Does Novell DNS have support for Microsoft Active Directory (AD)?
(Last modified: 13Jul2004)
This document (10061330) is provided subject to the disclaimer at the end of this document.
goal
Does Novell DNS have support for Microsoft Active Directory (AD)?
Adding SRV records for Active Directory
Setting up Novell DNS to hand out DNS info for Active Directory
What Version of BIND is Novell DNS?
fact
Novell NetWare 6.0 Support Pack 1 (NW6SP1.EXE)
Novell NetWare 5.1 Support Pack 4 (NW51SP4.EXE)
Novell NetWare DNS
symptom
NetWare DNS not handing out DNS records for Active Directory
Cannot add SRV record for _ldap._tcp.dc._msdcs.yourdomain.com
Cannot install a 2nd Active Directory server using Novell DNS
fix
NOTE: This solution is a suggested workaround. Novell DNS on NetWare 5.x and 6.0 do not currently support fully the version of BIND that Microsoft asks for in their system requirements for Active Directory (NetWare 6.5 does). Novell provides no guarantee that this document will function in all cases and therefore can not provide support for this solution. Novell does have a DNS server that is fully BIND 9 compliant, and that will fully support Active Directory, and it is recommended to use NetWare 6.5 for this purpose.
Refer to Microsoft Articles:
Q232025 Description of the DNS SRV Resource Record Type
Q237675 Setting Up the Domain Name System (DNS) for Active Directory
Q241515 How to Verify the Creation of SRV Records for a Domain Controller
Q224196 Restricting Active Directory Replication Traffic to a Specific Port
The version of Novell DNS that runs on NetWare 5.x and 6.0 is largely compliant to BIND 8.1.1, Microsoft recommends to run DNS for Active Directory on BIND version 8.1.2 or later (NetWare 6.5 is BIND 9 compliant), the server MUST support the SRV RR (RFC 2052), which NetWare DNS does, and have support for the dynamic update protocol (RFC 2136), which Novell currently only supports on NetWare 6.5, (NW 5.x and 6.0 WILL put in workstation names when they get a DHCP address, if using Dynamic DNS). NetWare DNS can be used with NW 5.x and 6.0, but SRV records must be entered manually. Novell's recommendation is to upgrade to NetWare 6.5.
THE NUMBER ONE MOST IMPORTANT THING IS THAT THE DNS DOMAIN MUST BE THE SAME AS THE ACTIVE DIRECTORY DOMAIN. Novell DNS will service Multiple domains, so you can have one internet domain, one Active Directory domain, another domain, etc, etc, etc.
Here is the procedure for adding a _ldap._tcp.dc._msdcs record to the Active Directory DNS domain:
NOTE: to follow this procedure you MUST have the latest DNS/DHCP management console, at the time of this writing for NW5 and NW6 the console version (click help, about Novell DNS/DHCP) is "6.0 2/12/03", if you are running NW5 and have SP5 or NW6 SP2 and you DO NOT want to install the latest support pack, please download the support pack, then open a command prompt to the directory where you saved the file, type the name of the file followed by "-jay data.z" (ie NW6SP3.EXE -jay DATA.Z), then map a drive to the server, go to PUBLIC, DNSDHCP, COPY the DATA.Z from your workstation (in the SYS\PUBLIC\DNSDHCP subdirectory), then double-click SETUP.EXE to install the latest management console on your workstation. If you do not install the LATEST version of the management console you will NOT be able to enter underscores "_" in the hostname or protocol list.
In the DNS/DHCP Management console, click on (or first CREATE the DNS Domain for the Active Directory, then click on) the Active Directory (AD) DNS Domain wherein the SRV record will be created. Click create, choose Resource Record, click ok. For the hostname enter: "dc._msdcs" (without the quotes) Domain is the AD DNS Domain where the record is being created. Click the radial button for "OTHERS", in the dropdown list select SRV. For service, DO NOT USE THE DROPDOWN LIST, type: "_LDAP" (without the quotes). For proto select "_TCP" (Be SURE to use the UNDERSCORE TCP "_TCP" you can type this as well but there is a dropdown), for Priority: 0, Weight: 0, Port, by default AD uses Port 135 (According to Microsoft Article: Q224196). Target is the FQDN (Fully Qualified Domain Name) of the server running AD ie ADserver1.ADdomain.com NOTE: According to RFC 2782 this CANNOT be a CNAME record, so make sure that you have an A record for the name that you type in this field this A record CAN be in a different domain so your AD domain may be ADdomain.com, and you can point it to server1.mydnsdomain.com to save you from having to create/change multiple A records if the IP address ever changes, just make SURE that you are pointing to an A record NOT a CNAME record. Click Create. UNLOAD then LOAD NAMED.NLM to make this configuration active.
To test your configuration follow Microsoft article Q241515, using NSlookup:
C:\>nslookup
Default Server: ns.novell.com
Address: 137.65.1.1
> server 192.168.1.1
Default Server: ns.adtest.novell.com
> set type=any
> _ldap._tcp.dc._msdcs.addomain.com
Server: ns.adtest.novell.com
Address: 192.168.1.1
_ldap._tcp.dc._msdcs.addomain.com SRV service location:
priority = 0
weight = 0
port = 135
svr hostname = adserver1.addomain.com
ADdomain.com nameserver = ns.adtest.novell.com
adserver1.addomain.com internet address = 192.168.1.95
ns.adtest.novell.com internet address = 192.168.1.1
>exit
Novell DNS on NetWare 6.5 is still the preferred solution to this issue.
document
| Document Title: | Does Novell DNS have support for Microsoft Active Directory (AD)? |
| Document ID: | 10061330 |
| Solution ID: | NOVL43530 |
| Creation Date: | 26Mar2001 |
| Modified Date: | 13Jul2004 |
| Novell Product Class: | Connectivity Products NetWare Novell eDirectory |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.