{"id":102,"date":"2012-04-20T11:25:59","date_gmt":"2012-04-19T22:25:59","guid":{"rendered":"http:\/\/www.templesoft.co.nz\/blog\/?p=102"},"modified":"2026-04-08T08:19:29","modified_gmt":"2026-04-07T20:19:29","slug":"adding-support-for-active-directory-to-bind9-dns","status":"publish","type":"post","link":"https:\/\/templesoft.co.nz\/journal\/?p=102","title":{"rendered":"Adding support for Active Directory to BIND9 DNS."},"content":{"rendered":"

Taking DNS a step further<\/h2>\n

Back in September 2010 I posted an article on creating your own DNS server (using BIND9) and linked to DHCP. There was probably one element of that setup that was missing – Microsoft’s Active Directory.<\/p>\n

Active Directory uses DNS as its domain controller location mechanism and leverages the namespace design of DNS in the design of Active Directory domain names. As a result, DNS is positioned within the discoverability and logical structure components of Active Directory technology components. If you’re running your own AD server, it’s a fair bet that the install wanted you to install DNS as well (you’re actively prompted by the 2008 R2 install).<\/p>\n

So what do you do if you don’t want a proliferation of DNS servers across your network – or (like me) you prefer to farm out processes like DNS and DHCP to “helper” servers without having to blow your budget on Microsoft licences?<\/p>\n

Simple: Add the AD DNS functionality into your BIND9 server by utilising the SRV record type.<\/p>\n

A Service record (SRV record<\/a>) is a specification of data in the Domain Name System defining the location, i.e. the hostname and port number, of servers for specified services. We leverage off this to provide the relevant answer to a client or servers quering for AD service, protocol and location information.<\/p>\n

For more information on how DNS Support for Active Directory works, you can read this Microsoft Technet article<\/a>.<\/p>\n

An alias by any other name…<\/h2>\n

Finding the DNS Alias for your AD server<\/h3>\n

Some of the SRV<\/strong> records will refer to this value so it’s a good opportunity to note it down. I’m still using Windows Server 2003 R2 in my environment, so these instructions my vary dependant on build and version.<\/p>\n

From the “Administrative Tools<\/strong>“, launch “Active Directory Sites and Services<\/strong>“. Once the MMC (Microsoft Management Console) has started up, expand the following items:<\/p>\n

\u2192 Sites\r\n    \u2192 Default-First-Site-Name\r\n        \u2192 Servers\r\n            \u2192 [server name]<\/em><\/strong> (this will be the name of your AD server)<\/span>\r\n                \u2192 NTDS Settings<\/pre>\n
Right click on “NTDS Settings<\/strong>” and select “Properties<\/strong>“. Under the “General<\/strong>” tab look for the value next to DNS alias<\/em>. The alpha-numeric GUID<\/strong> that preceeds the ._msdcs.[<\/em><\/strong>dnsDomainName<\/em><\/span>]<\/em><\/strong> is the value you need to note down.<\/p>\n
Freeze the zone record<\/h3>\n
Next we’ll need to freeze the zone file of our primary name server so we can make changes to it.<\/p>\n
cd \/var\/lib\/bind\r\nsudo rndc freeze zone<\/strong><\/em><\/span><\/pre>\n
… where zone<\/strong> <\/em><\/span>is the name of the DNS zone you’re editing. This will disable dynamic updates to the zone while you’re editing it. Now we add the records to the zone file.<\/p>\n
Adding the relevent SRV records<\/h3>\n
For the purposes of this HOWTO we’ll assume the following values:<\/p>\n