Bind + AD howto

Named directory BIND: bind executes http://www.ibiblio.org/gferg/ldp/BIND+AD-HOWTO/2. Start refreshing ing

Alright, let's get started.

2.1 compiling bind

For complete and detailed compilation and debugging on bind, please refer to the bind-howto as this is not covered here.

First, let's get the latest version:
wget ftp://ftp.isc.org/isc/bind9/9.2.0/bind-9.2.0.tar.gz

To unpack and compile:
tar zxvf bind-9.2.0.tar.gz
cd bind-9.2.0
./configure --prefix=/var/named
make

To install (must be root ):
make install

Now BIND is configured to put all its configuration files in/var/named. If you wish to put it elsewhere You may, but keep in mind that this document will base itself on this location.

 

2.2/etc/named. conf

First off, we will want to make an ACL for the ad servers on the network assuming you're using 10.10.10.0/24 as internal IP's. this is not necessary, but will make the config file easier to read if you have several ad servers.
The following information is to be entered in/etc/named. conf in addition to your own options.

  acl "ADservers" {  10.10.10.2; 10.10.10.3  };

It is also possible to specify whole network blocks although this is not recommended for security reasons.

Next, we want to specify the location where the dynamic files entries will be stored. In this example we will use/var/named/etc.

  zone "10.10.10.in-addr.arpa" {  type master;  file "reverse/10.10.10.db";  allow-update {ADservers;};  };  zone "domain.com" {  type master;  file "etc/domain.com.db";  check-names ignore;  allow-update {ADservers;};  };  zone "_msdcs.domain.com" {  type master;  file "etc/_msdcs.domain.com.db";  check-names ignore;  allow-update {ADservers;};  };  zone "_sites.domain.com" {  type master;  file "etc/_sites.domain.com.db";  check-names ignore;  allow-update {ADservers;};  };  zone "_tcp.domain.com" {  type master;  file "etc/_tcp.domain.com.db";  check-names ignore;  allow-update {ADservers;};  };  zone "_udp.domain.com" {  type master;  file "etc/_udp.domain.com.db";  check-names ignore;  allow-update {ADservers;};  };

2.3 touching the dynamic zone files

The dynamic zone files (_ domain.com, _ tcp.domain.com, _ tcp.domain.com, _ udp.domain.com, _ region and _ sites_domain.com) need to exist before we start up the system. insert the following RR's (resource records) into each dynamic zone file. beware that_tcp.domain.comOn line three and$origin _tcp.domain.comOn line elleven must be changed to reflect its filename.

  $ORIGIN .  $TTL 86400 ; 1 day  _tcp.domain.com INSOA hostname.domain.com. hostmaster.domain.com. (2002010101 ; Todays serial28800 ; refresh (8 hours)7200 ; retry (2 hours)2419200 ; expire (4 weeks)86400 ; minimum (1 day))NS ns.domain.com.  $ORIGIN _tcp.domain.com.

 

2.4 does it work?

Do'killall namedAnd'named'To restart the named daemon. The locator records will automatically update themselves when the client machines are rebooted.
To verify that everything is in order, do'tail -f /var/log/messages'. You shoshould se something that looks like this:

  Jan 01 15:44:21 xxx named[4304]: adding an RR  Jan 01 15:44:21 xxx named[4304]: journal file etc/domain.com.db.jnl does not exist, creating it  Jan 01 15:44:22 xxx named[4304]: adding an RR  Jan 01 15:44:22 xxx named[4304]: journal file etc/_tcp.domain.com.db.jnl does not exist, creating it  Jan 01 15:44:22 xxx named[4304]: adding an RR  Jan 01 15:44:22 xxx named[4304]: journal file etc/_msdcs.domain.com.db.jnl does not exist, creating it  Jan 01 15:44:22 xxx named[4304]: adding an RR  Jan 01 15:44:22 xxx named[4304]: journal file etc/_udp.domain.com.db.jnl does not exist, creating it  Jan 01 15:44:22 xxx named[4304]: adding an RR  Jan 01 15:49:20 xxx named[4304]: journal file etc/_sites.domain.com.db.jnl does not exist, creating

The "Journal File ETC/_ * .domain.com. DB. JNL does not exist, creating it "message is generated when a Windows 2000 Server (non-AD) attempts to update bind9 configured with the conf file. this is a good thing.