ISC Bind in Active Directory

Phil Mayers p.mayers at imperial.ac.uk
Fri Oct 26 08:33:21 UTC 2012


On 10/25/2012 08:44 PM, Kevin Darcy wrote:
> On 10/24/2012 6:02 PM, Phil Mayers wrote:
>>
>>
>> Hell, if you've got WINS running and broadcast netbios, I think it's
>> still possible to log in with *no* working DNS at all.
>>
> At the risk of getting *totally* off-topic, no-one who cares about
> security or about broadcast traffic on their LANs would even consider
> allowing WINS to function in their enterprise. It can (and should) be
> disabled via registry key and/or DHCP options, and left in the dustbin
> of ancient IT history.

Do you mean WINS, or broadcast netbios? Because the two are different.

I don't disagree that broadcast netbios probably should be disabled 
(though it's not at our site, for historical reasons, and I'm not sure 
I'm willing to take on the monumental task of disabling it).

WINS is slightly different, and the main reason to disable it is that it 
hides misconfigurations by allowing non-DNS hostname lookups on windows 
machines.



More information about the bind-users mailing list