DNS has been around for a long time -- in fact, much longer than Active Directory. As you are well aware, AD relies upon DNS for much of its name resolution activities. While Windows 2000 Server and Windows Server 2003 include reliable and robust DNS services that are directly and automatically integrated into AD when deployed together, you don't have to use Microsoft's DNS to deploy an AD domain.
In order to deploy AD with a non-Microsoft DNS you need to ensure that the DNS system supports SRV resource-locator records. This feature was first added to BIND DNS version 8.1.2. As long as your deployed DNS supports this key feature, you should have little difficultly getting AD to work. DNS SRV records are defined in RFC 2782.
A few other simple caveats or configuration details, and you should have AD working over non-MS DNS in no time:
- A forward lookup zone with the same name as the AD domain must exist.
- All authoritative DNS servers must contain a name server (NS) and start of authority (SOA) record.
- Each domain controller must have an A record (i.e. a host record) registered in the DNS system.
- The primary forward lookup zone must contain a sub-zone named _msdcs. This sub-zone must contain NS records for each DNS server in the domain.
- The primary forward lookup zone must contain a sub-zone named _msdcs.domainname. This sub-zone must contain its own SOA record and an NS record for each DNS server in the domain
For additional details on configuring DNS to support AD, please see the Microsoft whitepaper: Windows 2000 DNS.
James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.
This was first published in November 2003