Win2k3 Domain Controller & Bind 9.5

Sharky Forums


Results 1 to 9 of 9

Thread: Win2k3 Domain Controller & Bind 9.5

  1. #1
    Great White Shark
    Join Date
    Nov 2000
    Posts
    21,595

    Win2k3 Domain Controller & Bind 9.5

    I have a Win2k3 DC with Active Directory I have not touched in years except for patches.

    Will Bind 9.5 run on it without interfering with the Windows domain?
    I need it to run DNS for 2 separate public domains while the current FreeBSD TinyDNS server is down for a total software re-build. (I can't get VMware to run on FreeBSD.)

    Plan B is to use in-built Windows DNS to handle the two public domains plus the private domain, but I don't know how to make that happen. I've been away from W2k3 way too long.

  2. #2
    Hammerhead Shark
    Join Date
    Feb 2001
    Posts
    1,612
    DNS only has one standard port, so you can't have 2 copies running on one machine. I suppose you could create a second IP address for the second DNS instance if you really wanted to.

    Personally, I think I'd just add the zone to the MS DNS instance.

    Although, since you're "replacing" a second server that's not running, maybe the second IP would work better, since you could just set it to the IP of the other machine.

  3. #3
    Great White Shark
    Join Date
    Nov 2000
    Posts
    21,595
    Currently the external incoming port 53 packets are routed to host CS1 by the router and the internal port 53 packets transit the LAN to the DC, CS4. The local nodes all look at CS4 as their primary DNS server. CS4 does not forward unresolved DNS inquiries from local nodes to CS1. Instead they are forwarded to the ISP's DNS server.

  4. #4
    Great White Shark vertices's Avatar
    Join Date
    Sep 2000
    Location
    Palm Coast, FL
    Posts
    6,001
    Can't you just build a Primary Zone in Windows DNS?

    You probably already have a Primary AD integrated forward zone for whatever your Windows Domain is. Simply open the DNS MMC and add a Primary Zone for whatever domains you want, then manually add the records. Then point whatever needs to resolve those domains to that server.

    Maybe I'm not understanding the question entirely.

  5. #5
    Great White Shark
    Join Date
    Nov 2000
    Posts
    21,595
    Will that be externally visible? My internal network as defined in the AD is not externally visible. I'm confused on how Windows handles DNS. IIRC DNS files used to be standard Bind files located in %systemroot%\system32\dns\.

  6. #6
    Great White Shark Thermo's Avatar
    Join Date
    Jul 2001
    Location
    SE PA
    Posts
    5,185
    From what I just read it's a yes and no kind of result. You can assign addresses or add NICs for the MS DNS instances. But you will have to do a lot of work on trusts and GP for the AD domain. Not a lot of details, mostly "why would you" and cache servers.

    Don't you have a junker you could load FreeBSD on and run Each DNS in it's own jail?
    "All mankind is divided into three classes: those that are immovable, those that are movable, and those that move."
    January 21, 2013 The End of an ERROR

  7. #7
    Hammerhead Shark
    Join Date
    Feb 2001
    Posts
    1,612
    I don't think you can have two independent MS DNS instances, so in your case it's probably better to just run BIND as a second instance. You can probably configure it for a non-standard port, and then configure your router/firewall to forward external 53 to the internal non-standard DNS port on the server.

    If you just add the zone to the MS instance, then there's always the risk of information leakage. (i.e. an attacker seeing your private zone records.) Unlikely, but definitely possible.

    Separate servers would still be ideal, even if it's just a temporary "junker" like Thermo said. Better yet would be externally hosted DNS, like normal people do.

  8. #8
    Great White Shark vertices's Avatar
    Join Date
    Sep 2000
    Location
    Palm Coast, FL
    Posts
    6,001
    $60 a year gets you 25 domains at DNSMadeeasy.com. I use them for secondaries. Great service, very cheap, very secure, very reliable. They also have cheaper plans with less domains.

  9. #9
    Great White Shark
    Join Date
    Nov 2000
    Posts
    21,595
    Thanks for the link. The home account at $14.95 per year is sweet. I subscribed.
    They support PTR records whereas my previous DNS provider dropped their support for them.
    That's the only reason I ended up with my own DNS servers.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •