How can I setup BIND for redundancy with efficient replication?

Michael E. Hanson MEHanson at GryphonsGate.com
Wed Nov 6 22:49:07 UTC 2002 

The original poster also said he was running Win2k...so I assumed (yeah,
dangerous) that there must be some overriding reason to be running Win2K if,
as he stated, its "heavily locked down".  Why run Win2K in a locked down
environment if you're not running AD?  Only two reasons I can think of, you
need M$ SQL Server or you need M$ Exchange, both of which are just as "port
heavy" as AD, and both of which function better with AD than without.
Therefore, I sorta assumed he had AD available.  Maybe not, still like to
hear his answer though.
_______________
Michael E. Hanson
President, Gryphon Consulting  Services
(http://www.GryphonsGate.com)
P.O. Box 1151
Bellevue, NE  68005-1151
(402) 871-9622

MEHanson at GryphonsGate.com (primary)
Gryphons_Master at yahoo.com
----- Original Message -----
From: "Kevin Darcy" <kcd at daimlerchrysler.com>
To: <comp-protocols-dns-bind at isc.org>
Sent: Wednesday, November 06, 2002 3:59 PM
Subject: Re: How can I setup BIND for redundancy with efficient replication?


>
> "Michael E. Hanson" wrote:
>
> > I know this is a BIND list, and this may be a unpopular position here,
but
> > in this case, why are you NOT using M$ DNS?  What you're describing
sounds
> > like a perfect application of M$ Active Directory Integrated DNS.
>
> Um, no. The original poster said that the servers in question were
"heavily
> locked down", so much so that he couldn't run "nscopy". I'm not exactly
sure
> what "nscopy" is, but I'd guess it's some script which does
rsync-over-ssh. If
> the boxes are so heavily locked down that they can't even support ssh, do
you
> _really_ think they'll be able to support the multitude of ports that AD
> requires for server-to-server communication? Fat chance. I have a
Microsoft
> White Paper on my desk that lists anywhere from 4 to 15 ports that need to
be
> opened to allow AD server-to-server operation, depending on how
> crippled/convoluted you want to make your AD and/or whether you want to
> implement a whole IPSEC stack on your AD servers.
>
> If the user can get enough ports opened for AD server-to-server, he can
almost
> *certainly* get enough ports opened for ssh or whatever "nscopy" uses, in
which
> case he can go with a BIND-with-alternate-replication-method and I think
he'll
> be much happier in the long run with that.
>
>
> - Kevin
>
>
>

More information about the bind-users mailing list