Other OS vs. NT

[Howard W Wortley]

First of all the latest NT port for BIND is 4.9.7 not 4.9.5 and you can get
it from http://www.bhs.com among other places. This version does have a
setup program and control panel applet for controlling the service. I have
always thought the fact that zone setup etc can be done using any text
editor a major plus compared to the GUI :-)

Microsoft's GUI based DNS has like most MS products progressed from a raw
infant wetting its diapers to a lusty youth and the current incarnation on
NT4 SP5 and up can be configured to be secure and is free of obvious and
major bugs. It is based on BIND 49x not 82x. The major advantage of MS DNS
in an NT network are that it integrates very well with WINS. If this handy
feature (which effectively provides dynamic DNS) is used it must be
configured not to export the WINS record in zone transfers to BIND DNS. By
default MS DNS stores it's stuff in the registry but it can be configured to
use zone files and it is close enough to BIND that the same zone files can
be used for either DNS so converting is easy. If the details are kept in the
registry then it is easy to export the key to a text file and then
re-import. MS DNS has some oddities - eg. the .dom files have the extension
.dns as .com files are executable in the windows environment. IMHO the GUI
is far from intuitive and if you want a GUI based DNS other vendors eg
Vermillion do better. However their products are not free. The performance
of MS DNS seems to be ok ... I am aware of a multinational intranet which
uses it large scale with no problems but their public facing DNS runs on
Unix (not BSD or linux). Sorry cannot name names. MS DNS has the same
weaknesses as the DNS from which it is derived - it's security is not
enhanced through the NT environment as it has to implement standard
protocols. It does support xfernets. It's main weakness like any DNS is
denial of service via various types of flooding and tribal attack. A broken
registry on NT is of course no fun.

Bind 4.9.7 on NT has the advantages of being very easy to set-up, reliable
and easy to maintain. It gets on fine with zone transfer with other DNS no
sweat. It can be configured for any typical DNS role. It does not however
integrate with WINS. Widely used.

Bind 8.2.x is full of cool new features inc dynamic DNS and a steep learning
curve to fall off. However it is the best DNS right now. The source code is
available (free) and it can be ported ok to NT. The MS C++ compiler is far
from ideal for the work though - one of the GNU compilers or Borland is
rather easier.

My take is to use BIND for stuff that interfaces to the rest of the world
and MS DNS internally. It hardly matters which you use for a caching DNS.
For NT IIS Servers hosting virtual sites either use a unix machine for DNS
or run BIND 497. A happy puppy for NT co-located servers is somebody who
minimises the need to use the GUI from a distance :-)

 - H -



-----Original Message-----
From: news at oleane.net [mailto:news at oleane.net]On Behalf Of Patrick
MATHEVON
Sent: Thursday, February 03, 2000 6:51 PM
To: comp-protocols-dns-bind at oleane.net
Subject: Re: Other OS vs. NT


>This may have been dicsussed b4 :+) but I'm collecting and and all
>opinions (certified or not) and or experiences with running DNS on >NT.
>What are the concrete (dis)advantages of each, NT or unix ?  Try to >give
real examples not rumors !


I'm using Bind 4.9.5 for NT and am preparing to upgrade to Bind 8.2.2 P5 for
NT. There are 80 domain and one /24 IP V4 block.
NT DNS seems not to be a good idea (bugs, security problems...)
I'm upgrading to Bind 8 to use new features (such a DDNS, with a DHCP...)
but I'have no problem with 4.9.5

Bind for NT is nothing but a "basic" port. No window to set it up, you need
a good text editor

I'm using NT and not a Unix because all of the network is 100% NT 4, and
it's easier for me to secure the box running DNS if it is a NT, I don't know
Unix as well as I know NT.
Win 2K's DNS will be used only in our LAN for cache DNS, but both of my
authoritative DNS (primary and secondaries) still will be BIND for NT