Bind -vs- Microsoft DNS

Paul Vixie vixie at
Sat Oct 14 14:56:35 UTC 2006

> > Is there really a performance difference between BIND and MS DNS
> > Server??  Of course I am talking about these running on a Win2K box.

> Why, yes.  BIND performs correctly according to Internet standard RFCs,
> and will continue to as those standards are refined and developed.
> Microsoft DNS performs according to its own rules, whatever they are.

let me offer a countervane, by reminding everyone that when MS did their
first DNS (NT 3.51 resource kit) they tried to follow the protocol but
found the result to be interoperable with BIND4 in various ways, like BIND4
only accepted one record per message in an AXFR stream, ugly stuff like
that.  i think the rule is that one need not BE incompetent or evil to DO
incompetence and/or evil.  market dominance makes implementors lazy, and
while i certainly used by time in the BIND trenches to rip out every line
of non-RFC-complying code, true interoperability depends on multiple
implementors and multiple implementations.  BIND9 is, as far as i know,
perfect from an RFC standpoint.  but the only reason i can claim to know
that is because of NSD and MS-DNS and PDNS and all the other implementations
that didn't exist early on.  MS-DNS might be imperfect in the eyes of the
RFCs right now, if so, plz send known defects to me and i'll submit them
to the page to inform the community.  but don't blame MS
until you can find some way they were sloppy that BIND wasn't sloppy first.

> There are probably other cases as well. MS *could* (but won't) hire some
> folks to sit down with the relevant RFC documents, write a test case for
> every statement in those RFCs, and run the resulting test suite against
> their server. They cannot claim they don't have enough money to do that.

there hasn't been conformance test software until
came out.  we all owe TAHI/TACA beer, by the way.  but note, microsoft has
hired some pretty great dns people over the years, and has home grown more
than a few.  GSS-TSIG was entirely microsoft's work, and its defects were
all due to problems in GSSAPI not the GSS-TSIG protocol documents.  can we
somehow depersonalize this?  microsoft is, among other good works, hosting
the upcoming OARC meeting (see,
and this seems like a time for open hands rather than closed fists, okay?
ISC Training!  October 16-20, 2006, in the San Francisco Bay Area,
covering topics from DNS to DHCP.  Email training at
Paul Vixie

More information about the bind-users mailing list