I need Arguments: Bind 9 vs. MS DNS (Win2000)
Simon Waters
Simon at wretched.demon.co.uk
Thu Jan 24 15:49:34 UTC 2002
Kevin Darcy wrote:
>
> (Tentatively, security could be another bullet point, but BIND's recent
> security track record isn't exactly spotless. When considering security,
> however, the security of the whole *system* needs to be looked at, not just the
> security of one piece of software running on the system. Win2K isn't exactly a
> shining example of a secure OS. Admittedly, this is a harder argument to make
> than the others above).
BIND9 still has a spotless security record AFAIK. I don't think
we should confuse security across different code bases.
GSS-TSIG requires ADS integration afaik, which would make you
more dependant on ADS than M$ corporation who kept the two
systems distinct.
Have they sorted out the serial numbers to Barry's (?)
satisfaction in MS-DNS with ADS?
I like some of the ideas in the MS ADS integrated systems, the
multimaster approach, with the options to make "replication"
error intolerant, means you reuse your ADS replication schema.
The problems are standard compliance and implementation quality
issues.
Assuming you want to integrate DDNS with DHCP, how much
experience do the W2K proponents have of running operational
24x7 ADS implementations? You said BIND8 is working well, I
think they have to prove that W2K will be better.
I think the security argument is pretty easy to make, but no one
worries about security till after they have the desired
functionality, and by then it is usually too late.
More information about the bind-users
mailing list