[Newbie] including Linux server in DNS

Archived from groups: microsoft.public.win2000.dns (More info?)

Hi all.

A customer has a small LAN with a W2k AD DC.

A new box is soon going to be added to the network, and it will be an
FTP server, based on Linux OS.

I would like all workstations on the network to be able to reach the
server typing ftp.mycustomer.com (which is by the way, the address used
by my customer's customers to reach the server from the internet, and
is therefore known on the web with an external IP address).

Of course I'd like to do that without adding a line to all hosts files
in the LAN, so I thought the DC's DNS would handle this, pointing
workstations to the internal IP address. I turned to the W2K server's
admin who told me it's not possible, "because the domain handled by the
DC is not mycustomer.com, but someothername.someotherextension"

Is this correct? I think it's unbelievable. Please remember that the
Linux box cannot participate in the AD domain (of course).

Thanks for any input

Stefano
5 answers Last reply
More about newbie including linux server
  1. Archived from groups: microsoft.public.win2000.dns (More info?)

    <stefano@despammed.com> wrote in message
    news:1118062620.909999.118090@g14g2000cwa.googlegroups.com...
    > Hi all.
    >
    > A customer has a small LAN with a W2k AD DC.
    >
    > A new box is soon going to be added to the network, and it will be an
    > FTP server, based on Linux OS.

    Not an issue....

    > I would like all workstations on the network to be able to reach the
    > server typing ftp.mycustomer.com (which is by the way, the address used
    > by my customer's customers to reach the server from the internet, and
    > is therefore known on the web with an external IP address).

    Then you must make sure to enter the "Ftp" record into the
    INTERNAL version of the zone and supply the internal
    address (if there is one) in that record.

    > Of course I'd like to do that without adding a line to all hosts files
    > in the LAN, so I thought the DC's DNS would handle this, pointing
    > workstations to the internal IP address. I turned to the W2K server's
    > admin who told me it's not possible, "because the domain handled by the
    > DC is not mycustomer.com, but someothername.someotherextension"

    If there is no internal version of the Domain (not using same
    name internal and external) then he is ALMOST right.

    He figures (incorrectly) that he cannot add a record for this
    server since he doesn't control the zone -- and that the
    external zone will have only external (correct) addresses.

    > Is this correct? I think it's unbelievable. Please remember that the
    > Linux box cannot participate in the AD domain (of course).

    Actually it is INCORRECT but very believable <grin>

    It has nothing to do with Linux but with responsibilities for DNS
    names.

    IF the internal clients will use the EXTERNAL addresses there is
    NOTHING to do (except make sure that external names/addresses
    are resolving which should already be the case.)

    IF the internal clients need to access a "multihomed" FTP (etc)
    server by the INTERNAL Address only there are two approaches:

    #1 give it an address in the internal zone/domain: Ftp.internal.net

    #2 (the answer to your actual questio) Add a ZONE for the name
    of the Unix machine (FTP.externaldomain.com) to your internal
    DNS servers.

    Then add an A record to that zone with the host BLANK, SAME
    AS PARENT -- which means: FTP.externaldomain.com

    Most admins don't realize they can just add a ZONE with a child
    name that is really a "server" and not a true zone (i.e., doesn't
    have a bunch of other resource records.)

    Most admins never learned that technical a DNS "machine name"
    IS A DNS DOMAIN.

    And a ZONE can have an IP address (in effect) -- notice all those
    we sites (like mine http://LearnQuick.Com ) that don't require
    typing the "www" part .... works the other way around:

    Mail.Learnquick.com can be a zone OR a particular HOST or BOTH.
    You cannot tell without trying it.

    (Even then it is difficult to be sure <grin>)
    --
    Herb Martin
  2. Archived from groups: microsoft.public.win2000.dns (More info?)

    Thanks for everything

    What I meant with Linux is "the linux machine will not join the AD
    domain for obvious security reasons"

    Cheers

    Stefano
  3. Archived from groups: microsoft.public.win2000.dns (More info?)

    <stefano@despammed.com> wrote in message
    news:1118131415.059916.164050@g47g2000cwa.googlegroups.com...
    > Thanks for everything
    >
    > What I meant with Linux is "the linux machine will not join the AD
    > domain for obvious security reasons"

    There are no 'obvious security reasons' for this.

    They will not "join the AD domain" because they cannot do this.

    --
    Herb Martin, MCSE, MVP
    Accelerated MCSE
    http://www.LearnQuick.Com
    [phone number on web site]
  4. Archived from groups: microsoft.public.win2000.dns (More info?)

    http://www.enterprisenetworkingplanet.com/netos/article.php/3487081
  5. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:1118305911.852797.225060@o13g2000cwo.googlegroups.com,
    stefano@despammed.com <stefano@despammed.com> stated, and I replied below:
    > http://www.enterprisenetworkingplanet.com/netos/article.php/3487081

    I've joined a Mac OSx Panther server to a domain. What a mess. I can provide
    you the docs from it, because after all it's basially BSD, but I don't think
    it will help you with Linux, even though it's similar, but Apple has an AD
    plugin that takes care of the Kerberos portion. You have to change a few
    files in the samba config file (forget what its called at the moment) and
    run a couple utilities, one if I remember right was kerbinit.

    Here is a search string I found with a few relevant links for Linux:
    http://www.google.com/search?hl=en&lr=&q=join+linux+to+active+directory


    --
    Regards,
    Ace

    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services

    Paramount: What's up with taking Enterprise off the air??
    Infinite Diversities in Infinite Combinations.
    =================================
Ask a new question

Read More

Servers DNS Linux Windows