Active Directory requires Microsoft DNS?

Phil Regnauld regnauld at
Fri Sep 24 17:45:09 UTC 2010

Darren Pilgrim (nanog) writes:
> Tom Mikelson wrote:
> >Presently our organization utilizes BIND for DNS services, with the
> >Networking team administering.  We are now being told by the Systems team
> >that they will be responsible for DNS services and that it will be changed
> >over to the Microsoft DNS service run on domain controllers.  The reason
> >given is that the Active Directory implementation requires the Microsoft DNS
> >service and dynamic DNS.
> Bunk.  At work we have a network of ~1500 computers with over 600 of
> them running Windows.  Our nameservers are all BIND, which have
> dynamic DNS enabled for updates sent from our 2003 and 2008R2 DCs.
> The DCs have no problem creating, updating and deleting the various
> RR's they use to publish the domain.  The Systems team folks will
> see errors/warnings in the Windows logs because the Windows machines
> are unable to set up secure connections to the nameservers and due
> to an implementation difference between what BIND accepts and what
> Microsoft's OSes send; but in practice these seem to be little more
> than noise.

	Agreed.  What about dynamic updates of the client ?  It's usually not
	a problem in this direction (Windows client -> BIND DNS), but as you
	say it won't be secure (GSS-TSIG).


More information about the NANOG mailing list