Case For Microsoft DNS v. BIND 9 - Or Best Practices ForCoexisting

Baird, Josh jbaird at
Fri Feb 6 15:11:20 UTC 2009

We also run in a mixed MSDNS/BIND environment.  All of our AD domain
controllers run MSDNS and are authoritative for the AD domain only.  They
forward all non-authoritative requests (all non AD domain queries) to
caching BIND9/Linux servers which also contain slave zones for all of our
internal domains (non AD) to override recursion.  Our BIND environment also
gets a copy of the AD zone so they are also able to resolve the AD domain
requests if necessary. 

Our external authoritative infrastructure is entirely BIND.  We do not use
views.  We have separate internal and external (stealth) masters.


-----Original Message-----
From: bind-users-bounces at
[mailto:bind-users-bounces at] On Behalf Of Jeff Lightner
Sent: Friday, February 06, 2009 8:50 AM
To: wiskbroom at; bind-users at
Subject: RE: Case For Microsoft DNS v. BIND 9 - Or Best Practices

I don't see why it is either/or.

Here we have Windoze DNS servers for internal lookups and Linux/BIND 9
DNS servers for external lookups.   The internal servers refer all
queries they aren't authoritative for to the external ones which in turn
refer all queries for domains we don't own to the root servers.

The only "gotcha" is that we have some domains that we want to present
different IPs for internally (10.x.x.x) or externally (12.x.x.x).  On
the Windoze DNS servers they have our primary domain with those internal
addresses and on the BIND DNS servers we have those external addresses.

Of course you could do it all with just BIND servers running views but
this is the way I inherited the BIND servers here.  

We don't seem to have the headaches your Windoze team is moaning about.
Hopefully you are running redundant (master/slave) BIND servers?

Also I'd suggest upgrading to BIND 9 once you've got all the rest of
this quieted down.  

-----Original Message-----
From: bind-users-bounces at
[mailto:bind-users-bounces at] On Behalf Of
wiskbroom at
Sent: Friday, February 06, 2009 9:25 AM
To: bind-users at
Subject: Case For Microsoft DNS v. BIND 9 - Or Best Practices For


My site is presently using a product derived from BIND-8 for internal
DNS only.

For years our Windows team has been arguing that they want to be
non-dependent on the non-MS DNS servers; which they say causes them much
grief on firmwide shutdown/bootups. 

Well, their concerns have fallen on ears of those who can make that
decision and it now appears as though we must either come up with good
reasons why we should retain BIND, or a BIND derived product, or simply
a plan to allow MSDNS and BIND to coexist at all.

Can anyone provide me, or point me at, any good docs on this subject, I
am certain that their a tons of stuff out there, I need simple, to the
point type of stuff.

Also, can anyone think of any good reason why our internal, non-public
accessible network, should not just be allowed to run either a mixed
BIND/MS-DNs setup?  The slave/cache/whatever-but not master, would have
to be BIND. 

The case the windows team made was ease of adding entries, you simply
add into the MMC, or even easier, when you join a host into a domain, it
adds itself.

Thanks all,


bind-users mailing list
bind-users at
Please consider our environment before printing this e-mail or attachments.
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential
information and is for the sole use of the intended recipient(s). If you are
not the intended recipient, any disclosure, copying, distribution, or use of
the contents of this information is prohibited and may be unlawful. If you
have received this electronic transmission in error, please reply
immediately to the sender that you have received the message in error, and
delete it. Thank you.
bind-users mailing list
bind-users at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3080 bytes
Desc: not available
URL: <>

More information about the bind-users mailing list