Hello Phil,
Phil Mayers writes:
> On 10/24/2012 10:17 PM, Carsten Strotmann wrote:
>
>> my experience is that it is safe to place clients in either a DNS domain
>> with the same name as the AD domain, or in a subdomain of the AD
>> domain.
>
> What does "place" mean, exactly?
configure the clie
On 10/27/2012 04:28 PM, Chuck Anderson wrote:
I don't disagree that broadcast netbios probably should be disabled
(though it's not at our site, for historical reasons, and I'm not
sure I'm willing to take on the monumental task of disabling it).
WINS is slightly different, and the main reason to
> I don't disagree that broadcast netbios probably should be disabled
> (though it's not at our site, for historical reasons, and I'm not
> sure I'm willing to take on the monumental task of disabling it).
>
> WINS is slightly different, and the main reason to disable it is
> that it hides misconf
On 10/25/2012 08:44 PM, Kevin Darcy wrote:
On 10/24/2012 6:02 PM, Phil Mayers wrote:
Hell, if you've got WINS running and broadcast netbios, I think it's
still possible to log in with *no* working DNS at all.
At the risk of getting *totally* off-topic, no-one who cares about
security or abou
On 10/24/2012 6:02 PM, Phil Mayers wrote:
Hell, if you've got WINS running and broadcast netbios, I think it's
still possible to log in with *no* working DNS at all.
At the risk of getting *totally* off-topic, no-one who cares about
security or about broadcast traffic on their LANs would ev
On 10/24/2012 10:17 PM, Carsten Strotmann wrote:
my experience is that it is safe to place clients in either a DNS domain
with the same name as the AD domain, or in a subdomain of the AD
domain.
What does "place" mean, exactly?
Bear in mind that, unfortunately, Microsoft chose to embed DNS na
Hello Phil,
Phil Mayers writes:
> Our experience is that this can cause (minor) problems.
>
> The basic issue is that, if you have an AD realm:
>
> EXAMPLE.COM
>
> ...and a machine:
>
> foo
>
> ...then windows tries very hard to stick its fingers in its ears,
> shout "la la I am not listening"
Hello Aaron,
Aaron Thompson writes:
> I have little experience in the AD arena for DNS/DHCP. Without being
> a too loaded question, with your experience is it possible or common
> to have a very knowledgeable understanding of the performance and
> health of an AD system similar to a BIND syst
On 24/10/12 16:54, Kevin Darcy wrote:
Why do you feel the need to register clients in your AD domain at all?
We register our clients outside of the AD domain via the DHCP server;
Our experience is that this can cause (minor) problems.
The basic issue is that, if you have an AD realm:
EXAMPLE
On Oct 24, 2012, at 6:50 AM, Nicholas F Miller wrote:
> Scavenging is a concern but we didn't have much choice. Our AD is only one of
> many subdomains and our DHCP spans all of them. If we used DHCP for DDNS
> records we wouldn't be guaranteed unique names. By limiting DDNS to just the
> AD we
On 10/24/2012 9:50 AM, Nicholas F Miller wrote:
On Oct 24, 2012, at 7:12 AM, Matus UHLAR - fantomas wrote:
We use Bind for all DNS including DDNS for our AD. We use GSS-TSIG to
control what record types and machines can make dynamic updates to our AD
zone. We use ISC's DHCP but don't allow it
On Oct 24, 2012, at 7:12 AM, Matus UHLAR - fantomas wrote:
>> We use Bind for all DNS including DDNS for our AD. We use GSS-TSIG to
>> control what record types and machines can make dynamic updates to our AD
>> zone. We use ISC's DHCP but don't allow it to do DNS updates since we use
>> GSS-TSIG
On 22.10.12 13:39, Nicholas F Miller wrote:
We use Bind for all DNS including DDNS for our AD. We use GSS-TSIG to
control what record types and machines can make dynamic updates to our AD
zone. We use ISC's DHCP but don't allow it to do DNS updates since we use
GSS-TSIG at the client level inste
We use Bind for all DNS including DDNS for our AD. We use GSS-TSIG to control
what record types and machines can make dynamic updates to our AD zone. We use
ISC's DHCP but don't allow it to do DNS updates since we use GSS-TSIG at the
client level instead.
Hi Carsten,
Thanks for the feedback, a top notch summary!
I have little experience in the AD arena for DNS/DHCP. Without being a too
loaded question, with your experience is it possible or common to have a very
knowledgeable understanding of the performance and health of an AD system
similar
Nicholas,
Are you using AD or Bind for DNS/DHCP? I'm assuming your using AD for
authentication.
Thanks for the feed back and input on the survey!
Survey Request: Active Directory with ISC Bind and DHCPD
http://www.surveymonkey.com/s/2VYNKW
-
Aaron Thompson
Network Architect for IT Operations
Michael, much appreciation for the feed back from our west coast Berkeley!
You wouldn't know or have a copy of that Gartner paper would you??
Best,
Aaron
-
Aaron Thompson
Network Architect for IT Operations
Berklee College of Music
1140 Boylston Street, MS-186-NETT
Boston, MA 02215-369
Kevin:
So I think you separated services and updated Bind statically, sorry If my
brevity description of your design is incorrect. Did you try or have any
success or difficulties of having Bind as master and AD resolve directly to it
as well as everyone else?
Thanks for the feed back and the
b...@bitrate.net wrote:
eful.
>
>
>to be honest, this doesn't seem to me to be something that would fall
>within bind's purview. comparing bind to "microsoft dns" isn't really
>apples to apples. microsoft dns is more than just a dns server. it's
>also a dns management system [whereas bind is no
Hello Aaron,
Aaron Thompson writes:
> I'm hopping to get some feedback from people who use ISC Bind and
> DHCPD in Active Directory environments.
[...]
>
> If you have any relevant feed back I would appreciate it. I'm looking
> for information on experience with Active Directory integration wi
On Oct 19, 2012, at 13.27, Phil Mayers wrote:
> Nicholas F Miller wrote:
>
>> DDNS record scavenging is the only feature I'm aware of that MS DNS has
>> that Bind doesn't . On the flip side, ISC Bind can ACL who can add
>> certain record types to a dynamic zone using GSS-TSIG as well as
>> supp
Nicholas F Miller wrote:
>DDNS record scavenging is the only feature I'm aware of that MS DNS has
>that Bind doesn't . On the flip side, ISC Bind can ACL who can add
>certain record types to a dynamic zone using GSS-TSIG as well as
>supports views and ACLs for recursion. Everything else should be
DDNS record scavenging is the only feature I'm aware of that MS DNS has that
Bind doesn't . On the flip side, ISC Bind can ACL who can add certain record
types to a dynamic zone using GSS-TSIG as well as supports views and ACLs for
recursion. Everything else should be standard DNS.
On 10/18/2012 3:17 PM, bind-users-requ...@lists.isc.org wrote:
Hi All,
I'm hopping to get some feedback from people who use ISC Bind and DHCPD in
Active Directory environments.
Currently we use Bind/DHCPD for dynamic DNS and DHCP. It's been a pretty
stable service, redundant and we are polli
Hi there,
On Thu, 18 Oct 2012, bind-users-requ...@lists.isc.org wrote:
ISC Bind in Active Directory (Aaron Thompson)
I'm hopping
Sometimes AD has that effect. :)
to get some feedback from people who use ISC Bind and DHCPD in
Active Directory environments.
I've been working on
On 10/18/12 11:03 AM, Aaron Thompson wrote:
> Hi All,
>
> I'm hopping to get some feedback from people who use ISC Bind and DHCPD
> in Active Directory environments.
>
> Currently we use Bind/DHCPD for dynamic DNS and DHCP. It's been a
> pretty stable service, redundant and we are polling statis
You should think of DNS hosting, DNS resolution and DHCP, as separate
services that can either be put together on a single platform, or run on
separate platforms in various combinations, interoperating with each
other. Another important factor is whether your AD domain is colocated
with a bunch
Hi All,
I'm hopping to get some feedback from people who use ISC Bind and DHCPD in
Active Directory environments.
Currently we use Bind/DHCPD for dynamic DNS and DHCP. It's been a pretty
stable service, redundant and we are polling statistics with Cacti. There is
concern by Management of usi
28 matches
Mail list logo
