What is Win2000's BIND version?

[Herb Martin]

I think the OS debates will continue forever, just as some of the ongoing

conflicts that are going on in our world will have no end.

Sure, but I always say if it has a "processor" then I can program it.
<grin>

Many CPUs, many OSs, many languages -- it's all fun.

 

[NT Canuck]

NC> Except (possibly) for djbdns ( http://cr.yp.to/djbdns.html ) all
NC> the DNS in popular (96%) use are related directly or indirectly
NC> to the original (or a later derivative) of the BIND stucture or
NC> code.

I don't know whence you obtained that 96% figure from, but the
only survey done in recent years whose results I've seen actually
published puts BIND 4, 8, and 9 combined at 75% (of the servers that
actually responded), with "djbdns" at 8.5%, eNom DNS server at 3%,
with the remainder being either unidentifiable or softwares with a 1%
or less share.
<URL:http://cr.yp.to/surveys/dns1.html>

ok...if the 96% figure is the only major nit from my post...
then I am a happy camper. ;-) 86% is ok too...just a point being
made that the original Berkeley BIND was major influence.

I was going a bit from memory...and consdering mostly the
gTLD and ccTLD along with the legacy ROOT's. I don't
consider MS DNS to be totally divorced in it's "heritage",
and eNOM may have never code (i haven't had chance to
look) but the the original BIND writer is at eNOM now (iirc).

I'd suppose if you looked purely client side...MS would
stand in similar figures...versus nix and friends as nix
and friends are in TLD areas.

--
'Seek and ye shall find'
NT Canuck
http://ntcanuck.com BIND-PE & DNS
http://ntcanuck.com/tq/ Tips & Tweaks
http://ntcanuck.com/net/board/index.php
news://news.grc.com/grc.techtalk.dns.bind_pe_beta

 

[NT Canuck]

NC> Except (possibly) for djbdns ( http://cr.yp.to/djbdns.html ) all
NC> the DNS [servers] in popular (96%) use are related directly or
NC> indirectly to the original (or a later derivative) of the BIND
NC> stucture or code.

It's not just a possibility. "djbdns" is definitely not related to BIND.
And, actually, it's not just "djbdns" that is not based upon BIND code.

Yes, the djbdns has distinct speed advantages in some scenario's,
although I am not certain if it's due to fact that it does not support
a few functions of (can i say legacy bind?). heh
Their is Mara dns and hosts of others. We went over all we could
find before designing the bindpe, in case something useful might
have been lost (or discarded) along the years.

There are quite a lot of DNS server softwares that aren't derivatives
of BIND.

The percentage (for one reason or another) is small, although I do
hope they are get some decent market share...very few work in
the DNS field in comparison to almost any other design area.

Moreover, it's not just "djbdns" that (in contrast with Microsoft's DNS
server) doesn't imitate the BIND all-of-the-hats-at-once design, either.
For example: PowerDNS doesn't.

thank you, I'm not totally in favor myself of being too integrated,
but even if we went more modular (which we are trying todo with
"plugins" and possilbly unique *.dll's) we risk having files mixed
up (sort of dll hell) due to any needed updates/versions.

--
'Seek and ye shall find'
NT Canuck
http://ntcanuck.com BIND-PE & DNS
http://ntcanuck.com/tq/ Tips & Tweaks
http://ntcanuck.com/net/board/index.php
news://news.grc.com/grc.techtalk.dns.bind_pe_beta

 

[NT Canuck]

Jonathan is correct. If you think the MS vs. Linux or BIND vs. MS-DNS
arguments are heated, you should read some of the BIND vs. DJBDNS
articles.

Those folks come right out and accuse each other of lying.

I have no idea where/how that started...but it's true that one risks
getting mired in semantics and not functionality when reading
or joining one of the djbdns or ISC debates. I dislike that practice
as it only trains people to argue first, instead of co-operate/discuss.

In order to progress or improve any_software...one must admit
that an error may_exist...or another method/direction may be better.
Putting aside feelings and listening, is paramount to co-operation.
<imo>

--
'Seek and ye shall find'
NT Canuck
http://ntcanuck.com BIND-PE & DNS
http://ntcanuck.com/tq/ Tips & Tweaks
http://ntcanuck.com/net/board/index.php
news://news.grc.com/grc.techtalk.dns.bind_pe_beta

 

[Kenneth Porter]

There's a dig utility for 2000's DNS.

It's part of the BIND package, but works fine standalone with other
vendors' DNS (including Win2k). Win2k includes nslookup, which is
deprecated in favor of dig.

I also like Sam Spade for Windows (http://www.samspade.org/) which combines
a graphical dig tool with several other useful tools for debugging DNS.

 

[Kenneth Porter]

I know it's not necessarily a DNS Manager snapin thing only, but one of
the features our DNS folks like is the ability to provide a brief
annotation to each record (if desired). This allows them to provide
basic info surrounding the record, such as who created it, why, what
it's used for, etc. NetWare's DNS provides this feature and it's
something I miss in MS's DNS. Trust me, I much prefer MS's DNS, but
this is something I'd like to see added in.

Good point. One can sorta do that with BIND, by using a custom DB back-end
like MySQL, but of course with BIND there's no associated management tool
so one would have to roll one's own, perhaps with PHP.

While we're talking about records, I'd also like to see better support for
"unusual" records, either through some generic display/edit system or with
the ability to plug in a DLL to handle them. For instance, I don't think
the current manager handles LOC records (latitude/longitude/altitude).

Combine this with the DB system and one could in principle do geographical
asset tracking with DNS.

 

[Herb Martin]

I have no idea where/how that started...but it's true that one risks

getting mired in semantics and not functionality when reading
or joining one of the djbdns or ISC debates. I dislike that practice
as it only trains people to argue first, instead of co-operate/discuss.

In order to progress or improve any_software...one must admit
that an error may_exist...or another method/direction may be better.
Putting aside feelings and listening, is paramount to co-operation.
<imo>

I agree (the argument was only an example of one that is much further
out of control or at least a lot less civil.)

I have read a lot reading some of those arguments -- only issue for me
is when they actually disagree on a TECHNICAL and verifiable point,
especially one with which I am unfamiliar and probably won't implement.

Some of these are so easy to test (for those interested) that the arguments
would seem trivial to prove or disapprove among experts.

 

[Kenneth Porter]

I personally own testing of the DNS Manager snapin, but I do work closely
with the DNS team and will make sure that they see any comments that you
have about the DNS Server.

Will Longhorn support MD5-TSIG for interoperability with BIND to allow
cross-platform secure updates?

Do you talk to the DHCP server people? A feature I've wanted in the Windows
server that I've only seen in the ISC server is the ability to respond only
to DHCP client retries. In the ISC server this is set with the "minsecs"
parameter. The client increments this field in the request with each retry
(typically once per second) and the server responds when the field reaches
its threshold. I have two DHCP servers serving different ranges for
redundancy and clients seem to ping pong between them, causing my arp
monitor (which watches for martian clients) to keep going off. If I could
set the nominal backup server to only respond to retries, clients should
always get the same address with each renewal. (This mostly affects mobile
clients that temporarily get an address from another site, so when they
return to mine, they don't know to contact a specific server for their
address.)

 

[Kenneth Porter]

Yes, someone knowledgeable posted that "BIND was a reference
implementation" in this thread or a nearby one -- not so, and this is
mistaken impression of BIND.
It might be a de facto implementation but it is not an official
reference implementation.

I was remembering this text from ISC's BIND page
(http://www.isc.org/products/BIND/):

BIND (Berkeley Internet Name Domain) is an implementation of the
Domain Name System (DNS) protocols and provides an openly
redistributable reference implementation of the major components of
the Domain Name System, including:

* a Domain Name System server (named)
* a Domain Name System resolver library
* tools for verifying the proper operation of the DNS server

The ISC "About Us" page (http://www.isc.org/ISC/) also claims that its
products are reference implementations.

Mind you, I don't work for ISC. I'm just reporting what they claim.

I don't know that anything on the Internet can be called "official", since
it's something of an anarchy and standards are enforced mostly by one's
need to interoperate with other players.

 

[Kenneth Porter]

Especially if you consider all the Win98/ME and Pro ICS machines
acting as caching only DNS servers (they are.)

I don't know what ICS is, nor have experience with ME, but I don't recall
any server capability in 98. AFAIK it has only a resolver.

 

[Kenneth Porter]

No, I said and mean Registrar. You are far more likely to wish to
change ISPs, add and remove hosting services, or even have multiple
hosting services for different domains/zones.

The ISP (unless a very large one) is likely to have inferior 24/7
support for keeping the DNS running correctly or less likely to be "on
the backbone" (high bandwidth). The Registrar typically has a Web page
where you make your OWN DNS changes; while most hosting services will
expect you to "send an email or phone in the changes."

I stand corrected! Listen to that man!

I guess the "callus" I have over that "injury" was blinding me to the
memory of incompetent IPP (presence provider) handling of DNS. That, and
the fact that I moved my secondaries to ZoneEdit and brought my master in-
house, and no longer let IPP's deal with my zones.

Registrars specialize in DNS, while IPP's specialize in web hosting, so it
makes sense that a registrar would have the better tools for controlling
one's DNS records.

On the flip side, my commercial ISP's (PacBell, UUNET, Cogent) have done a
decent job of reverse delegation. In Cogent's case, they're an indirect
ISP: I host a game server with one of their customers and the hoster has no
interest in DNS, I had to go to Cogent to get my reverse set up. It went
very smoothly.

 

[Herb Martin]

Especially if you consider all the Win98/ME and Pro ICS machines

I don't know what ICS is, nor have experience with ME, but I don't recall
any server capability in 98. AFAIK it has only a resolver.

Win98 supports "Internet Connection Sharing" which makes the
Win98 computer a limited DHCP server, router, and DNS caching
server (no zones allowed.)

All the Win2000, XP, and Win2003 support ICS as well, although it is
more common to use NAT on the "Server" products, but NAT also supports
these features if you prefer them to the "real" DNS or DHCP server.

 

[Herb Martin]

Someone can "claim" they are "A reference implementation" but they
cannot honestly claim to be THE reference implementation.

No RFC declares that.

 

[Herb Martin]

I stand corrected! Listen to that man!

We agree (see your's below) -- for most people the Registrar is preferable.

You on the other hand have an "Excellent ISP" that suits your needs (hard to
find and usually expensive so we get back to people with LARGE Internet
presence.)

Also, one fellow (Greece or some even smaller country in the Meditorranean
I believe) wrote last month to say his "Registrar" didn't even offer these
services.

He was using some small local "country code" Registrar that has no
competition.

 

[Michael Snyder [MSFT]]

Yes, I do talk to the DHCP people and have sent them your request.

As far as your TSIG question, I am not sure what Longhorn will support yet.

 

[Ace Fekay [MVP]]

In

Sure, but I always say if it has a "processor" then I can program it.
<grin>

Many CPUs, many OSs, many languages -- it's all fun.

True...

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Kenneth Porter]

Someone can "claim" they are "A reference implementation" but they
cannot honestly claim to be THE reference implementation.

No RFC declares that.

Oops, did I say "the" somewhere? My apologies if that's the case.

 

[Kenneth Porter]

All the Win2000, XP, and Win2003 support ICS as well, although it is
more common to use NAT on the "Server" products, but NAT also supports
these features if you prefer them to the "real" DNS or DHCP server.

Do you mean RRAS? I set up a Win2003 server not long ago and I don't think
RRAS did anything directly to support DNS or DHCP. Those are separate
services.

I know a lot of consumer broadband routers supply a simple DNS server and
both DHCP client (for ISP) and server (for LAN clients). IIRC the last time
I checked on one of those mini-DNS servers it lacked any reverse address
capability, which can cause grief with some software that demands it.

 

[Herb Martin]

All the Win2000, XP, and Win2003 support ICS as well, although it is

Do you mean RRAS? I set up a Win2003 server not long ago and I don't think
RRAS did anything directly to support DNS or DHCP. Those are separate
services.

Only NAT is in RRAS (servers only); ICS is configured (on servers or
non-servers)
from the Network and Dial Up connection.)

NAT has the DHCP feature but most people don't use it since they are working
from a Server (by definition when using NAT). It also has the DNS caching
Server
setting (but it doesn't read that way on the GUI.)

I know a lot of consumer broadband routers supply a simple DNS server and
both DHCP client (for ISP) and server (for LAN clients). IIRC the last time
I checked on one of those mini-DNS servers it lacked any reverse address
capability, which can cause grief with some software that demands it.

I am not talking about a server that uses Zones (which is the only sense in
which
such routers would NOT support reverse lookups) -- we are talking about an
effective CACHING ONLY server.

Does lookups but doesn't even have any zone (or even perhaps the capability
to
create any zones.)

 

[Jonathan de Boyne Pollard]

JdeBP> I don't know whence you obtained that 96% figure from, but
JdeBP> the only survey done in recent years whose results I've seen
JdeBP> actually published puts BIND 4, 8, and 9 combined at 75% (of
JdeBP> the servers that actually responded), with "djbdns" at 8.5%,
JdeBP> eNom DNS server at 3%, with the remainder being either
JdeBP> unidentifiable or softwares with a 1% or less share.
JdeBP> <URL:http://cr.yp.to/surveys/dns1.html>

NC> ok...if the 96% figure is the only major nit from my post...
NC> then I am a happy camper. ;-) 86% is ok too...

86% is _another_ figure that you appear to have come up with out of thin air.
The number for BIND that I gave was, as can be seen, 75%. Whence are you
obtaining these numbers from ?

NC> I was going a bit from memory...and consdering mostly the
NC> gTLD and ccTLD along with the legacy ROOT's.

That's both a far smaller sample than the one used by the actual survey, and a
biased one to boot. The survey surveyed just over two million domains,
whereas there are only just over a couple of hundred CCTLDs and GTLDs in the
diminutive root, a difference of several orders of magnitude (and a sample
size that is probably unacceptably small). And ICANN's "." content DNS
servers are strongly biased towards BIND, given that several of them (all of
the servers at 192.5.5.241 and at 2001:500::1035) are run by the very company
that writes BIND.

I haven't surveyed the CCTLD content DNS servers, or seen the results of
anyone else having done so (so, again, don't know whence you are obtaining
these figures, that you remember, from). I happen to know that one CCTLD just
recently switched from using BIND to using "djbdns".

NC> I don't consider MS DNS to be totally divorced in it's
NC> "heritage", [...]

It may use the same all-of-the-hats-at-once design, but it isn't derived from
BIND.

NC> eNOM may have never code (i haven't had chance to
NC> look) but the the original BIND writer is at eNOM now (iirc).

That sentence makes no sense.