA/MCSE/Security, CCNA > > Systems Engineer > > Essex Credit / Brickwalk > > 510 595 5083 > > ********************** > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.mail-archive.com/activedir@mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
