bind vs. MS DNS

Kevin Darcy kcd at daimlerchrysler.com
Wed Jun 16 02:37:30 UTC 2004 

huffman at graze.net wrote:

>All,
>
>   Don't want to start any nasty feuds, but can anyone point me to pros / cons
>of using bind in favor of MS DNS?  My company is currently looking at migrating
>from a UNIX / Bind DNS scenario to MS DNS / Active Directory.  I feel that the
>maturity, security, and stability of bind on UNIX are big wins, but currently
>we're not hosting our own DNS externally, so security is *less* of a concern and
>we're small so things like views, and scalability are also not concerns....
>
>Pointers to any articles would also be helpful.
>
Well, first of all, if you already have a functioning UNIX/BIND DNS 
infrastructure, why is the burden not on your Microsofties to justify 
changing that? Why should the burden be on you to defend it?

Also, hopefully you realize that this is not a strict either/or 
situation. BIND and AD/MS-DNS can co-exist. Delegate the "underscore" 
zones (_msdcs and friends) to the MS-DNS servers and they can do 
whatever they want with it. Now, if you want to make secure Dynamic 
Updates directly from Win2K (or Win2K3) clients to the DNS of your main 
domain, then you're not going to be able to use BIND for that. But 
technically that's not an Active Directory function; it's a Win2K* 
function, and one that many folks find to be not worth the resources it 
consumes. Depends on what you're trying to achieve.

Off the top of my head, the pros of MS-DNS are: secure Dynamic Update 
compatibility with Win2K* clients, the "scavenging" feature, and 
multi-master replication. The pros of BIND are: better 
standards-adherence, better manageability (easier to automate functions 
via Unix scripting, easier to troubleshoot since you have than just a 
GUI to look at), faster response to security problems (based on 
Microsoft's track record of providing security patches), wider variety 
of platforms (various Unix and Linux flavors; you can even run it on 
Windows if you want, but you lose some of the other benefits if you do 
that), more flexibility (you said you didn't care about views and the 
like, but other features like sortlists, logging options, 
resource-tuning options, etc. might come in useful some day, and last I 
heard, weren't available in MS-DNS, although I see they finally added 
stub zones and selective forwarding...).

                                                                         
                                          - Kevin

More information about the bind-users mailing list