BIND works very well as DNS server for AD, we use BIND 9 with great success, all you have to do is allow zone transfers for the Domain Controllers and dynamic updates for the AD member servers.
Assuming you have 2 AD Domain contollers on IPs 192.168.1.1 and 192.168.1.2, and you have 2 member servers on 192.168.1.4 and 192.168.1.5 the following bold lines added to named.conf should do the trick. The
check-names ignore directive is used to allow non-standard characters that the AD uses in its zone names (you can always rely on Microsoft to violate a standard).
A generic named.conf modified for AD DNS......
Code:
options {
directory "/etc/namedb";
pid-file "/var/run/named.pid";
statistics-file "/var/run/named.stats";
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};
key "rndc_key" {
algorithm hmac-md5;
secret "insert secret string here";
};
zone "." {
type hint;
file "root.hints";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "pz/127.0.0";
};
zone "example.com" {
type master;
// notify no;
file "pz/named.linux";
check-names ignore;
allow-transfer { 192.168.1.1;192.168.1.2; };
allow-update { 192.168.1.4;192.168.1.5;192.168.1.1;192.168.1.2; };
};
zone "1.168.192.in-addr.arpa" {
type master;
// notify no;
file "pz/named.rev-linux";
check-names ignore;
allow-transfer { 192.168.1.1;192.168.1.2; };
allow-update { 192.168.1.4;192.168.1.5;192.168.1.1;192.168.1.2; };
};
HTH
Mad.
