Speed of BIND vs. W2k DNS
David R. Conrad
david.conrad at nominum.com
Sun Dec 24 07:52:50 UTC 2000
Hi,
At 05:51 PM 12/23/2000 +0000, alevey wrote:
>Unsecure updates work fine between BIND & W2K-DNS
Nice to hear. It would be nicer if MS would support HMAC-MD5 TSIG, the
mandatory TSIG algorithm, so the updates could be secured.
>You missed a HUGE aspect of W2K DNS... multi-master. No single point of
>failure, unlike BIND.
You're right, forgot about that. It would be interesting to see how W2K
DNS's multi-master approach deals with network partition scenarios where
the masters can't sync. I suspect, but don't know enough about W2K DNS to
know for sure, that they have not solved this problem, just moved it
someplace else. If they have not solved that problem, then they are
violating the DNS specifications (and also setting the stage for strange
results).
>People have seen problems using BIND and DDNS in a W2K enviro. Mostly with
>BIND not taking the updates properly. A records I think....
Casting the problem as BIND not taking the updates is pre-supposing that
W2K is sending correct updates. In any event, this is the first I've heard
of such a problem. More detail would be helpful. We did find problems
with BINDv9 and W2K DNS due to Microsoft sending two bytes of garbage (not
surprisingly, the ASCII characters "M" and "S") in zone transfers (or
something like that, I've forgotten the details). We solved the problem by
relaxing BINDv9's conformance to the specs in that area...
Rgds,
-drc
More information about the bind-users
mailing list