Integrating with Third-Party DNS Solutions

Plan a host name resolution strategy.

• Examine the interoperability of DNS with third-party DNS solutions.

It's a fact of life that many organizations already have existing DNS solutions in place, such as Unix BIND. In some cases, these existing BIND servers might not meet the DNS requirements of Active Directory. Table 3.4 outlines the features of some of the more common versions of BIND in use.

Table 3.4. Features of Various BIND Versions

If you are faced with a situation in which you are dealing with other DNS systems, you have two basic choices of implementation:

• Upgrade existing DNS systems to meet the DNS requirements of Active Directory. For BIND, versions 8.1.2 and later are sufficient.

• Migrate existing DNS zones to Windows Server 2003 DNS.

Although it is recommended that you use only Windows Server 2003 DNS servers to ensure full support for Active Directory, you can use any DNS system that meets the following specifications:

• Support for SRV resource records

• Dynamic updates per RFC 2136

Although support for dynamic updates is highly recommended, it is not mandatory. Support for SRV resource records is mandatory, however, because they are required to provide DNS support to Active Directory.

If you have Unix BIND servers in your DNS infrastructure, you should consider placing them as secondaries instead of primaries. By default, Windows Server 2003 DNS servers use a fast zone transfer format whereby compression is used and multiple records can be sent in a single TCP message. BIND versions 4.9.4 and later support fast zone transfers. If you are using an earlier version of BIND or another third-party DNS system that does not support fast zone transfers, you must disable fast zone transfers. When you select the BIND Secondaries option (see Figure 3.9), fast zone transfers are disabled for that server.