How can I setup BIND for redundancy with efficient replication?
Kevin Darcy
kcd at daimlerchrysler.com
Wed Nov 6 21:59:41 UTC 2002
"Michael E. Hanson" wrote:
> I know this is a BIND list, and this may be a unpopular position here, but
> in this case, why are you NOT using M$ DNS? What you're describing sounds
> like a perfect application of M$ Active Directory Integrated DNS.
Um, no. The original poster said that the servers in question were "heavily
locked down", so much so that he couldn't run "nscopy". I'm not exactly sure
what "nscopy" is, but I'd guess it's some script which does rsync-over-ssh. If
the boxes are so heavily locked down that they can't even support ssh, do you
_really_ think they'll be able to support the multitude of ports that AD
requires for server-to-server communication? Fat chance. I have a Microsoft
White Paper on my desk that lists anywhere from 4 to 15 ports that need to be
opened to allow AD server-to-server operation, depending on how
crippled/convoluted you want to make your AD and/or whether you want to
implement a whole IPSEC stack on your AD servers.
If the user can get enough ports opened for AD server-to-server, he can almost
*certainly* get enough ports opened for ssh or whatever "nscopy" uses, in which
case he can go with a BIND-with-alternate-replication-method and I think he'll
be much happier in the long run with that.
- Kevin
More information about the bind-users
mailing list