-
Win2k3 Domain Controller & Bind 9.5
I have a Win2k3 DC with Active Directory I have not touched in years except for patches.
Will Bind 9.5 run on it without interfering with the Windows domain?
I need it to run DNS for 2 separate public domains while the current FreeBSD TinyDNS server is down for a total software re-build. (I can't get VMware to run on FreeBSD.)
Plan B is to use in-built Windows DNS to handle the two public domains plus the private domain, but I don't know how to make that happen. I've been away from W2k3 way too long.
-
DNS only has one standard port, so you can't have 2 copies running on one machine. I suppose you could create a second IP address for the second DNS instance if you really wanted to.
Personally, I think I'd just add the zone to the MS DNS instance.
Although, since you're "replacing" a second server that's not running, maybe the second IP would work better, since you could just set it to the IP of the other machine.
-
Currently the external incoming port 53 packets are routed to host CS1 by the router and the internal port 53 packets transit the LAN to the DC, CS4. The local nodes all look at CS4 as their primary DNS server. CS4 does not forward unresolved DNS inquiries from local nodes to CS1. Instead they are forwarded to the ISP's DNS server.
-
Great White Shark
Can't you just build a Primary Zone in Windows DNS?
You probably already have a Primary AD integrated forward zone for whatever your Windows Domain is. Simply open the DNS MMC and add a Primary Zone for whatever domains you want, then manually add the records. Then point whatever needs to resolve those domains to that server.
Maybe I'm not understanding the question entirely.
-
Will that be externally visible? My internal network as defined in the AD is not externally visible. I'm confused on how Windows handles DNS. IIRC DNS files used to be standard Bind files located in %systemroot%\system32\dns\.
-
Great White Shark
From what I just read it's a yes and no kind of result. You can assign addresses or add NICs for the MS DNS instances. But you will have to do a lot of work on trusts and GP for the AD domain. Not a lot of details, mostly "why would you" and cache servers.
Don't you have a junker you could load FreeBSD on and run Each DNS in it's own jail?
"All mankind is divided into three classes: those that are immovable, those that are movable, and those that move."
January 21, 2013 The End of an ERROR
-
I don't think you can have two independent MS DNS instances, so in your case it's probably better to just run BIND as a second instance. You can probably configure it for a non-standard port, and then configure your router/firewall to forward external 53 to the internal non-standard DNS port on the server.
If you just add the zone to the MS instance, then there's always the risk of information leakage. (i.e. an attacker seeing your private zone records.) Unlikely, but definitely possible.
Separate servers would still be ideal, even if it's just a temporary "junker" like Thermo said. Better yet would be externally hosted DNS, like normal people do.
-
Great White Shark
$60 a year gets you 25 domains at DNSMadeeasy.com. I use them for secondaries. Great service, very cheap, very secure, very reliable. They also have cheaper plans with less domains.
-
Thanks for the link. The home account at $14.95 per year is sweet. I subscribed.
They support PTR records whereas my previous DNS provider dropped their support for them.
That's the only reason I ended up with my own DNS servers.
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|