Table of Contents

Bind 9 DNS

Project Member(s)

Purpose

Currently DNS is handled by the internal “Windows” DNS server feature of the Samba Active Directory domain controllers, sambaad1, samabad2, sambaad3, and these VMs should remain the DNS servers because AD's functionality is heavily tied to the DNS server. AD handles the creation and manipulation of many service records, such as offering LDAP service records to the DNS domain automatically when DCs are created or destroyed, and machine records.

Samba offers the feature to tie directly into a BIND9 DNS server to offer this zone functionality as well as manipulation of records via the samba-tool command line utility. As an added bonus it is also easy to convert all of them at the same time to properly test automatic record replication and can be simply reverted via Samba's own functionality and documentation.

The main benefit of this change is it should allow us to expand the DNS functionality of our network to include automatic trusted and untrusted zone updates. Trusted zone updates for zones containing servers and VM and untrusted updates for zones with member machines. This would include having to move the 172.29.1.0/24 subnet to refer to a DNS zone such as lan.acm.cs which can be separately configured from a zone like acm.cs which would then use a trusted update the requires further configuration on the servers in that zone to function correctly such as adding the serer DNS records and, if my understanding is correct, would require configuring Kerberos site keys or some kind of shared hash password for the zone. The Samba and BIND 9 documentation should be looked at further for more details on those features.

Resources

Progress

*Fill in when updates to document*