How to use non-Microsoft DNS for AD

DNS has been around for a long time -- in fact, much longer than Active Directory. As you are well aware, AD relies upon DNS for much of its name resolution activities. While Windows 2000 Server and Windows Server 2003 include reliable and robust DNS services that are directly and automatically integrated into AD when deployed together, you don't have to use Microsoft's DNS to deploy an AD domain.

In order to deploy AD with a non-Microsoft DNS you need to ensure that the DNS system supports SRV resource-locator records. This feature was first added to BIND DNS version 8.1.2. As long as your deployed DNS supports this key feature, you should have little difficultly getting AD to work. DNS SRV records are defined in

Requires Free Membership to View

RFC 2782.

A few other simple caveats or configuration details, and you should have AD working over non-MS DNS in no time:

  • A forward lookup zone with the same name as the AD domain must exist.
  • All authoritative DNS servers must contain a name server (NS) and start of authority (SOA) record.
  • Each domain controller must have an A record (i.e. a host record) registered in the DNS system.
  • The primary forward lookup zone must contain a sub-zone named _msdcs. This sub-zone must contain NS records for each DNS server in the domain.
  • The primary forward lookup zone must contain a sub-zone named _msdcs.domainname. This sub-zone must contain its own SOA record and an NS record for each DNS server in the domain

For additional details on configuring DNS to support AD, please see the Microsoft whitepaper: Windows 2000 DNS.

James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.

This was first published in November 2003

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.