On 07/27/2010 08:31 AM, Arnoud Tijssen wrote:
From previous mail;
Since I don`t want all dynamic updates from windows clients
polluting my main zone file, but still want one primary DNS serving
the main domain instead of two, BIND and windows, what it is the
best option if there is one.
Sorry - I don't follow. You say you don't want windows clients
updating the zone, and they're not. So what's the problem (i.e what
have I misunderstood)?
The problem is that I want a clean zonefile, since it gets
synchronized to our slave server, which get used by the outside
world. But I do want the clients to register themselves in DNS. We
use DHCP for most of the desktop systems internally and for
troubleshooteing it is very convenient to be able to deduct which
client system belongs to which ip address. Therefor I tried to
delegate all off the windows specific subdomains to windows DNS and
put a forward on BIND for these subdomains, but unfortunately that
doesn`t work.
So basically I would like to have all to reside on our BIND master
and slave servers and be able to let windows clients update the dns
dynamically, preferably secure, without polluting the zonefile with
all of the extra data produced by the clients.
Ok, I see. In that case you have several options:
1. Move the clients into a sub-domain as suggested by the other poster
and allow them to make dynamic updates. I am pretty sure this requires
reconfiguring the clients
2. On your DHCP server, use DHCP option 81 to tell the clients you are
overriding their choice, and that the DHCP server will update the names.
Then, ignore the client-supplied names and use names in a sub-domain.
This will require you have MAC address -> name mappings, and a DHCP
server that can do this (which basically means ISC DHCPd)
3. Alternatively you could run split DNS - have two separate copies of
the zone, one which the external world sees and one which the internal
one sees, only allowing DNS updates to the latter. You'll then have to
have some way to sync the "common" names, and it could get complex.
Is there a tutorial of some where hwo to implement what you are
suggesting?
Much of the needed info is either out-of-date, fragmented or plain wrong
I'm afraid. I've spent quite a bit of time looking into this at one
point, and kept coming back to the same old HOWTOs and half-baked
microsoft KB articles :o(
This is somewhat useful:
http://support.microsoft.com/kb/816592
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
