D
David Adner
I've read Win2000's DNS is a psuedo-BIND 9, but does anyone know what it
really is? Like, 8.2.4 (or whatever) with some of 9's features?
really is? Like, 8.2.4 (or whatever) with some of 9's features?
A
Ace Fekay [MVP]
In
I remember someone saying close to 4.98?
Just joking... I'm not sure. There are some features that BIND supports that
MS DNS does not, such as "views", and that's been around from the earlier
versions of BIND.
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
David Adner said:
I remember someone saying close to 4.98?
Just joking... I'm not sure. There are some features that BIND supports that
MS DNS does not, such as "views", and that's been around from the earlier
versions of BIND.
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
D
David Adner
I know the DNS whitepaper has a list of RFC and draft RFC's that they
incorporated. I don't know if that list of complete or just a subset.
Someone wants to know the BIND equivalency so he can know how certain
features should behave. I guess I'll give him the list of RFC's and let
him figure it out on his own.
incorporated. I don't know if that list of complete or just a subset.
Someone wants to know the BIND equivalency so he can know how certain
features should behave. I guess I'll give him the list of RFC's and let
him figure it out on his own.
J
Jonathan de Boyne Pollard
DA> I've read Win2000's DNS is a psuedo-BIND 9 [...]
You've read some rubbish. (Where did you read it?) Microsoft's DNS server is
not BIND at all. BIND is a different software, written by a different
company. Your question about BIND versions of Microsoft's DNS server is,
therefore, meaningless.
There are many DNS server softwares available these days. Microsoft's DNS
server and ISC's BIND are just two of them.
You've read some rubbish. (Where did you read it?) Microsoft's DNS server is
not BIND at all. BIND is a different software, written by a different
company. Your question about BIND versions of Microsoft's DNS server is,
therefore, meaningless.
There are many DNS server softwares available these days. Microsoft's DNS
server and ISC's BIND are just two of them.
A
Ace Fekay [MVP]
The RFC would be a better solution in this case for that person. As Jonathan
metions, it's really tough (or not even fair) to compare the two. Each have
features that the others don't offer.
Ace
In
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
metions, it's really tough (or not even fair) to compare the two. Each have
features that the others don't offer.
Ace
In
David Adner said:
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
N
NT Canuck
Originally not even that high...
but MS has their_own DNS teams and focus area.
Caution...
some of this is more about networking and sockets than dns per se.
(both socket code and DNS have Berkeley.edu research roots)
Microsoft does have a proprietary socket ability in Win2k (iirc)
and I'm not sure if in WinNT4 or earlier...there is a "switch" present
in registry for that but MS version is_not universally compatible
so many sites/servers will not be accessible if it's enabled. Only
one or the other socket code can be used...and the default (enabled)
is for compatibility with berkeley sockets.
Archived notes can be found..(hunt keywords on your own)
http://www.filelibrary.com/find.shtml3
People also seem to confuse currently popular isc-bind implementations
with being BIND "creators"...Berkeley Internet Naming Daemon is not an
ISC invention... isc.org has done some wonderful derivative work but is a
seperate organization/entity from Berkeley.
Except (possibly) for djbdns ( http://cr.yp.to/djbdns.html ) all the
DNS in popular (96%) use are related directly or indirectly to the
original (or a later derivative) of the BIND stucture or code.
hint...afaik...Views were introduced in ISC-BIND 9.x series.
MS DNS supports AD properly...and personally I think the MS DNS
<currently> is best used for "AD enabled" LAN's (intranet) but MS
does not currently have as strong options for security when jumping
into public DNS (internet) as could_be accomplished.
Mind you...all in all...some choice and parellel works are a good thing...
or we could all end up toasted if some exploit hit and we had no options.
There were several attempts at various DNS (host file data-bases really)
server and clients over the years...some might have found stronger use
if they got a footing or support but seemed to dissolve due to the fast
paced evolutionary jungle the Internet and operating systems adopted.
On horizon...
Is a techically possible structure for resolving domains/ip's that is
more peer-to-peer based that appears not to be vulneable to many
current DNS system/hierarchy foibles.
Not surprising...Berkeley.edu has a part in this episode also!
<draw your own conclusions if interested>
Keywords...
DHT, SSL, Oceanshore
Links...
http://www.cs.berkeley.edu/~ravenben/tapestry/
http://research.microsoft.com/~antr/Pastry/
http://www.planet-lab.org/
--
'Seek and ye shall find'
NT Canuck
http://ntcanuck.com BIND-PE & DNS
http://ntcanuck.com/tq/ Tips & Tweaks
http://ntcanuck.com/net/board/index.php
news://news.grc.com/grc.techtalk.dns.bind_pe_beta
M
Michael Snyder [MSFT]
Just to be clear, the DNS server included in Win2k is not BIND.
There are some features that BIND has that Windows does not, and vice-versa.
BIND and Windows DNS each have features that go beyond RFC standards in
different ways.
Recent versions of each should be sufficiently interoperable in most
circumstances.
Personally, I think that Windows has a better management tool for DNS than
BIND does, but then I am biased.
There are some features that BIND has that Windows does not, and vice-versa.
BIND and Windows DNS each have features that go beyond RFC standards in
different ways.
Recent versions of each should be sufficiently interoperable in most
circumstances.
Personally, I think that Windows has a better management tool for DNS than
BIND does, but then I am biased.
A
Ace Fekay [MVP]
In
I agree and I share the bias.
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
Michael Snyder said:Just to be clear, the DNS server included in Win2k is not BIND.
There are some features that BIND has that Windows does not, and
vice-versa. BIND and Windows DNS each have features that go beyond
RFC standards in different ways.
Recent versions of each should be sufficiently interoperable in most
circumstances.
Personally, I think that Windows has a better management tool for DNS
than BIND does, but then I am biased.
I agree and I share the bias.
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
A
Ace Fekay [MVP]
In
Wow, great post NT.
I agree about MS DNS being easier to manage and best for AD, and that's also
reflecting Michael's views too. I didn't know views was a late edition.
Thought it was an earlier version. I haven't used BIND lately. It's been
quite a few years since I touched any Unix stuff at all matter of fact. Last
Unix flavor was SCO 5.05 about 4 years ago. And I do hope if any exploits
are out and discovered, they get plugged up in a hurry!
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
NT Canuck said:
Wow, great post NT.
I agree about MS DNS being easier to manage and best for AD, and that's also
reflecting Michael's views too. I didn't know views was a late edition.
Thought it was an earlier version. I haven't used BIND lately. It's been
quite a few years since I touched any Unix stuff at all matter of fact. Last
Unix flavor was SCO 5.05 about 4 years ago. And I do hope if any exploits
are out and discovered, they get plugged up in a hurry!
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
H
Herb Martin
I think you have gotten some good answers.
Even BIND 9 is a re-write from BIND 8 so don't expect there to be
any direct relationship.
They all work and play (pretty) well with each other, supporting the
RFCs but each, 8, 9, MS, adds some features not supported by the
others and leaves out some.
As several people said, for an MS or Active Directory network, you
really cannot beat Microsoft DNS on Win2003 (Win2000 is just Ok
in comparison now.)
For some public usage, one can do things with BIND that just aren't
supported
on MS and there are even other DNS servers that offer additional features or
performance benefits (like BIND-PE, or DJDNS [tiny & dnscache at
tinydns.org]).
Personally I prefer Win2003 DNS but use a BIND-9 caching only DNS server
on my Internet gateway since it will give me some control MS-DNS will not.
Also note, I strongly recommend that most people keep their PUBLIC DNS at
the Registrar (e.g., Register.Com)
Even BIND 9 is a re-write from BIND 8 so don't expect there to be
any direct relationship.
They all work and play (pretty) well with each other, supporting the
RFCs but each, 8, 9, MS, adds some features not supported by the
others and leaves out some.
As several people said, for an MS or Active Directory network, you
really cannot beat Microsoft DNS on Win2003 (Win2000 is just Ok
in comparison now.)
For some public usage, one can do things with BIND that just aren't
supported
on MS and there are even other DNS servers that offer additional features or
performance benefits (like BIND-PE, or DJDNS [tiny & dnscache at
tinydns.org]).
Personally I prefer Win2003 DNS but use a BIND-9 caching only DNS server
on my Internet gateway since it will give me some control MS-DNS will not.
Also note, I strongly recommend that most people keep their PUBLIC DNS at
the Registrar (e.g., Register.Com)
K
Kevin D. Goodknecht [MVP]
In
It is Microsoft DNS, the only relationship it has to BIND is they are both
DNS servers. It is kind of like comparing apples and oranges they are both
fruits but you cannot compare them beyond that. BIND supports some features
that MSDNS doesn't and vice-versa. Where MSDNS stands out, is in an AD
environment, it can integrate with Active Directory where BIND cannot and in
its GUI for administration. ADI on a DC is more secure than the
Primary/Secondary scenario you would have to use with BIND.
David Adner said:
It is Microsoft DNS, the only relationship it has to BIND is they are both
DNS servers. It is kind of like comparing apples and oranges they are both
fruits but you cannot compare them beyond that. BIND supports some features
that MSDNS doesn't and vice-versa. Where MSDNS stands out, is in an AD
environment, it can integrate with Active Directory where BIND cannot and in
its GUI for administration. ADI on a DC is more secure than the
Primary/Secondary scenario you would have to use with BIND.
K
Kenneth Porter
Is there a list somewhere of what's improved in 2003?
(And did they implement the delayed responsed in the 2003 DHCP server?)
What does BIND 9 do that 2003 lacks? I know that it supports a number of
experimental record types that 2000 lacks.
Nit, not the registrar, but one's hosting service. There are also low-cost
DNS-only services that can secondary for you, such as http://zoneedit.com/.
You can host your own master and use these services as secondaries, and
publish only the secondaries in the root zone, creating a "hidden master".
K
Kenneth Porter
Personally, I think that Windows has a better management tool for DNS
than BIND does, but then I am biased.
It's hard NOT to have a better management tool, since BIND doesn't have
one. It has some very nice diagnostic tools that Windows lacks, though,
like dig and nsupdate.
Remember that BIND is a reference implementation, designed to implement the
RFC's without being a commercial product. Its focus is on compliance.
Others make tools for managing it, including Webmin and some commercial
offerings.
In principle an enterprising Windows developer could write a front-end for
BIND that looks just like the Win2k snap-in, remotely managing a BIND
server.
(I use both BIND 9 and Win2k DNS and value having two strong contenders
keeping each other honest.)
H
Herb Martin
Is there a list somewhere of what's improved in 2003?
At Microsoft, start at the Win2003 home page:
http://www.Microsoft.com/windowsserver2003
Also the "Delta" guide is excellent:
Microsoft Windows Server 2003 Delta Guide -- by Don Jones (Author), Mark
Rouse
(Accuracy of what is 'new' is not perfect but the technical accuracy is real
good.)
Don't even know what you mean by that.
I use mostly the fact that I can pre-Load the cache (blackhole stuff) and
ACLs
with Views so you can give different zone views or allow only certain zones
to
be resolved (on a subnet mask basis) by some machines.
DNSSec is also (fully) supported and stuff like that but I don't use those.
No, I said and mean Registrar. You are far more likely to wish to change
ISPs,
add and remove hosting services, or even have multiple hosting services for
different
domains/zones.
The ISP (unless a very large one) is likely to have inferior 24/7 support
for keeping
the DNS running correctly or less likely to be "on the backbone" (high
bandwidth).
The Registrar typically has a Web page where you make your OWN DNS changes;
while most hosting services will expect you to "send an email or phone in
the changes."
Use the Registrar and manage your own DNS zone BUT NOT your own server.
At Microsoft, start at the Win2003 home page:
http://www.Microsoft.com/windowsserver2003
Also the "Delta" guide is excellent:
Microsoft Windows Server 2003 Delta Guide -- by Don Jones (Author), Mark
Rouse
(Accuracy of what is 'new' is not perfect but the technical accuracy is real
good.)
Don't even know what you mean by that.
I use mostly the fact that I can pre-Load the cache (blackhole stuff) and
ACLs
with Views so you can give different zone views or allow only certain zones
to
be resolved (on a subnet mask basis) by some machines.
DNSSec is also (fully) supported and stuff like that but I don't use those.
No, I said and mean Registrar. You are far more likely to wish to change
ISPs,
add and remove hosting services, or even have multiple hosting services for
different
domains/zones.
The ISP (unless a very large one) is likely to have inferior 24/7 support
for keeping
the DNS running correctly or less likely to be "on the backbone" (high
bandwidth).
The Registrar typically has a Web page where you make your OWN DNS changes;
while most hosting services will expect you to "send an email or phone in
the changes."
Use the Registrar and manage your own DNS zone BUT NOT your own server.
D
David Adner
There's a dig utility for 2000's DNS. I forget where I downloaded it,
but I know it's around. I don't know how it compares to what you've
seen, though.
but I know it's around. I don't know how it compares to what you've
seen, though.
A
Ace Fekay [MVP]
In
Download the Win32 version of BIND from www.isc.org, it's part of the
package.
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
David Adner said:
Download the Win32 version of BIND from www.isc.org, it's part of the
package.
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
M
Michael Snyder [MSFT]
I would love to hear any comments, complaints, missing features, or other
improvements that anyone would like to see in the DNS Manager snapin.
Either in a newsgroup post, or feel free to remove the online from my email
address and send directly to me.
I'll make sure the feedback is used in the consideration of the design of
the Longhorn version.
Thanks,
Mike
improvements that anyone would like to see in the DNS Manager snapin.
Either in a newsgroup post, or feel free to remove the online from my email
address and send directly to me.
I'll make sure the feedback is used in the consideration of the design of
the Longhorn version.
Thanks,
Mike
H
Herb Martin
Michael Snyder said:
Just the management snap-in or the DNS server functionality also?
One thing nice for the DNS snap-in would be an "easy export/import
configuration" mechanism -- might be more trouble and work that the value
but it would be nice.
Export (all zones OR by checkbox) and import them on another server.
(Probably not that hard either.)
J
Jonathan de Boyne Pollard
MSM> I would love to hear any comments, complaints, missing features,
MSM> or other improvements that anyone would like to see in the DNS
MSM> Manager snapin.
That's the thing, though. Your request is somewhat blinkered. It's not just
the DNS Manager Snap-In that needs improvement. One of the areas where
Microsoft's DNS server is in serious need of improvement is, as Kenneth
pointed out, in the area of _textual_ diagnostic tools. "nslookup" simply
doesn't cut the mustard. (After all, it's even been deprecated by the very
people that wrote it.) Microsoft's DNS server needs a good DNS diagnosis
tool, without any of the numerous flaws that "nslookup" has, and with a
_textual_ user interface so that its output can be copied and pasted into a
newsgroup posting.
Microsoft's DNS server needs an equivalent to "dnsqr", "dnsq", "dig",
"dnsquery", "dnsqry", and "askmara" (which are some of the various such tools
that come bundled with _other_ DNS server softwares).
MSM> or other improvements that anyone would like to see in the DNS
MSM> Manager snapin.
That's the thing, though. Your request is somewhat blinkered. It's not just
the DNS Manager Snap-In that needs improvement. One of the areas where
Microsoft's DNS server is in serious need of improvement is, as Kenneth
pointed out, in the area of _textual_ diagnostic tools. "nslookup" simply
doesn't cut the mustard. (After all, it's even been deprecated by the very
people that wrote it.) Microsoft's DNS server needs a good DNS diagnosis
tool, without any of the numerous flaws that "nslookup" has, and with a
_textual_ user interface so that its output can be copied and pasted into a
newsgroup posting.
Microsoft's DNS server needs an equivalent to "dnsqr", "dnsq", "dig",
"dnsquery", "dnsqry", and "askmara" (which are some of the various such tools
that come bundled with _other_ DNS server softwares).
J
Jonathan de Boyne Pollard
KP> Its focus is on compliance.
I'm not at all convinced that that is true. The developers of BIND flout the
DNS standards in several ways, just as much as do the developers of other DNS
server softwares. (This is, in part, because the DNS standards are quite poor
and in some places erroneous. But there have been instances in the case of
BIND where this has _not_ been the reason.)
I'm not at all convinced that that is true. The developers of BIND flout the
DNS standards in several ways, just as much as do the developers of other DNS
server softwares. (This is, in part, because the DNS standards are quite poor
and in some places erroneous. But there have been instances in the case of
BIND where this has _not_ been the reason.)