LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 09-03-2008, 01:15 PM   #1
NDLbox
LQ Newbie
 
Registered: Jun 2008
Posts: 8

Rep: Reputation: 0
Questions on running BIND in an AD environment


Hi,
I have a cluster of ESX servers in a subnet with mostly Windows production machines in an active directory environment. VMWare needs very reliable DNS to work correctly but AD isn't cutting it and I'm getting tired of pushing host files around. I'd like to deploy two BIND servers for the exclusive use of the ESX servers.

Is there any chance having multiple DNS servers with different zones / domains in the same subnet could cause problems? Assume almost all of the Windows boxes will be pointed at the AD DNS servers and only the VMWWare servers will be pointed at BIND, with one Windows box pointed at both (Virtual Center).

Thanks!
 
Old 09-03-2008, 02:20 PM   #2
keratos
Member
 
Registered: May 2007
Location: London, UK.
Distribution: Major:FC8. Others:Debian;Zenwalk; Arch; Slack; RHEL.
Posts: 544

Rep: Reputation: 30
AD?
ESX?

help us help you
 
Old 09-03-2008, 02:28 PM   #3
NDLbox
LQ Newbie
 
Registered: Jun 2008
Posts: 8

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by keratos View Post
AD?
ESX?

help us help you
AD = Active Directory (Microsoft's DNS enabled LDAP implantation)
ESX is VMWare's virtualization product. It is proprietary but the management portion is based of Redhat Linux.
 
Old 09-03-2008, 02:29 PM   #4
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
AD = Active Directory
ESX = VMware ESX server

Why not just configure a box running BIND with a forward-only zone for your internal domains that would forward unresolved requests to AD? That way any results would be cached locally by BIND and it wouldn't have to look them up again until they expire from the cache.

The other option would be to setup the BIND server as a slave to your AD server, so that it imports all the zones from your Windows domain. It depends on what your preference is.

Also, could you explain a bit more about what you're trying to accomplish? Do you just need to perform DNS lookups to the Internet, or you need to query internal DNS records? Are you wanting to make changes to DNS records for hosts running in ESX without making changes to your Windows DNS?

If you want to have a separate set of DNS records just for ESX that you don't manage through Windows, you could delegate a sub-domain from your WIndows DNS to a server running BIND and manage that sub-domain through BIND. Windows wouldn't have to know anything about it, other than where it's DNS server is. That's only useful if you want to avoid making changes for ESX through Windows DNS.
 
Old 09-03-2008, 03:03 PM   #5
NDLbox
LQ Newbie
 
Registered: Jun 2008
Posts: 8

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by chort View Post
AD = Active Directory
ESX = VMware ESX server

If you want to have a separate set of DNS records just for ESX that you don't manage through Windows, you could delegate a sub-domain from your WIndows DNS to a server running BIND and manage that sub-domain through BIND. Windows wouldn't have to know anything about it, other than where it's DNS server is. That's only useful if you want to avoid making changes for ESX through Windows DNS.
Correct. Our Windows DNS is problem laden and frankly I kind of want the ESX servers completely segregated out anyway. I wanted to create a subdomain that windows knows nothing about (say esx.example.com) running on two linux servers that will also handle NTP for the cluster. That way I can ditch the host files. They only ever need to know eachother's IP's and there is only one Windows client that needs to know where they are (I figure I would just setup the BIND servers as the first two DNS servers on that client). I don't see a need to forward any requests for this implementation.

Am I correct in my assumption that since nothing else will point to these DNS servers, nothing else will even know that subdomain exists?
 
Old 09-03-2008, 03:05 PM   #6
NDLbox
LQ Newbie
 
Registered: Jun 2008
Posts: 8

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by chort View Post
AD = Active Directory
ESX = VMware ESX server

If you want to have a separate set of DNS records just for ESX that you don't manage through Windows, you could delegate a sub-domain from your WIndows DNS to a server running BIND and manage that sub-domain through BIND. Windows wouldn't have to know anything about it, other than where it's DNS server is. That's only useful if you want to avoid making changes for ESX through Windows DNS.
Correct. Our Windows DNS is problem laden and frankly I kind of want the ESX servers completely segregated out anyway. I wanted to create a subdomain that windows knows nothing about (say esx.example.com) running on two linux servers that will also handle NTP for the cluster. That way I can ditch the host files. They only ever need to know eachother's IP's and there is only one Windows client that needs to know where they are (I figure I would just setup the BIND servers as the first two DNS servers on that client). I don't see a need to forward any requests for this implementation.

Am I correct in my assumption that since nothing else will point to these DNS servers, nothing else will even know that subdomain exists?
 
Old 09-03-2008, 03:58 PM   #7
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Quote:
Originally Posted by NDLbox View Post
Correct. Our Windows DNS is problem laden and frankly I kind of want the ESX servers completely segregated out anyway. I wanted to create a subdomain that windows knows nothing about (say esx.example.com) running on two linux servers that will also handle NTP for the cluster. That way I can ditch the host files. They only ever need to know eachother's IP's and there is only one Windows client that needs to know where they are (I figure I would just setup the BIND servers as the first two DNS servers on that client). I don't see a need to forward any requests for this implementation.

Am I correct in my assumption that since nothing else will point to these DNS servers, nothing else will even know that subdomain exists?
If you don't delegate the sub-domain from your Windows DNS, then nothing will know about it unless they use your BIND DNS servers directly. Make sure you pick a namespace that doesn't overlap with your existing zones, just to avoid confusion. You probably want to be a little less generic than "esx.youdomain.tld", just in case someone else gets the idea in their head to create an "esx.yourdomain.tld" zone in Windows DNS, and then it gets confusing. Maybe call it "esx-bldg3-lab1.yourdomain.tld", or maybe "esx.lab1.bldg3.yourdomain.com", etc... make it specific so it's less likely that someone else would call their zone the same thing.

If you do the above, you basically just do a typical configuration of BIND for running an authoritative server. You don't need to claim to be authoritative for "yourdomain.tld", you can claim authority for just the sub-domain (that way in case you have to lookup external records for "yourdomain.tld", the resolution will actually work.
 
Old 09-03-2008, 05:03 PM   #8
NDLbox
LQ Newbie
 
Registered: Jun 2008
Posts: 8

Original Poster
Rep: Reputation: 0
Thanks everyone - I had a suspicion that it shouldn't be a problem so I am going to go ahead and create a stand-alone BIND server (two actually) that will be authoritative for it's own subdomain and I'll leave it out of the Windows DNS system entirely.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
BIND questions danimalz Linux - Networking 1 11-09-2005 02:48 AM
Running more than 2 desktop environment? johnleeryan Linux - Newbie 5 02-17-2005 05:48 PM
Anyone running BIND on 9.2? Rotwang Mandriva 4 05-13-2004 02:41 PM
Server Environment Questions crazybug Linux - Newbie 1 09-22-2003 02:41 AM
Questions on installing bind-9.3.1 360 Linux - Networking 0 08-28-2001 12:28 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 12:37 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration