I would like to remove the DNS feature of Windows Domain Controllers and point the DNS servers to our BIND9 servers.
I know it's possible to setup coexistence but this requires a number of extra Windows DNS Servers equals to the number of Domain Controllers in the network.
Active Directory expects the _msdcs zone and other things like _tcp, _udp; etc.
The main question is: how to make BIND9 takes care of all this AD specific data? And with dynamic updating to make AD even more happier.
Thanks,
PS: Making BIND9 points to the Windows DNS Servers to resolve the Active Directory specific zones isn't an option. We already do this…
EDIT: As today, I'm running without Windows DNS. I'm writing up a guide on how to do this, and I'll update this topic.
Best Answer
Yes. As joeqwerty pointed out as long as a DNS server meets the requirements of DNS in support of Active Directory you may use it as your AD DNS.
(BIND does, Microsoft even provides guidance that Joe linked to, and you can find a bunch of articles on Google.
That's not the question you should be asking though, The question you should be asking is:
In my personal opinion the answer is ABSOLUTELY NOT unless you like pain.
AD and Windows DNS are intertwined - You can certainly pry them apart, but doing so is not going to be pleasant, and may create problems later.
If your goal is to not expose your Windows DNS servers (for some security reason, to minimize server load, etc.) a better option is to make your BIND DNS servers slaves, replicating the AD DNS zone(s).
This hides the Windows servers from prying eyes (and excessive load), but still lets Active Directory talk to the Windows DNS servers that it knows and loves.
You can even minimize the number of Windows DNS servers if you go this route, since the only things talking to it should be Active Directory/DCs (making updates) and the BIND servers fetching those updates to serve to other systems).