HPE Community
Operating System - Linux
1831672 Members
1935 Online
110029 Solutions
New Discussion

Linux (UNIX) and Windows DNS

 
SOLVED
Go to solution
mvr
Regular Advisor

‎05-05-2003 05:55 AM

‎05-05-2003 05:55 AM

Linux (UNIX) and Windows DNS

I have set up DNS on the Windows 2000 and Linux 8.0 (UNIX 11i), the DHCP is setup on the Windows machine as well.
DNS servers are not configured as the Primary or Secondary servers yet.
I would need to configure Windows DNS to automatically do the update and forward that information to the Linux (UNIX) DNS.
We want the clients to resolve the address from the Linux (UNIX). My understanding is that there are special settings (zone) on the Linux (UNIX) side in order to filter a lot of the "garbage" from the Windows environment.
Reason why I'm saying "Linux (UNIX)" is that I'm doing this project in the Linux test environment, but final implementation will have to be on the UNIX 11i.

Any help or suggestion would be helpful.

Miro
0 Kudos
Reply
10 REPLIES 10
Tim Sanko
Trusted Contributor

‎05-05-2003 06:09 AM

‎05-05-2003 06:09 AM

Re: Linux (UNIX) and Windows DNS

Miro,

First, if you can get DNS into any UNIX it tends to be more reliable than 2000 IMHO.

We are running our DNS from RedHat 7.3. It seems to work 3-5 X faster than our previous sunOS -> NT -> 2000 implementations. an 11i box with gig connectivity might be the optimal configuration.

If you are talking throughput for large systems, an HP multiprocessor 2-way (2470) may be more than enough. We use a 2way Compaq for our linux timeservers/DNS servers.

Networks services in Windows is a bad deal for everyone.

Tim
0 Kudos
Reply
Tim Sanko
Trusted Contributor

‎05-05-2003 06:18 AM

‎05-05-2003 06:18 AM

Re: Linux (UNIX) and Windows DNS

Continuation of above....

I only try to minimize any of the proprietory Windows protocol. I like to isolate Windows on its own VLAN and
not route non ip.

We found that nb traffic used over 30 % of the available bandwidth on any network it could reach if allowed on our network...

So by isolating Windows with nb (netbios) on certain vlans , we were able to reduce our core traffic by over 30%.

The real question is how large is your network? if it is a 100 node or larger network, analysis may help to determine how to isolate the "garbage". I used Network Sniffer to isolate the problems we had on 100 MB segments. I haven't got the tools to do that on Gig fibre yet.

Tim
0 Kudos
Reply
mvr
Regular Advisor

‎05-05-2003 06:26 AM

‎05-05-2003 06:26 AM

Re: Linux (UNIX) and Windows DNS

I do agree what you are saying.
I believe that UNIX is more stable platform and lookup would be faster for the clients, but decision wasn???t made by me.

I just work here ....

Miro
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎05-05-2003 08:30 AM

‎05-05-2003 08:30 AM

Re: Linux (UNIX) and Windows DNS

Unfortunately Windows does not always follow standards, which makes your job harder.

You should be able to set up Linux 8.0, whatever that is to act as a secondary server.

It will require access rights to the Windows 2000 servers. Certain dns databases such as the root servers will have to be downloaded once.

By Unix 11i, I believe you mean HP-UX 11i, since thats the only product I know by that name.

You'll want to have the latest BIND release installed.

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=BIND9.2

For your Linux test environment, you'll need all BIND patches installed as well.

The good news is the Linux test environment should have compatiable configuration with the HP-UX one. You may run into some problems with the named.conf file.

From the man page of BIND

named.1m - Internet domain name server
dnssec-keygen.1 - Key generation tool for DNSSEC
dnssec-makekeyset.1 - Program used to produce a set of DNS keys.
dnssec-signkey.1 - DNSSEC keyset signing tool
host.1 - DNS lookup utility
nslookup.1 - Program used to query nameservers interactively.
nsupdate.1 - Dynamic DNS update utility
lwresd.1m - Lightweight resolver daemon
rndc.1 - Name server control utility
rndc.conf.4 - rndc configuration file
sig-named.1m - Program used to send signals to the nameserver.
named-checkconf.1 - named configuration file syntax checking tool
named-checkzone.1 - Zone validity checking tool
hosts_to_named.1m - Program used to translate host table to name server file format.
dig.1m - Domain information groper
rndc-confgen.1 - rndc key generation tool
named-conf.4 - Configuration file for name daemon

Information on setting up a primary server which includes a discussion of secondary or slave server...http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B2355-90685/B2355-90685_top.html&con=/hpux/onlinedocs/B2355-90685/00/00/23-con.html&toc=/hpux/onlinedocs/B2355-90685/00/00/23-toc.html&searchterms=9%7cslave%7cserver%7cDNS%7cBIND&queryid=20030505-102853

BIND 9 Release notes.

http://docs.hp.com/hpux/onlinedocs/B5969-4338/B5969-4338.pdf

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Steven E. Protter
Exalted Contributor

‎05-05-2003 08:31 AM

‎05-05-2003 08:31 AM

Re: Linux (UNIX) and Windows DNS

Unfortunately Windows does not always follow standards, which makes your job harder.

You should be able to set up Linux 8.0, whatever that is to act as a secondary server.

It will require access rights to the Windows 2000 servers. Certain dns databases such as the root servers will have to be downloaded once.

By Unix 11i, I believe you mean HP-UX 11i, since thats the only product I know by that name.

You'll want to have the latest BIND release installed.

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=BIND9.2

For your Linux test environment, you'll need all BIND patches installed as well.

The good news is the Linux test environment should have compatiable configuration with the HP-UX one. You may run into some problems with the named.conf file.

From the man page of BIND

named.1m - Internet domain name server
dnssec-keygen.1 - Key generation tool for DNSSEC
dnssec-makekeyset.1 - Program used to produce a set of DNS keys.
dnssec-signkey.1 - DNSSEC keyset signing tool
host.1 - DNS lookup utility
nslookup.1 - Program used to query nameservers interactively.
nsupdate.1 - Dynamic DNS update utility
lwresd.1m - Lightweight resolver daemon
rndc.1 - Name server control utility
rndc.conf.4 - rndc configuration file
sig-named.1m - Program used to send signals to the nameserver.
named-checkconf.1 - named configuration file syntax checking tool
named-checkzone.1 - Zone validity checking tool
hosts_to_named.1m - Program used to translate host table to name server file format.
dig.1m - Domain information groper
rndc-confgen.1 - rndc key generation tool
named-conf.4 - Configuration file for name daemon

Information on setting up a primary server which includes a discussion of secondary or slave server...http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B2355-90685/B2355-90685_top.html&con=/hpux/onlinedocs/B2355-90685/00/00/23-con.html&toc=/hpux/onlinedocs/B2355-90685/00/00/23-toc.html&searchterms=9%7cslave%7cserver%7cDNS%7cBIND&queryid=20030505-102853

BIND 9 Release notes.

http://docs.hp.com/hpux/onlinedocs/B5969-4338/B5969-4338.pdf

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Sachin Patel
Honored Contributor

‎05-05-2003 12:35 PM

‎05-05-2003 12:35 PM

Solution

Re: Linux (UNIX) and Windows DNS

Hi Miro,
How is your testing going?
Redhat 8.0 has a gui command redhat-config-dns.

There is a option in Win-dns. You just have to find it and click it for dynaminc update and automatic zone transfer.

Sachin
Is photography a hobby or another way to spend $
Reply
mvr
Regular Advisor

‎05-05-2003 03:21 PM

‎05-05-2003 03:21 PM

Re: Linux (UNIX) and Windows DNS

Sachin,

Thank you for checking on me.
I did play today with the different configuration. I found the settings in the windows, but could you tell me exact command for the Linux.

Miro
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎05-05-2003 05:24 PM

‎05-05-2003 05:24 PM

Re: Linux (UNIX) and Windows DNS

I'm checkin up on you do.

This looks like the best example for you.
http://librenix.com/?inode=148


This web site seems to have a specific Linux example for a secondary(slave) dns server. It may include the command you are looking for.

http://www.linux-sec.net/DNS/

Its also got some great security improvements you might want to make.

Example Secondary DNS
Old style named.boot method
vi /etc/named/named.boot
secondary primary.com 1.2.3.4 ZX/primary.zx
boot2conf.pl < named.boot > named.conf


New named.conf method
vi /etc/named/named.conf
zone "primary.com" {
type slave;
file "ZX/primary.zx";
masters {
1.2.3.4;
};
};


Restart the named daemon


You can thank your uncle google.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Steven E. Protter
Exalted Contributor

‎05-05-2003 05:26 PM

‎05-05-2003 05:26 PM

Re: Linux (UNIX) and Windows DNS

Another example for you.

http://www.freebsddiary.org/secondary.php

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Sachin Patel
Honored Contributor

‎05-06-2003 05:44 AM

‎05-06-2003 05:44 AM

Re: Linux (UNIX) and Windows DNS

Hi Miro,
Steven's link has some nice information.

I didn't understand what kind of command you are looking.

Also make sure you do not have firewall setup on linux system.
To disable firewall on redhat8.0
#iptables -F


Our setup was like

dgc.com
|
-------------------------
| | |
us.dgc.com ca.dgc.com sg.dgc.com


My Linux system was master of dgc.com domain. We had a three win2k system having dynamic update capability. ca.dgc.com, us.dgc.com, sg.dgc.com.

Linux system was slave of that second level domain. sg=singopore, ca=canada, us=usa.

Now all the dynamic update happens on windows sysntm and they will send autoupdate right away to linux system.

Now if us.dgc.com want to know something about ca.dgc.com it sends it request to linux system and it knows about it.



Here is what my configuration was look like in linux box.

#cat /etc/named.conf
## named.conf - configuration for bind
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

include "/etc/named.custom";

include "/etc/rndc.key";

options {
directory "/var/named/";
};

logging {
channel notify_file {
file "/var/log/messages";
};

category "default" { "default_syslog"; };
};


zone "0.0.127.in-addr.arpa" {
type master;
file "0.0.127.in-addr.arpa";
};


//allow transfer=win2k systems.
zone "dgc.com" {
type master;
file "dgc.com.zone";
allow-transfer {
10.35.1.60;
10.35.1.61;
10.32.11.65;
10.10.97.87;
10.32.2.19;
};

};


//Secondary zones
//10.35.1.60=win2k servers's ip
zone "ca.dgc.com" {
type slave;
file "sec.ca.dgc.com";
masters {
10.35.1.60;
};
};

zone "us.dgc.com" {
type slave;
file "sec.us.dgc.com";
masters {
10.32.11.65;
};
};
zone "sg.vgc.com" {
type slave;
file "sec.sg.dgc.com";
masters {
10.10.97.87;
};
};



Sachin
Is photography a hobby or another way to spend $
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.