AD-DNS hosted on *nix QIP

  • Thread starter Thread starter youpski
  • Start date Start date
Y

youpski

I know AD-Dns hosted on *nix is a controversial topic but I want to
pose a question. A client has his (large) w2k AD-Dns infrastructure
hosted on *nix-QIP. They do not use a fully delegated zone, no DNS is
hosted on W2K. My first reaction was 'Aaaurgh!', but I need more than
that, also in the light of W2003. I know Secure updates are a problem
for service records, clients and perhaps applications, but what is the
actual impact (if any)?

Anyone want to elaborate on this, or maybe share any positive
experiences with QIP-dns? Are there problems that they are facing with
W2003? Btw the client only uses QIP for DNS, not for DHCP, so no
updates from DHCP in DNS or AD-site-information integration as far as
I can see. The client isn't negative or opposed concerning a possible
move towards W2K- or W2003-dns but needs to be convinced of the
benefits or need of such a migration.

any help is greatly appreciated,
thnx Y
 
youpski said:
I know AD-Dns hosted on *nix is a controversial topic but I want to
Click to expand...

Should be -- Microsoft documents it as a workable solution.
[
pose a question. A client has his (large) w2k AD-Dns infrastructure
hosted on *nix-QIP. They do not use a fully delegated zone, no DNS is
hosted on W2K. My first reaction was 'Aaaurgh!', but I need more than
that, also in the light of W2003. I know Secure updates are a problem
for service records, clients and perhaps applications, but what is the
actual impact (if any)?
Click to expand...

It is security and replication efficiency mostly -- but also for some people
"multi-mastered dynamic REGISTRATION" may be a big win. A few
people have switched TO Win2000+ for this feature alone (even having
no Win2000 domains.)

You know about secure updates. You probably realize that AD-DNS
gives you "better replication" (only changes, compressed, and carried
in the existing AD replication.)

You might not care that AD-DNS effectively eliminates the need to setup
and maintain the (separate) DNS replication since you much configure
AD either way.

AD-DNS is more secure DURING replication since the information is
compressed/encrypted but this doesn't seem to impress most people.

The big win only occurs for distributed companies where LOCAL
Dynamic registration can occur and the new records can be available
where they are most likely to be needed, i.e., locally. This "multi-
mastered dynamic registration" is not possible with a SINGLE
Primary DNS server.
 
Back
Top