January 28, 2001, 4:38 PM — In the last couple of columns, I've been covering strategies for supporting Active Directory's (AD's) DNS requirements, particularly from the standpoint of shops that have DNS implemented on non-Windows platforms such as Unix, Linux, or NetWare.
In my last column, I covered the first AD/DNS integration option -- migrating a Unix-based DNS to Windows 2000. In this column I follow up with option number two -- leveraging your current Unix-based DNS environment to support AD. In my next column, I'll round out the series by covering the third strategy -- integrating Windows 2000-based DNS servers with your current DNS environment.
If you've been in the business for more than say, a week, you can easily deduce that deploying AD on anything but a Microsoft-based DNS may not be such a great decision.
After all, Microsoft has shipped all the DNS features required to support AD right in the Windows 2000 box. And although you can support AD on a Unix-based server, in the back of your mind you have to wonder whether, at some point down the road, a bug will pop up that requires a specific fix or modification not available for DNS on your chosen platform.
Or what if a service pack makes a modification to the Windows 2000 DNS to support a specific feature, and you're out of luck because your DNS won't support the feature?
And then there is always the customer-support concern: Will Microsoft provide support if you're running on a Unix-based DNS? Although they might not turn you away, it's a safe bet that whoever is on the other end of the phone probably doesn't have much experience with your DNS implementation.
These are all very valid concerns, but with a good understanding of DNS and its deployment implications with respect to Active Directory, you might still decide that you can live with the risks -- especially if either migration or the effort required to support a mixed Unix/Windows 2000 DNS environment is undesirable. In other words, running AD on a Unix-based DNS might not be as terrible as the idea first sounds.
The path of least resistance
For starters, you avoid the planning overhead required to move completely to Windows 2000 DNS (i.e., the DNS migration scenario), and you won't need to plan for accommodating the various workaround issues (some of which I will cover in my next column) that are called for when implementing a mixed Unix/Windows 2000 DNS architecture. And although the version of BIND you are running may require an update, the current DNS infrastructure that you may have relied on for years stays otherwise intact.
Given these factors, proposing to support AD on an existing Unix-based DNS will probably be the path of least resistance in your organization. Here are some key elements and examples to assist you in your planning.