Configure BIND for Active Directory

Configure BIND for Active Directory, BIND9 and newer versions support integration with Active Directory Controllers.If you already have running Primary and Secondary BIND servers in your network and want to integrate it with Active Directory Controller this is what you need to do.Let’s say your domain controller is in ad.mydomain.com ( i would suggest you do a subdomain for you Active Directory like “ad” under your main domain “mydomain.com”) and your domain controller name is DC1:

    1. In your named.conf

      1. On Primary DNS under internal view:

        1. //Zone entry Active Directory domain ad.mydomain.com.
          Zone "ad.mydomain.com" IN{
          type master;
          file "db.ad.mydomain.com";
          allow-update { "Domain Controller IP address"; };
          };
        2. Restart named service.

      2. On Secondary DNS under internal view:

        1. //Zone entry Active Directory domain ad.mydomain.com.
          Zone "ad.mydomain.com" IN {
          type slave;
          file "slaves/db.ad.mydomain.com";
          masters { "Primary DNS IP"; };
          allow-notify { "Primary DNS IP"; };
          allow-update { "Domain Controller IP"; "Primary DNS IP"; };
          };
        2. Restart named service.

  1. Check your configuration.

    1. On the Secondary DNS:

      1. Check you have this file db.ad.mydomain.com under /slaves dir, it should look like the one you create in your Primary DNS server.
      2. If it’s not there check the logs of BIND especially the xfer.
    2. On the Domain Controller you should have set that you will use external DNS server.

    3. Restart the NETLOGON service on the Domain Controller.

    4. In the command prompt enter IPCONFIG /REGISTERDNS to initiate the update to db.ad.mydomain.com on the Primary DNS server.

    5. Check the update.log of BIND for any errors on the Primary DNS server.

      1. If you see error like this one:
      2. error: journal open failed: unexpected error
      3. Check your permissions on named files should be named:named or your BIND running user.Also check /var/named/ , BIND user should have write permissions there.
    6. After that check that you have a journal file like this one db.ad.mydomain.com.jnl on the Primary DNS server.

    7. Execute the cat command in your Primary DNS server on file db.ad.mydomain.com it should look like this one.

    8. Check that you have the journal file db.ad.mydomain.com also on your Secondary DNS server.

    9. Test the DNS configuration from the Domain Controller at the command prompt enter:

    10. dcdiag /test:registerindns /dnsdomain:ad.mydomain.com /v 

You should see message like this:

Starting test: RegisterInDNS
 DNS configuration is sufficient to allow this domain controller to
 dynamically register the domain controller Locator records in DNS.
The DNS configuration is sufficient to allow this computer to dynamicall
 register the A record corresponding to its DNS name.
......................... DC1 passed test RegisterInDNS

This is a successful pass to configure BIND for Active Directory configuration and you should congratulate yourself.

2 thoughts on “Configure BIND for Active Directory

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>