Skip to content

Active directory

Jump to bottom Edit New page
mattpascoe edited this page Dec 21, 2012 · 3 revisions

The following are my recommendations on how you should run your Active Directory domain so that it will best integrate and work with ONA. I would personally recommend this method in all cases even if you dont use ONA.

Lets say your primary company DNS domain is called mycompany.com. This is how people reach you on the internet and may or may not be what you use for internal naming.

  • Your AD domain should be corp.mycompany.com.
  • Your BIND server would delegate corp.mycompany.com to your Microsoft DNS servers.
  • Your entire company should point their resolvers to your BIND infrastructure. This could be done with hidden masters etc for better resiliency and reliability.
  • If possible, put windows devices on their own subnets/vlans so that you can more easily delegate PTR zones to the AD servers as well. This is a more thorough setup but I personally dont go to this level as I dont need to use PTR lookups for DHCP pool hosts anyway. (I do however put all my M$ stuff on a separate VLAN from my *NIX devices so all the broadcast traffic is kept to one place)
  • All windows servers (things that need actual DNS A records) I put into ONA as well. This way I can get static IP allocation via MAC based DHCP as well as be able to search the names more easily. In many cases I will also create other A records or CNAMEs in the mycompany.com (or other subdomains as needed) that point to the corp.mycompany.com servers. This way I can attach service names and control those things as needed.

The bottom line is AD is required these days in a M$ world. I choose to let it happen on the side and get some of the benefit it gives such as SRV records that automatically get managed. I however prefer to control much of my environment explicitly within ONA so I can get a clearer picture of what I have. There is much more that can be said on this topic, and hopefully I'll update this page from time to time with more information.

For further reference, here is a good article on serverfault.com that discusses the whole corp. and .local scenarios. Ohh, and BTW.. DONT EVER USE .LOCAL.. it will bite you later. It's only helpful for use in your home network.

You might also look at the note about ONA and Dynamic updates

Add a custom footer
Add a custom sidebar
Clone this wiki locally