Speed of BIND vs. W2k DNS

Jim Reid jim at rfc1035.com
Sun Dec 24 09:33:54 UTC 2000 

>>>>> "alevey" == alevey  <alevey at home.com> writes:

    alevey> Unsecure updates work fine between BIND & W2K-DNS 

This is like saying banks work just fine if the door to the vault is
left wide open to everyone who wants to deposit or withdraw money.

    alevey> You missed a HUGE aspect of W2K DNS... multi-master. No single
    alevey> point of failure, unlike BIND.

IIUC, multi-master is needed in W2K for Active Directory, not DNS.

The "single point of failure" you refer to is in fact fundamental to
the DNS. It's not a feature of BIND per se. All DNS implementations
are supposed to have a single, definitive place where updates to a
zone contents are performed. I quote from RFC1034:

	The general model of automatic zone transfer or refreshing is
	that one of the name servers is the master or primary for the
	zone.  Changes are coordinated at the primary, typically by
	editing a master file for the zone.

In places where this single point of failure *really* matters - and
there aren't that many of them - there are plenty of solutions:
redundant hardware, "fault tolerant" OS'es, "high availability"
subsystems like ServiceGuard, disk mirroring, etc, etc.

As for this multi-master stuff being a benefit, we can agree to
differ. Firstly, there's no openly published or agreed protocol for
doing this. So there's no way for non-M$ DNS implementations to
participate. This is probably only acceptable to the people who want
to hand over their DNS (and therefore their network) to Microsoft. The
next issue is that any multi-master scheme will have a complicated
replication and resynchronisation mechanism. If updates are allowed
while this is in progress, you could end up in an infinite loop of
replicating master servers. If you don't, you have a single point of
failure which eliminates the justification for multi-mastering. Thirdly,
IIUC, the multi-master features in W2K depend on the masters being
continuously being in touch with each other. Can you tell me what
happens when host A sends an update to multi-master server X at the
same time as host B sends a conflicting update to multi-master server
Y? Suppose A's update means B's fails and vice versa. What if X and Y
can't talk to each other and what happens once connectivity between
them is restored?

    alevey> People have seen problems using BIND and DDNS in a W2K
    alevey> enviro. Mostly with BIND not taking the updates
    alevey> properly. A records I think....

Instead of some anecdotal hearsay, can you present any hard evidence
to support these claims? If there are any problems, they are most
likely caused by administrative error. For example, when the W2K box
sends updates with proprietary GSS-TSIG authentication or else dynamic
updates were not enabled on the BIND server.

More information about the bind-users mailing list