Ang: Re: bind vs. MS DNS

Håkan Franzén hakan.franzen at oxelosund.se
Wed Jun 16 06:24:44 UTC 2004


If you need a easy GUI for bind & alot other stuff aswell,,, you can try 
using http://www.webmin.com
Easy install and its free,
Good luck..

--------------------------------------------------------------------------------
"Nothing would please me more than being able
to hire ten programmers and deluge the hobby market
with good software." -- Bill Gates 1976

....We are still waiting for good softwares from Bill Gates
------------------------------------------------------------------------------




"Brian C. Huffman" <huffman at graze.net>
Sänt av: bind-users-bounce at isc.org
2004-06-16 05:38
 
        Till:   Kevin Darcy <kcd at daimlerchrysler.com>
        Kopia:  bind-users at isc.org
        Ärende: Re: bind vs. MS DNS


On Tue, 2004-06-15 at 22:37, Kevin Darcy wrote:
> Well, first of all, if you already have a functioning UNIX/BIND DNS 
> infrastructure, why is the burden not on your Microsofties to justify 
> changing that? Why should the burden be on you to defend it?

Unfortunately it's not quite that cut and dried.  The company is doing a
complete restructuring where the main site that used to host the primary
zone (on Solaris w/ bind) is being shut down.  In addition, they had no
UNIX expertise (I hadn't been hired) when the initial decision to
migrate to MS DNS was made...so that's the problem. 

> 
> Also, hopefully you realize that this is not a strict either/or 
> situation. BIND and AD/MS-DNS can co-exist. Delegate the "underscore" 
> zones (_msdcs and friends) to the MS-DNS servers and they can do 
> whatever they want with it. Now, if you want to make secure Dynamic 
> Updates directly from Win2K (or Win2K3) clients to the DNS of your main 
> domain, then you're not going to be able to use BIND for that. But 
> technically that's not an Active Directory function; it's a Win2K* 
> function, and one that many folks find to be not worth the resources it 
> consumes. Depends on what you're trying to achieve.

This has been discussed as well, but they'd rather keep complexity down
by having one central location to manage all DNS.  That argument is
actually a good one...

> 
> Off the top of my head, the pros of MS-DNS are: secure Dynamic Update 
> compatibility with Win2K* clients, the "scavenging" feature, and 
> multi-master replication. The pros of BIND are: better 
> standards-adherence, better manageability (easier to automate functions 
> via Unix scripting, easier to troubleshoot since you have than just a 
> GUI to look at), faster response to security problems (based on 
> Microsoft's track record of providing security patches), wider variety 
> of platforms (various Unix and Linux flavors; you can even run it on 
> Windows if you want, but you lose some of the other benefits if you do 
> that), more flexibility (you said you didn't care about views and the 
> like, but other features like sortlists, logging options, 
> resource-tuning options, etc. might come in useful some day, and last I 
> heard, weren't available in MS-DNS, although I see they finally added 
> stub zones and selective forwarding...).
> 

Thank you very much for your response.  I'll mention some of these
things when I discuss this with my manager.  I think the main drive *is*
that you just have a GUI to look at.  We're a very small company and
they figure that more people are going to be able to modify DNS in a
pinch if it's on Windows...not that they all should be able to...but
that's a whole 'nother can of worms.

Brian






More information about the bind-users mailing list