W2K multi-master features

Kevin Darcy kcd at daimlerchrysler.com
Fri Aug 16 20:29:43 UTC 2002 

"Michael E. Hanson" wrote:

> > Our company is wondering whether or not use Microsoft DNS (a W2K/AD
> > architecture is going to be implemented soon).
> >
> > Does W2K multi-master capacity really avoid the 'single point of
> > failure caused if the primary dns server fails' (and so prevent any
> > dynamic update) in a primary/secondary dns architecture ?
>
> Yes, assuming you configure more than one DNS server and you have set it up
> with AD Integrated Zones
>
> > Or is there any characteristic offering absolute advantages for using
> > Microsoft DNS ?
>
> With Win2K AD, DNS becomes the primary name/address resolution method (in
> the past it was NetBIOS/WINS), making your DNS a critical component of your
> AD structure.  Depending on the complexity of your AD structure, the number
> and complexity of the DNS entries can be incredible.  While its possible to
> implement everything that's required using BIND 8.2.1 or later (9.2.1 is the
> recommended version currently I believe), it can get very difficult,
> especially when you have configured AD Sites.
>
> In addition, if you have AD integrated zones for your network, and you DO
> happen to lose a DNS server, all you have to do is install the DNS service
> on another AD Domain Controller and it will pick up the ENTIRE DSN
> configuration from AD, eliminating the need to restore config files. This
> assumes, of course, that you've maintained redundancy in your Domain
> Controllers.
>
> > We are currently using Bind and Lucent (VitalQIP) DNS servers.
> What Versions?  If you're going to use them with Win2K AD, they need to
> support SRV records at a minimum, and you'll really want them to support
> dynamic updates and incremental zone transfers.
>
> Another alternative, and one that I usually recommend if the client is
> willing, is to continue to use BIND to support your Public Namespace (e.g.,
> MyCompany.com), and place these servers in your DMZ or at off site locations
> (like your ISP).  Delegate a subdomain (e.g., Corp.MyCompany.com) to your
> Win2K DNS, and place this inside your private network.  Make your internal
> DNS a Win2k AD Integrated Zone, and configure it with a "forwarder" to the
> external DNS for public/internet addresses.  You get the benefits of the
> Win2K AD Integrated DNS for your Win2k AD structure, and the continued
> simplicity/reliability/stability of BIND for your Public Namespace.
>
> Also consider using Win2K DHCP to assign all your internal workstation
> addresses, regardless of client O/S, and configure it to perform both the
> forward and reverse lookup zone updates in DNS.  Greatly simplifies
> workstation and DNS maintenance.  It also means you can turn off the
> automatic DNS updating in your Win2K Professional and Win XP Professional
> clients (cutting down on network traffic) and you can configure Win2K DNS to
> only accept updates from the DHCP server, making your DNS database more
> secure.
>
> _______________
> Michael E. Hanson
> President, Gryphon Consulting  Services
> (http://www.GryphonsGate.com)
> P.O. Box 1151
> Bellevue, NE  68005-1151
> (402) 871-9622
>
> MEHanson at GryphonsGate.com (primary)
> Gryphons_Master at yahoo.com
> ----- Original Message -----
> From: "Lionel Deruaz" <lderuaz at free.fr>
> Newsgroups: comp.protocols.dns.bind
> To: <comp-protocols-dns-bind at isc.org>
> Sent: Tuesday, August 13, 2002 2:56 AM
> Subject: W2K multi-master features
>
> >
> > Hello,
> >
> > Our company is wondering wether or not use Microsoft DNS (a W2K/AD
> > architecture is going to be implemented soon).
> >
> > Does W2K multi-master capacity really avoid the 'single point of
> > failure caused if the primary dns server fails' (and so prevent any
> > dynamic update) in a primary/secondary dns architecture ?
> > Or is there any characteristic offering absolute advantages for using
> > Microsoft DNS ?
> > We are currently using Bind and Lucent (VitalQIP) DNS servers.

Nice to see that you are recommending your customers lock themselves into the
products of a convicted monopolist.

The original poster mentioned that they were already running QIP, an
industrial-strength DHCP and address management platform and, as I've heard, a
quite pricey one at that. Why oh why would they dump that significant
money/time/resource investment in favor of Microsoft's DHCP implementation?

(Yes, this is starting to drift somewhat off-topic, but since QIP's
DNS component is BIND-based and the answer to my question quite likely involves
the issue of DNS<->DHCP integration, I don't think it is yet off-topic enough
to be taken off this list).


- Kevin

More information about the bind-users mailing list