DNS Configuration for CSCF Active Directory

Part Two

As stated in the previous report, the domain controllers for CSCF's Active Directory rely upon a private DNS space maintained on two of the domain controllers in the forest. These servers are elisa and eponina in CSCF and CS-TEACHING domains respectively. This DNS service is configured to be dynamicly updated by the client systems themselves as needed. Another concession to proper Active Directory functionality.

Within the Active Directory DNS space, we have defined 15 Forward Lookup Zones. The first three correspond to the three domains that exist in CSCF's Active Directory forest.

These DNS domains must exist in the DNS space for the Active Directory's domain controllers otherwise the Active Directory does not work properly. However, UW has a flat DNS domain space called uwaterloo.ca where, due to our name.cs naming conventions, the AD domains must not be visible in CS's general DNS space as supplied by our departmental DNS servers, core.cs and student.cs.

On the other hand, the service subdomains of the Active Directory, subdomains of the above three, are needed in CS's general DNS space if clients of the Active Directory are to be able to find services within the Active Directory. This has not been an issue with genuine Windows clients which can rely on NetBIOS to find domain information, however other potential clients such as Macintoshes must rely on DNS to find the location of Active Directory domain controllers and the services they provide.

The following 12 Forward Lookup Zones are now forwarded to core.cs and student.cs. IST has repackaged the bind-9.2 to make it possible for local DNS administration to maintain private zones on top of the zones supported by IST.

Because these zones now appear in CS's general DNS space, we have been succesful in making a non-Windows computer authenticate against the Active Directory.