Bind DNS <-> Windows DNS

Question

My environment:

AD: Active Directory with AD integrated DNS (Windows Server 2016), Domain: example.com, only internal domain stuff in DNS

I am owner of Domain example.com and now i want to point to my own dns server(s). I don't want to publish the AD-DNS to the internet.

Is it somehow possible to place a BIND DNS-Server in my DMZ and mirror the AD-DNS infrastructure? Important requirement: BIND must be writeable from external hosts via RFC 2136 and these should be synced to the AD-Integrated internal DNS.

The goal is to make BIND able to write into ad integrated dns zones. (i think master-slave with zone-transfers are not working in this scenario, maybe something like multi-master?)

Thanks!

I do not understand what you are trying to do here. – Tommiie Sep 19 '19 at 08:57 — Tommiie, Sep 19 '19 at 08:57

score 0 · Answer 1 · answered Sep 12 '19 at 11:21

AD integrated zones are like the name might imply, Windows only. You can make the Bind master and the Windows Boxes slaves or conditional forwarders. Bind can handle SRV and dynamic updates. Also, Windows Master and Bind slave is possible.

But if you want a solution to rule them all you need to take a look at solutions from Bluecat or Infoblox, and even then some scenarios are limited.

Bind DNS <-> Windows DNS

1 Answers1