AD-DNS hosted on *nix QIP

Y

youpski

I know AD-Dns hosted on *nix is a controversial topic but I want to
pose a question. A client has his (large) w2k AD-Dns infrastructure
hosted on *nix-QIP. They do not use a fully delegated zone, no DNS is
hosted on W2K. My first reaction was 'Aaaurgh!', but I need more than
that, also in the light of W2003. I know Secure updates are a problem
for service records, clients and perhaps applications, but what is the
actual impact (if any)?

Anyone want to elaborate on this, or maybe share any positive
experiences with QIP-dns? Are there problems that they are facing with
W2003? Btw the client only uses QIP for DNS, not for DHCP, so no
updates from DHCP in DNS or AD-site-information integration as far as
I can see. The client isn't negative or opposed concerning a possible
move towards W2K- or W2003-dns but needs to be convinced of the
benefits or need of such a migration.

any help is greatly appreciated,
thnx Y
 
H

Herb Martin

youpski said:
I know AD-Dns hosted on *nix is a controversial topic but I want to
Click to expand...

Should be -- Microsoft documents it as a workable solution.
[
pose a question. A client has his (large) w2k AD-Dns infrastructure
hosted on *nix-QIP. They do not use a fully delegated zone, no DNS is
hosted on W2K. My first reaction was 'Aaaurgh!', but I need more than
that, also in the light of W2003. I know Secure updates are a problem
for service records, clients and perhaps applications, but what is the
actual impact (if any)?
Click to expand...

It is security and replication efficiency mostly -- but also for some people
"multi-mastered dynamic REGISTRATION" may be a big win. A few
people have switched TO Win2000+ for this feature alone (even having
no Win2000 domains.)

You know about secure updates. You probably realize that AD-DNS
gives you "better replication" (only changes, compressed, and carried
in the existing AD replication.)

You might not care that AD-DNS effectively eliminates the need to setup
and maintain the (separate) DNS replication since you much configure
AD either way.

AD-DNS is more secure DURING replication since the information is
compressed/encrypted but this doesn't seem to impress most people.

The big win only occurs for distributed companies where LOCAL
Dynamic registration can occur and the new records can be available
where they are most likely to be needed, i.e., locally. This "multi-
mastered dynamic registration" is not possible with a SINGLE
Primary DNS server.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

DNS Registrations from Solaris/QIP DHCP Servers 1
W2K DNS Forwarding 14
DNS Entries 1
Internal DNS not functioning in AD 11
Long Logon time after AD upgrade 1
[Switch] How to choose a server based on a domain name question 1
DNS AD-integration questions 3
Win 2000 AD integrated DNS on second DNS server problem 1

Top