[RHEL5] How to configure Red Hat Enterprise Linux Bind 9 to support Microsoft Active Directory ;
Environment
- Red Hat Enterprise Linux 5 box with DHCP and DDNS pre configured ;
- Berkeley Internet Name Daemon 9 ;
- Microsoft Windows Server 2008 ;
- Microsoft Active Directory ;
Issue
- Customer wants to disable Microsoft Windows Server DNS and DHCP built-in services in a Active Directory environment and use Bind shipped with RHEL 5.
Resolution
-
Scenario example used in this article :
Active Directory Server IP Address: 192.168.100.8 Domain: example.com RHEL FQDN: server01.example.com -
After configure the basic services (DHCP and DDNS) in RHEL 5 box, edit named.conf and put the following zones :
... // Active Directory Mandatory Zones zone "_msdcs.example.com" { type master; file "_msdcs.example.com.zone"; allow-update { 127.0.0.0/8; 192.168.100.8; }; }; zone "_sites.example.com" { type master; file "_sites.example.com.zone"; allow-update { 127.0.0.0/8; 192.168.100.8; }; }; zone "_tcp.example.com" { type master; file "_tcp.example.com.zone"; allow-update { 127.0.0.0/8; 192.168.100.8; }; }; zone "_udp.example.com" { type master; file "_udp.example.com.zone"; allow-update { 127.0.0.0/8; 192.168.100.8; }; }; ... -
Create the zone files :
# touch /var/named/chroot/var/named/_msdcs.example.com.zone # touch /var/named/chroot/var/named/_sites.example.com.zone # touch /var/named/chroot/var/named/_tcp.example.com.zone # touch /var/named/chroot/var/named/_udp.example.com.zone -
Now edit the zone files to look something like this.
-------------------------------------------------------------------------------------------------- /var/named/chroot/var/named/_msdcs.example.com.zone $ORIGIN . $TTL 86400 ; 24 hours _msdcs.example.com IN SOA server01.example.com. root. ( 0 ; serial 86400 ; refresh (24 hours) 3600 ; retry (1 hour) 172800 ; expire (2 days) 3600 ; minimum (1 hour) ) NS server01.example.com. $ORIGIN _msdcs.example.com. -------------------------------------------------------------------------------------------------- /var/named/chroot/var/named/_sites.example.com.zone $ORIGIN . $TTL 86400 ; 24 hours _sites.example.com IN SOA server01.example.com. root. ( 0 ; serial 86400 ; refresh (24 hours) 3600 ; retry (1 hour) 172800 ; expire (2 days) 3600 ; minimum (1 hour) ) NS server01.example.com. $ORIGIN _sites.example.com. -------------------------------------------------------------------------------------------------- /var/named/chroot/var/named/_tcp.example.com.zone $ORIGIN . $TTL 86400 ; 24 hours _tcp.example.com IN SOA server01.example.com. root. ( 0 ; serial 86400 ; refresh (24 hours) 3600 ; retry (1 hour) 172800 ; expire (2 days) 3600 ; minimum (1 hour) ) NS server01.example.com. $ORIGIN _tcp.example.com. -------------------------------------------------------------------------------------------------- /var/named/chroot/var/named/_udp.example.com.zone $ORIGIN . $TTL 86400 ; 24 hours _udp.example.com IN SOA server01.example.com. root. ( 0 ; serial 86400 ; refresh (24 hours) 3600 ; retry (1 hour) 172800 ; expire (2 days) 3600 ; minimum (1 hour) ) NS server01.example.com. $ORIGIN _udp.example.com. -
Change the owner so BIND can write to the zone files and create it's journal files :
# chown -R named:named /var/named/chroot/var/named/ -
Finaly, restart the daemon :
# service named restart -
After this, when the dcpromo.exe try to promote a domain, the Microsoft Windows Server will write all needed SRVs entries in BIND using DDNS capabilities.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments