bind vs. MS DNS

Barry Finkel b19141 at achilles.ctd.anl.gov
Wed Jun 16 15:01:46 UTC 2004


huffman at graze.net wrote:

>>All,
>>
>>   Don't want to start any nasty feuds, but can anyone point me to pros / cons
>>of using bind in favor of MS DNS?  My company is currently looking at migrating
>>from a UNIX / Bind DNS scenario to MS DNS / Active Directory.  I feel that the
>>maturity, security, and stability of bind on UNIX are big wins, but currently
>>we're not hosting our own DNS externally, so security is *less* of a concern and
>>we're small so things like views, and scalability are also not concerns....
>>
>>Pointers to any articles would also be helpful.

and Kevin Darcy <kcd at daimlerchrysler.com> replied (in part):

>Off the top of my head, the pros of MS-DNS are: secure Dynamic Update 
>compatibility with Win2K* clients, the "scavenging" feature, and 
>multi-master replication. The pros of BIND are: better 
>standards-adherence, better manageability (easier to automate functions 
>via Unix scripting, easier to troubleshoot since you have than just a 
>GUI to look at), faster response to security problems (based on 
>Microsoft's track record of providing security patches), wider variety 
>of platforms (various Unix and Linux flavors; you can even run it on 
>Windows if you want, but you lose some of the other benefits if you do 
>that), more flexibility (you said you didn't care about views and the 
>like, but other features like sortlists, logging options, 
>resource-tuning options, etc. might come in useful some day, and last I 
>heard, weren't available in MS-DNS, although I see they finally added 
>stub zones and selective forwarding...).

I am not sure that the "scavenging" feature is a pro or a con.
I looked at the documentation, and I was afraid to enable it on my MS
W2k DNS Server.  I have static entries that I entered via the DNS GUI,
dynamic entries registered by Netlogon, and dynamic entries registered
by MS DHCP.  I could not be sure that the scavenging would not remove
any of my static entries.

Multi-master replication may be a pro if one does not have to interface
with BIND.  If one interfaces with BIND, then the serial number issues
make it a con, in my opinion.  That is why I run only one MS W2k+3 DNS
Server.

The OP wants pointer to articles.  I suggest searching the archives of
this list and of its now-merged sister list

    bind9-users at isc.org

to see many W2k-related postings.  My recommendation to the OP is to
use the MS W2k DNS for the AD-related zones and to slave those four
(six in W2003) zones on your BIND servers.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Instrumentation Solutions Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994



More information about the bind-users mailing list