1. Manuals
  2. Brands
  3. Alcatel-Lucent Manuals
  4. Software
  5. VitalQIP
  6. Technology white paper

Alcatel-Lucent VitalQIP Technology White Paper page 16

Integration with microsoft windows 2003 networking/active directory
Hide thumbs
Table of Contents

Advertisement

DNS Generation is seldom needed, because most dynamic data is already in DNS via
DDNS updates from clients and MS-DHCP. Domain Controller Generation and DHCP
Generation to MS-DHCP can be done whenever configuration changes occur.
This solution is intended as an example—in the real world few large organizations have
"pure" Windows 2003 environments like this.
Use of multi-master DNS
In this solution, each domain and reverse zone is assigned to one or more Microsoft AD-
integrated MSDNS primary servers, but there are no secondary servers. AD-integrated
DNS servers need to have local copies of the LDAP database for this domain, meaning
that they are Domain Controllers. Dynamic updates from VitalQIP are sent to all DNS
servers by the VitalQIP DNS Update Service. Dynamic updates from DCs and Windows
2003 clients to a single DNS primary server are replicated to the others via LDAP, in
accordance with Microsoft's reference design. If a zone has multiple primary servers, it
is best to avoid having any secondary servers, since this may cause the complication
of serial numbers getting out of synch. Additionally, be sure that all primary servers for
a specific zone are MS-DNS or that all are Alcatel-Lucent DNS (the zone replication will
not work if the two types are mixed since they use different methods).
Configuring VitalQIP for secure updates from Domain Controllers to MS-
DNS
In the reference design, the DCs put SRV records and other data into DNS using Secure
Updates. The records are replicated to all primary DNS servers. In this case there are no
secondary DNS servers.
When the data is configured in VitalQIP, the special underscore domains need to be con-
figured with the Windows 2000 Zone Option Allow-Update set to "Yes", and the domains
need to be assigned to all the correct DNS servers. The "Windows 2000 DNS Server"
Profile should have Boot Method set to Directory, and Secure DNS Updates set to True.
The GSS-TSIG configuration information also needs to be entered into the VitalQIP DNS
Server Profile (see "Maintaining security for DNS zones" on page 19).
The flow of Domain Controller updates is shown in Figure 4.
13
Alcatel-Lucent | Integration of VitalQIP® with Microsoft Windows 2003 Networking/Active Directory

Advertisement

Table of Contents
loading

Related Manuals for Alcatel-Lucent VitalQIP

Related Products for Alcatel-Lucent VitalQIP

Table of Contents