Chapter 8 Cooperation with BIND Server This chapter includes: • Communication between domain name servers. Although the domain name server is compatible with the early B I N D-based domain name server, there will be a problem. This section provides some precautions for communications between these domain name servers. • Transplant from B I N D to Windows 2000 DNS. This section gives some of the necessary operations that integrate or replace B i N D based domain name servers with Microsoft D N s. • Run B I N D on Wi N D O W s. Although the option not supported by the Windows 2000 domain environment is available, it is given a warning for B i N d in Wi N D O W S. • Other boot files and domain district files. The integration of B I N D to Microsoft D N S and B I N D and Microsoft D N S. Need to note some of the domains and profile details provided here. 8.1 Communication between domain name servers All domain name servers should be communicated with each other. If they are not (or can't), I N T E R N e T hostname will never be parsed. Microsoft D N s is consistent with the R f C standard in how other domain name server communications. The communication content that the domain name server must understand is query, query response, and domain transmission. Query and response As the basic element of the name resolution, its meaning is self-definition. The query from the client to the server may cause the server to issue an additional query until the answer is found and returned to the client. Domain area transmission is a mechanism that allows the primary server to propagate information to slave servers, thereby increasing the ability of the "distributed" system. Message formats and query packets have the same structure and bit arrangement order. Windows 2000D N S Servers make correct reception and responses to iterate queries and recursive queries. Although the Windows 2000 DNS server is compatible with standards, but also pay attention to some questions with features that are brought by options. The use of the active directory has a certain limit on the selection of D N s services. Need support for S RV record types. If you support dynamic updates, it is recommended to use the increment transfer and advertisement options. The first successful support of this binding B i n D version is BIND 8.1.2. Before entering the specific discussion, the one to mention is the use of Microsoft's proprietary W i N S and W i N S - R records, forget to exclude them from the domain information of the D n s server transferred to non-Microsoft. 8.1.1 Communication with BIND 4.9.4 and earlier, generally speaking, using bind 4.x In addition to some very special circumstances, it cannot meet all needs well. If you use a domain environment, the active directory requires D N S to support S RV records. These problems need to be considered in some cases that need to interactive operations. For Windows 2000 DNS servers and domain name servers based on BIND 4.9.4 or earlier, you need to pay attention to messages sent during domain zones. Although the R f C has been written, the early version of B I N D and its secta will still have problems on the messages including multiple resource records. If this happens, administrators should pay attention to setting up a Windows 2000D N S server to send a message that includes only one resource record to the B I N d server during the domain area. This reduces many of the issues related to the transmission of themselves with the domain, and also protects "health" and "intact" of other domain names in the network. In NT 4.0 This is capable of implementing the Bind SecondAires line in the startup file, or editing the key value of the Bind Secondaries in the registry in all versions, or "A DVANCED (Advanced) in the server properties in Windows 2000 "Set the bind secondary server option in the tab. In Windows 2000, this option does not affect the transmission between two Windows 2000 DNS servers, this setting is within the server range, affecting all domain regions of the secondary servers. In NT 4.0, if the administrator wants to change by editing the boot file in the registry, the domain name service system starts from the registry and is running, and the administrator should follow the following steps: 1) Change the registry key value. Instead of "starting from file" instead of "starting from registration".
2) Create a boot file that matches the current configuration. 3) Restart the domain name server to start it from the file. 4) Open the D N s Manager and execute "Update Server Data Fives under the D N S menu. The key value of this operation affects this operation includes a binary operator, and the key value of Bind SecondeCries is set to 0 or 1. The binary value 1 represents, indicating that the B i N D secondary server, 0 represents the non-state. NT 4.0 There is a disadvantage that the lack of a tool to generate D N s startup files that match the registry setting, which has been overcome in the Windows 2000 version. Since the fact that the configuration settings may be lost in the delivery, the swing between the startup file and the registration is not bound to bring the problem itself, so the administrator should pay attention to each detail when doing these or some other changes. Windows 2000 has resolved these issues because the registry and startup files are consistent when the server is started from the file. 8.1.2 Communication with BIND 8 For Bind 8, there is no need to worry about the number of resource records in the message, but B i n D 8 has some new interests. If BIND 8 is used as a master server, Microsoft D n s management and must pay attention to the correct query to the primary server. That is, BIND 8 can filter a request from a particular address and port. A system running Bind 8 has two addresses and provides domain information to external networks and internal networks. The BIND 8 server can be configured to give different responses based on the number of interfaces that receive the query, even for the number of ports used to communicate. BIND 8 allows administrators to define who to perform domain zones, who gives the system, and even the number of ports allowed when the client is queried. If you use Microsoft D N S as a secondary server, be sure to ensure that access control is properly set to allow the domain area of the secondary server to transmit, and ensure that the secondary server points to the correct interface. As mentioned earlier, BIND 8.1.2 supports the minimum requirements for use of the active directory. So, use B i n d in BIND 8.1.2 or later as a secondary server, not only possible, but also does not have problems. However, Bind 8.1.2 or higher will be violated in many environments, and sometimes even the source authority of the Windows 2000 DNS server may not be impossible. In this case, there is a need to solve many problems. When b i n D is used as a primary server, the fact that must be mentioned is that the Windows 2000 client implementation is safe to understand and use, at least in the first version of Windows 2000. This means that you can't use the security mechanism that you can use. The result is that you may choose not to use dynamic updates. This in turn means that a record of A record, pointer record, and other record types must be manually maintained, and also includes S RV records and their structure. Chapter 7 provides in-depth discussions on these issues. If only the initial N e T L O G O n. D N S records are added, the Windows 2000 Active Directory does not optimize its access path. If N e t l o g o, some sites such as _ S i t e, update S RV record,, active directory 90 second part uses Windows 2000 DNS server
Will optimize its access path. 8.2 Transplantation from B I N D to Windows 2000 DNS One Administrator runs B i N D to implement the Windows 2000 D n s method must first answer two questions: • Will Windows 2000 DNS will be used in combination with B I N D? If so, is it a primary server or auxiliary server? Are there any version of B i n d? • Does Windows 2000 DNS will instead of B i N d? Or does it function only in the domain (sub-domain) in the domain? If the Windows 2000 DNS server is used in combination with B i n d, you must know what version of B i N D is used. If BIND 8 is used with Windwos 2000 DNS, the Windows 2000 DNS is used as a secondary server and does not use an active directory, and the problem with Windows 2000 DNS will be small. Administrators only need to establish Windows 2000 DNS on the auxiliary domain. Unless the Windows 2000 DNS computer is also a auxiliary master server, there are other secondary servers to get the domain area from it, then there is no other thing to do. For primary servers, the problem is just related to the establishment of the server. The Windows 2000 DNS server does not load the configuration file of the BIND 8, which means that the configuration of Wi N D O W S2000 DNS must be manually or using a unproced profile. For more information on manual configuration, see Chapter 11. It is hoped that with the consolidation of D N S S E C and D N S I N D Working Group, they can be recognized to enable the consistent recognition of standard revisions that support dynamic updates, that is, produced products from a wide industry. By then, the D N S server protects the update operation by using the use of ownership, will only have limited interactive operational capabilities. The implementation of Windows 2000D N s does not support RFC 2137 and limits the individual choice. But there are many other D N s to support this R f C. If you don't need to support an active directory, you should understand and consider the problems mentioned in front. The simplest coexistence method is that Windows 2000 will authorize the source authority when used in its D N S service. If the Microsoft D N S server will use the primary server, the source of the domain area file is also required. The domain area file can be copied if the server is from a server. Because they are formatted text files, there is no need to give special warnings. The only potential problem is that new adding is not supported by Microsoft D N S. Microsoft said that such a record will be skipped, and Windows 2000 supports almost all resource record types. In actual transplantation, consider this situation in which Windows 2000 DNS is replaced with B i n d as the primary server. Because of the controversy, Windows 2000 DNS is set to the participant of the active directory, and the D N S record will be integrated in the active directory. At the beginning, you need to install the operating system and D N S servers for the Windows 2000 server (see Chapter 11). After these completions, the next step is to transplant domain data to a new server. It is recommended that the easiest way to perform: 1) Set the Windows 2000 DNS server as a secondary server by creating a private domain area in the D n S management interface. 2) Verify that the new "slave" server transmits access to the domain area from B I N D. 3) Start the new server, or manually forced to transmit, or use the "Transfer From M) option in the CO N t e x t menu" "" options in the TRANSM A S TEE R (from the primary server) "option. In a few seconds (usually), the domain zone file is transmitted to a new server.
4) Verify that the new server is configured to start from the file (in the server properties "A D V a N C E D (Advanced)" tab). 5) Let the new domain server offline, and reset the primary server according to steps 6-8. 6) Delete the domain area configuration (start file) for the auxiliary domain area just transmitted; Note that this is not to delete the domain area file itself. Chapter 8 and B I N D Server Cooperation 917) Use the primary server instruction and create a new configuration as the source of the domain zone as the domain. 8) Change the I P address of the new server to match the existing primary server. 9) Turn off the existing primary server to enable the new Windows 2000 DNS server online. 10) The storage mode integrated into the active directory is changed. 8.3 Other possibilities of running B I n d on the N t on the N t are used to use B i n D ported to N t. One disadvantage of this method is that the B i N D port of N t is BIND 4.9.7 based. It is now a version that is not recommended and does not pay any effort to support this version. Another factor for disappointing this port is designed for NT 4.0. This version is doubt under Windows 2000 version. If you intend to run B i n d, you should not use this method, and you should choose a solution based on U N i x. 8.4 Other Startup Files and Different Domain Area Files The main thing that should be remembered is to configure W i N s integration when the Microsoft D N S servers. Because the R f C file regarding D N S does not require the use of W i N s, and W i n s has become inconvenient, it will mainly use it to support traditional operating systems and applications, but this is a problem in a few years. If W i N s is used to support N E T B I O S client (see Chapter 1 6) and use W i n s pseudo resource records, remember to remove these records when transmitting domain zones to all non-Microsoft D N s servers. Windows 2000 DNS Server Only Cache, primary server, and secondary server instructions in its boot file. Other information may cause problems or ignored. Finally, it is worth mentioning that the Bind XFRNETS directive is bind. Essentially, Microsoft D n s does not support this instruction, and it will generate an error message in the event log, but does not hinder the operation of the domain server, just mark the unlaminated instruction, and continue. 8.5 Summary This chapter collects an evaluation of an option to deliver to B I N D and Microsoft D N s interactive operation. It indicates that the selection ranges from personal goals, especially depending on the active directory, which is required to be supported by the Active Directory. When there is no need to support support, Bind 8.1.2 and Wi N D O W S2000 DNs can exchange and interact with each other in addition to some specific B I N D configuration extensions. 92 Part II uses Windows 2000 DNS Server
