Migrating from Windows DNS to BIND

I don’t often (read: ever) post about Windows, but I thought this might come in handy for a few people.

I’ve been working for a new client recently, helping out with their infrastructure. One thing the CTO really wants to do is to use BIND as a DNS server, instead of Windows. The infrastructure side of the house sees Windows as a necessary evil to keep users happy: the less reliance on it, the better.

As you can probably tell by reading my blog or by knowing anything about me, I have no issue with this position whatsoever.

Anyways, this used to be a particularly easy task: the last time I had anything to do with Windows (Server 2003, no, really) the zones were stored on disk, in a BIND-compatible format.

In the latest versions, the zones appear to be stored in Active Directory, and there are some hurdles you need to go through to export them to a usable format (the Export action in Server Manager does, quite frankly, less than diddly).

dnscmd <domain controller> /ZoneExport <name of domain> <filename>

Example:

dnscmd some-domain-controller.ad.yourdomain.biz /ZoneExport ad.yourdomain.biz ad.yourdomain.biz.txt

Like all Windows tools, dnscmd has its own particular brand of brain damage: <filename> is not a full path, but literally just a filename that will be saved in <windows root>/<system dir>/dns. If you try to put something like C:\temp\something.txt you’ll be rewarded with nonsense like ..temp instead.

On most systems you can find the files dnscmd produces in C:\Windows\System32\dns .

You’ll be rewarded with a BIND-compatible zone export, which you can use as you like. The SRV records for an AD domain are the most important, since Windows replication and other functionality will break without them.

Too bad I still have to merge two forests and rename a domain. That should be FUN CITY.

3 Replies to “Migrating from Windows DNS to BIND”

  1. Thanks for the info and You wrote correct about windows: “the less reliance on it, the better.” I had really bad experience and i hate windows server.

  2. I appreciate this posting but I am one step past that now and need some guidance to proceed.

    After I migrate the resource records from the Active Directory (Domain Controller) to a Bind server I was planning on cleaning things up on the Windows side of things with the following:

    – migrate resource records
    – redirect all name resolution to Bind Servers
    – stop DNS service on Domain Controller
    – ipconfig /flushdns on Domain Controller
    – netlogon

    I am not sure if I need to do the netlogon? I want dynamic records to sent to the Bind servers right away, name resolve right away, etc… Not sure about netlogon if anyone knows better please feel free to provide input.

Leave a Reply

Your email address will not be published. Required fields are marked *