bind vs. MS DNS
Barry Finkel
b19141 at achilles.ctd.anl.gov
Wed Jun 16 15:01:46 UTC 2004
huffman at graze.net wrote:
>>All,
>>
>> Don't want to start any nasty feuds, but can anyone point me to pros / cons
>>of using bind in favor of MS DNS? My company is currently looking at migrating
>>from a UNIX / Bind DNS scenario to MS DNS / Active Directory. I feel that the
>>maturity, security, and stability of bind on UNIX are big wins, but currently
>>we're not hosting our own DNS externally, so security is *less* of a concern and
>>we're small so things like views, and scalability are also not concerns....
>>
>>Pointers to any articles would also be helpful.
and Kevin Darcy <kcd at daimlerchrysler.com> replied (in part):
>Off the top of my head, the pros of MS-DNS are: secure Dynamic Update
>compatibility with Win2K* clients, the "scavenging" feature, and
>multi-master replication. The pros of BIND are: better
>standards-adherence, better manageability (easier to automate functions
>via Unix scripting, easier to troubleshoot since you have than just a
>GUI to look at), faster response to security problems (based on
>Microsoft's track record of providing security patches), wider variety
>of platforms (various Unix and Linux flavors; you can even run it on
>Windows if you want, but you lose some of the other benefits if you do
>that), more flexibility (you said you didn't care about views and the
>like, but other features like sortlists, logging options,
>resource-tuning options, etc. might come in useful some day, and last I
>heard, weren't available in MS-DNS, although I see they finally added
>stub zones and selective forwarding...).
I am not sure that the "scavenging" feature is a pro or a con.
I looked at the documentation, and I was afraid to enable it on my MS
W2k DNS Server. I have static entries that I entered via the DNS GUI,
dynamic entries registered by Netlogon, and dynamic entries registered
by MS DHCP. I could not be sure that the scavenging would not remove
any of my static entries.
Multi-master replication may be a pro if one does not have to interface
with BIND. If one interfaces with BIND, then the serial number issues
make it a con, in my opinion. That is why I run only one MS W2k+3 DNS
Server.
The OP wants pointer to articles. I suggest searching the archives of
this list and of its now-merged sister list
bind9-users at isc.org
to see many W2k-related postings. My recommendation to the OP is to
use the MS W2k DNS for the AD-related zones and to slave those four
(six in W2003) zones on your BIND servers.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Instrumentation Solutions Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 222, Room D209 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994
More information about the bind-users
mailing list