|
Question : HELP! Windows DNS vs. BIND (Solaris)
|
|
I'm trying to convince "the powers that be", to let me set up a BIND server on Solaris over the planned Windows DNS server.
Does anyone have any input on a good argument to help me out?
What are the main advantages of one over the other? Are there any services on Solaris that necesitate BIND and/or Solaris services/applications that do not like using Micro$oft DNS?
|
Answer : HELP! Windows DNS vs. BIND (Solaris)
|
|
My company runs both, Bind and Win2k DNS servers. We have found more compatability problems with the Win2k servers than the Bind servers. Microsoft assumes it is the only player in game and basicly says that you have to play their way or not at all.
Windows DNS lags far behind Bind in new, needed features.
Case in point. Dynamic DNS updates has been part of Bind for quite some time and has proven to be quite reliable. Win2k just now has added it. Dynamic DNS updates is only compatible with other Win2k servers.
Windows still has yet to add conditional forwarding and domain stubs. DNS forwarding in the Windows environment is an all or nothing affair. You can not forward some domain queries to known DNS servers authoritative for it and other domains to different DNS servers.
The Win2k DNS domain model really does not provide for the easy resolution of peer domains (subdomains at the same level as that of the DNS server). Automatic resolution can only be accomodated for parent domains above the subdomain you are on. The only workaround is to code DNS domain search lists on your clients. Conditional forwarding could easily solve this problem if it was included in Win2k DNS.
There are new DNS standards coming down the pipe regarding security and authenticity. I would not expect Microsoft to implement new features except when a new OS comes out. DNS is a loss leader for Microsoft. There is no financial advantage to bringing out updates to DNS between major OS's.
I have had more DNS entries show up out of nowhere and others disappear unexpectedly with Win2k DNS than I can explain. There is no record level audit capability in Win2k DNS to provide information on where or how changes were made.
On the otherhand... Microsoft clients and servers really expect to have a Windows DNS to work with. I really don't know if the Win2k domain model will work without it since it is so interwoven with Microsoft's Active Directory. Active Directory does make it easier and more difficult to administer Win2k DNS. In our case, every domain controller is a DNS server, and any of them can be used to make manual updates to DNS. Unfortunately this makes it harder to control how changes are made. DNS administrative rights can now be granted to individuals without having to grant Windows Domain Admin rights.
We have ended up making our Win2k DNS domain a subdomain of our Enterprise domain. Our Win2k DNS servers forward to the Enterprise Bind servers which end up providing the services the Win2k server can not. It's a cluge, but it works.
|
|
|
|