What is Win2000's BIND version?

  • Thread starter Thread starter David Adner
  • Start date Start date
D

David Adner

I've read Win2000's DNS is a psuedo-BIND 9, but does anyone know what it
really is? Like, 8.2.4 (or whatever) with some of 9's features?
 
In
David Adner said:
I've read Win2000's DNS is a psuedo-BIND 9, but does anyone know what
it really is? Like, 8.2.4 (or whatever) with some of 9's features?
Click to expand...

I remember someone saying close to 4.98?

Just joking... I'm not sure. There are some features that BIND supports that
MS DNS does not, such as "views", and that's been around from the earlier
versions of BIND.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
I know the DNS whitepaper has a list of RFC and draft RFC's that they
incorporated. I don't know if that list of complete or just a subset.
Someone wants to know the BIND equivalency so he can know how certain
features should behave. I guess I'll give him the list of RFC's and let
him figure it out on his own.
 
DA> I've read Win2000's DNS is a psuedo-BIND 9 [...]

You've read some rubbish. (Where did you read it?) Microsoft's DNS server is
not BIND at all. BIND is a different software, written by a different
company. Your question about BIND versions of Microsoft's DNS server is,
therefore, meaningless.

There are many DNS server softwares available these days. Microsoft's DNS
server and ISC's BIND are just two of them.
 
The RFC would be a better solution in this case for that person. As Jonathan
metions, it's really tough (or not even fair) to compare the two. Each have
features that the others don't offer.

Ace

In
David Adner said:
I know the DNS whitepaper has a list of RFC and draft RFC's that they
incorporated. I don't know if that list of complete or just a subset.
Someone wants to know the BIND equivalency so he can know how certain
features should behave. I guess I'll give him the list of RFC's and
let
him figure it out on his own.
Click to expand...



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
I remember someone saying close to 4.98?
Click to expand...

Originally not even that high...
but MS has their_own DNS teams and focus area.
Just joking... I'm not sure.
Click to expand...

Caution...
some of this is more about networking and sockets than dns per se.
(both socket code and DNS have Berkeley.edu research roots)
Microsoft does have a proprietary socket ability in Win2k (iirc)
and I'm not sure if in WinNT4 or earlier...there is a "switch" present
in registry for that but MS version is_not universally compatible
so many sites/servers will not be accessible if it's enabled. Only
one or the other socket code can be used...and the default (enabled)
is for compatibility with berkeley sockets.
Archived notes can be found..(hunt keywords on your own)
http://www.filelibrary.com/find.shtml3


People also seem to confuse currently popular isc-bind implementations
with being BIND "creators"...Berkeley Internet Naming Daemon is not an
ISC invention... isc.org has done some wonderful derivative work but is a
seperate organization/entity from Berkeley.

Except (possibly) for djbdns ( http://cr.yp.to/djbdns.html ) all the
DNS in popular (96%) use are related directly or indirectly to the
original (or a later derivative) of the BIND stucture or code.
There are some features that BIND supports that MS DNS does not,
such as "views", and that's been around from the earlier versions of BIND.
Click to expand...

hint...afaik...Views were introduced in ISC-BIND 9.x series.

MS DNS supports AD properly...and personally I think the MS DNS
<currently> is best used for "AD enabled" LAN's (intranet) but MS
does not currently have as strong options for security when jumping
into public DNS (internet) as could_be accomplished.

Mind you...all in all...some choice and parellel works are a good thing...
or we could all end up toasted if some exploit hit and we had no options.

There were several attempts at various DNS (host file data-bases really)
server and clients over the years...some might have found stronger use
if they got a footing or support but seemed to dissolve due to the fast
paced evolutionary jungle the Internet and operating systems adopted.

On horizon...
Is a techically possible structure for resolving domains/ip's that is
more peer-to-peer based that appears not to be vulneable to many
current DNS system/hierarchy foibles.
Not surprising...Berkeley.edu has a part in this episode also!
<draw your own conclusions if interested>
Keywords...
DHT, SSL, Oceanshore
Links...
http://www.cs.berkeley.edu/~ravenben/tapestry/
http://research.microsoft.com/~antr/Pastry/
http://www.planet-lab.org/

--
'Seek and ye shall find'
NT Canuck
http://ntcanuck.com BIND-PE & DNS
http://ntcanuck.com/tq/ Tips & Tweaks
http://ntcanuck.com/net/board/index.php
news://news.grc.com/grc.techtalk.dns.bind_pe_beta
 
Just to be clear, the DNS server included in Win2k is not BIND.

There are some features that BIND has that Windows does not, and vice-versa.
BIND and Windows DNS each have features that go beyond RFC standards in
different ways.
Recent versions of each should be sufficiently interoperable in most
circumstances.

Personally, I think that Windows has a better management tool for DNS than
BIND does, but then I am biased. :)
 
In
Michael Snyder said:
Just to be clear, the DNS server included in Win2k is not BIND.

There are some features that BIND has that Windows does not, and
vice-versa. BIND and Windows DNS each have features that go beyond
RFC standards in different ways.
Recent versions of each should be sufficiently interoperable in most
circumstances.

Personally, I think that Windows has a better management tool for DNS
than BIND does, but then I am biased. :)
Click to expand...

I agree and I share the bias.
:-)

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In
NT Canuck said:
Originally not even that high...
but MS has their_own DNS teams and focus area.


Caution...
some of this is more about networking and sockets than dns per se.
(both socket code and DNS have Berkeley.edu research roots)
Microsoft does have a proprietary socket ability in Win2k (iirc)
and I'm not sure if in WinNT4 or earlier...there is a "switch" present
in registry for that but MS version is_not universally compatible
so many sites/servers will not be accessible if it's enabled. Only
one or the other socket code can be used...and the default (enabled)
is for compatibility with berkeley sockets.
Archived notes can be found..(hunt keywords on your own)
http://www.filelibrary.com/find.shtml3


People also seem to confuse currently popular isc-bind implementations
with being BIND "creators"...Berkeley Internet Naming Daemon is not an
ISC invention... isc.org has done some wonderful derivative work but
is a
seperate organization/entity from Berkeley.

Except (possibly) for djbdns ( http://cr.yp.to/djbdns.html ) all the
DNS in popular (96%) use are related directly or indirectly to the
original (or a later derivative) of the BIND stucture or code.


hint...afaik...Views were introduced in ISC-BIND 9.x series.

MS DNS supports AD properly...and personally I think the MS DNS
<currently> is best used for "AD enabled" LAN's (intranet) but MS
does not currently have as strong options for security when jumping
into public DNS (internet) as could_be accomplished.

Mind you...all in all...some choice and parellel works are a good
thing...
or we could all end up toasted if some exploit hit and we had no
options.

There were several attempts at various DNS (host file data-bases
really)
server and clients over the years...some might have found stronger use
if they got a footing or support but seemed to dissolve due to the
fast
paced evolutionary jungle the Internet and operating systems adopted.

On horizon...
Is a techically possible structure for resolving domains/ip's that is
more peer-to-peer based that appears not to be vulneable to many
current DNS system/hierarchy foibles.
Not surprising...Berkeley.edu has a part in this episode also!
<draw your own conclusions if interested>
Keywords...
DHT, SSL, Oceanshore
Links...
http://www.cs.berkeley.edu/~ravenben/tapestry/
http://research.microsoft.com/~antr/Pastry/
http://www.planet-lab.org/
Click to expand...

Wow, great post NT.

I agree about MS DNS being easier to manage and best for AD, and that's also
reflecting Michael's views too. I didn't know views was a late edition.
Thought it was an earlier version. I haven't used BIND lately. It's been
quite a few years since I touched any Unix stuff at all matter of fact. Last
Unix flavor was SCO 5.05 about 4 years ago. And I do hope if any exploits
are out and discovered, they get plugged up in a hurry!
:-)


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
I think you have gotten some good answers.

Even BIND 9 is a re-write from BIND 8 so don't expect there to be
any direct relationship.

They all work and play (pretty) well with each other, supporting the
RFCs but each, 8, 9, MS, adds some features not supported by the
others and leaves out some.

As several people said, for an MS or Active Directory network, you
really cannot beat Microsoft DNS on Win2003 (Win2000 is just Ok
in comparison now.)

For some public usage, one can do things with BIND that just aren't
supported
on MS and there are even other DNS servers that offer additional features or
performance benefits (like BIND-PE, or DJDNS [tiny & dnscache at
tinydns.org]).

Personally I prefer Win2003 DNS but use a BIND-9 caching only DNS server
on my Internet gateway since it will give me some control MS-DNS will not.

Also note, I strongly recommend that most people keep their PUBLIC DNS at
the Registrar (e.g., Register.Com)
 
In
David Adner said:
I've read Win2000's DNS is a psuedo-BIND 9, but does anyone know what
it really is? Like, 8.2.4 (or whatever) with some of 9's features?
Click to expand...

It is Microsoft DNS, the only relationship it has to BIND is they are both
DNS servers. It is kind of like comparing apples and oranges they are both
fruits but you cannot compare them beyond that. BIND supports some features
that MSDNS doesn't and vice-versa. Where MSDNS stands out, is in an AD
environment, it can integrate with Active Directory where BIND cannot and in
its GUI for administration. ADI on a DC is more secure than the
Primary/Secondary scenario you would have to use with BIND.
 
As several people said, for an MS or Active Directory network, you
really cannot beat Microsoft DNS on Win2003 (Win2000 is just Ok
in comparison now.)
Click to expand...

Is there a list somewhere of what's improved in 2003?

(And did they implement the delayed responsed in the 2003 DHCP server?)
Personally I prefer Win2003 DNS but use a BIND-9 caching only DNS
server on my Internet gateway since it will give me some control
MS-DNS will not.
Click to expand...

What does BIND 9 do that 2003 lacks? I know that it supports a number of
experimental record types that 2000 lacks.
Also note, I strongly recommend that most people keep their PUBLIC DNS
at the Registrar (e.g., Register.Com)
Click to expand...

Nit, not the registrar, but one's hosting service. There are also low-cost
DNS-only services that can secondary for you, such as http://zoneedit.com/.
You can host your own master and use these services as secondaries, and
publish only the secondaries in the root zone, creating a "hidden master".
 
Personally, I think that Windows has a better management tool for DNS
than BIND does, but then I am biased. :)
Click to expand...

It's hard NOT to have a better management tool, since BIND doesn't have
one. It has some very nice diagnostic tools that Windows lacks, though,
like dig and nsupdate.

Remember that BIND is a reference implementation, designed to implement the
RFC's without being a commercial product. Its focus is on compliance.
Others make tools for managing it, including Webmin and some commercial
offerings.

In principle an enterprising Windows developer could write a front-end for
BIND that looks just like the Win2k snap-in, remotely managing a BIND
server.

(I use both BIND 9 and Win2k DNS and value having two strong contenders
keeping each other honest.)
 
Is there a list somewhere of what's improved in 2003?

At Microsoft, start at the Win2003 home page:
http://www.Microsoft.com/windowsserver2003

Also the "Delta" guide is excellent:
Microsoft Windows Server 2003 Delta Guide -- by Don Jones (Author), Mark
Rouse
(Accuracy of what is 'new' is not perfect but the technical accuracy is real
good.)
(And did they implement the delayed responsed in the 2003 DHCP server?)
Click to expand...

Don't even know what you mean by that.
What does BIND 9 do that 2003 lacks? I know that it supports a number of
experimental record types that 2000 lacks.
Click to expand...

I use mostly the fact that I can pre-Load the cache (blackhole stuff) and
ACLs
with Views so you can give different zone views or allow only certain zones
to
be resolved (on a subnet mask basis) by some machines.

DNSSec is also (fully) supported and stuff like that but I don't use those.
Nit, not the registrar, but one's hosting service. There are also low-cost
Click to expand...

No, I said and mean Registrar. You are far more likely to wish to change
ISPs,
add and remove hosting services, or even have multiple hosting services for
different
domains/zones.

The ISP (unless a very large one) is likely to have inferior 24/7 support
for keeping
the DNS running correctly or less likely to be "on the backbone" (high
bandwidth).
The Registrar typically has a Web page where you make your OWN DNS changes;
while most hosting services will expect you to "send an email or phone in
the changes."

Use the Registrar and manage your own DNS zone BUT NOT your own server.
 
There's a dig utility for 2000's DNS. I forget where I downloaded it,
but I know it's around. I don't know how it compares to what you've
seen, though.
 
In
David Adner said:
There's a dig utility for 2000's DNS. I forget where I downloaded it,
but I know it's around. I don't know how it compares to what you've
seen, though.
Click to expand...

Download the Win32 version of BIND from www.isc.org, it's part of the
package.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
I would love to hear any comments, complaints, missing features, or other
improvements that anyone would like to see in the DNS Manager snapin.
Either in a newsgroup post, or feel free to remove the online from my email
address and send directly to me.

I'll make sure the feedback is used in the consideration of the design of
the Longhorn version.

Thanks,
Mike
 
Michael Snyder said:
I would love to hear any comments, complaints, missing features, or other
improvements that anyone would like to see in the DNS Manager snapin.
Either in a newsgroup post, or feel free to remove the online from my email
address and send directly to me.
Click to expand...

Just the management snap-in or the DNS server functionality also?

One thing nice for the DNS snap-in would be an "easy export/import
configuration" mechanism -- might be more trouble and work that the value
but it would be nice.

Export (all zones OR by checkbox) and import them on another server.
(Probably not that hard either.)
 
MSM> I would love to hear any comments, complaints, missing features,
MSM> or other improvements that anyone would like to see in the DNS
MSM> Manager snapin.

That's the thing, though. Your request is somewhat blinkered. It's not just
the DNS Manager Snap-In that needs improvement. One of the areas where
Microsoft's DNS server is in serious need of improvement is, as Kenneth
pointed out, in the area of _textual_ diagnostic tools. "nslookup" simply
doesn't cut the mustard. (After all, it's even been deprecated by the very
people that wrote it.) Microsoft's DNS server needs a good DNS diagnosis
tool, without any of the numerous flaws that "nslookup" has, and with a
_textual_ user interface so that its output can be copied and pasted into a
newsgroup posting.

Microsoft's DNS server needs an equivalent to "dnsqr", "dnsq", "dig",
"dnsquery", "dnsqry", and "askmara" (which are some of the various such tools
that come bundled with _other_ DNS server softwares).
 
KP> Its focus is on compliance.

I'm not at all convinced that that is true. The developers of BIND flout the
DNS standards in several ways, just as much as do the developers of other DNS
server softwares. (This is, in part, because the DNS standards are quite poor
and in some places erroneous. But there have been instances in the case of
BIND where this has _not_ been the reason.)
 
Back
Top