Re: Advice - solution for a company server

From: Steven L Umbach (
Date: 09/29/05

  • Next message: Byron Hynes [MS]: "Re: Windows Firewall/Internet Connection Sharing (ICS)"
    Date: Wed, 28 Sep 2005 22:28:04 -0500

    For an AD domain there is no advantage in cost to use Bind and it would
    actually add the cost of another server to run on. Windows DNS, particularly
    for Windows 2003, has shown to be very robust. Bind can not use Active
    Directory integrated dns zones which use multimaster replication which is a
    huge plus where dynamic dns is used and it also makes sense to run DNS on
    domain controllers for performance reasons. The SANS top 20 vulnerabilities
    does not even mention DNS for Windows while Bind is number one for Unix
    vulnerabilities though recent versions of Bind have proven to be secure so
    far as Windows 2003 DNS has. The latest versions of Bind would be the choice
    for DNS servers on the internet. --- Steve

    "Imhotep" <> wrote in message
    > Steven L Umbach wrote:
    >> Sure that will work but if you already have a domain controller you
    >> already have bought and installed a copy of Windows 2003 Server so the
    >> costs nothing does not really help. Windows Active Directory integrated
    >> dns zones also replicate while encrypted with AD replication traffic, can
    >> use secure
    >> dynamic dns, and if you want you can further encrypt, authenticate, and
    >> ensure integrity of all traffic between domain controllers with ipsec.
    >> --- Steve
    > And so can Openldap. Furthermore, I cam use certificates on client
    > machines
    > to further secure (and validate) dynamic dns updates...
    > I can also configure LDAP via a secure web site (easier administration),
    > replicate (with encrypted sessions) and oh yea, I do not have to bind to
    > the root for user authentications.
    > and oh yea, is more secure, runs better and still costs nothing.
    >> "Imhotep" <> wrote in message
    >>> Steven L Umbach wrote:
    >>>> SBS 2003 would be a goof choice and it also comes with a version on
    >>>> Exchange. There are a number of good books out about Windows 2003
    >>>> Server
    >>>> and SBS 2003 and a number of newsgroups with very helpful people. Linux
    >>>> is
    >>>> not
    >>>> the best choice for a managed environment if you have Windows 2000 and
    >>>> particularly Windows XP Pro computers. You can do a lot to have
    >>>> consistent
    >>>> security policy and user environment in an Active Directory domain much
    >>>> you will probably not appreciate at first. While the cost of Linux is
    >>>> attractive you need to think about total cost of ownership and not just
    >>>> the cost of the operating system. If someone wanted to create a DNS
    >>>> server
    >>>> that would not be
    >>>> part of an AD domain I would suggest that they use Linux. It is not
    >>>> that difficult to install and maintain Windows SBS but I would say that
    >>>> to get it set up you may want to invest in the help of a professional
    >>>> or
    >>>> buy a good book on SBS to educate yourself to see if you or someone
    >>>> that
    >>>> works with you feels up to it. You might want to post in one of the SBS
    >>>> newsgroups for more
    >>>> opinions on that. --- Steve
    >>> Using OpenLDAP with Bind DNS you have a "AD w/DNS" solution. Oh, yea,
    >>> that is more secure, runs better and costs nothing :-)
    >>>> "Soft" <happsz(at)> wrote in message
    >>>>> Hello,
    >>>>> I need to estabiilish a new solution for my company (rather small). We
    >>>>> now need a company server that should handle 10 workstations - to
    >>>>> provide
    >>>>> users with opportuninty of sharing their project files and to set
    >>>>> their
    >>>>> own e-mail accounts on it. We already have a proper machine (as I was
    >>>>> told), but I don't know which software will be good enough for this
    >>>>> task,
    >>>>> and of course it shall be not expensive - we are only interested in
    >>>>> the
    >>>>> genuine software. My colleagues told me about some Linux OS, but we
    >>>>> don't
    >>>>> want to pay for the server administration right now, and no-one in my
    >>>>> team knows this systems. Can you help me to choose a right software?
    >>>>> Shall Windows Small Business Server 2003 be a good solution (can a
    >>>>> common
    >>>>> computer user operate it?), or do we really need an adminitrator to
    >>>>> handle one of the Unix systems?
    >>>>> Thanks in advance,
    >>>>> Hailie
    >>> Im
    > IM

  • Next message: Byron Hynes [MS]: "Re: Windows Firewall/Internet Connection Sharing (ICS)"

    Relevant Pages

    • Re: Windows (XP und 2003) als dhcp Client mit ddns
      ... >>Wenn Du den DHCP auch unter Windows einrichtest,... ... > sein soll dann werde ich schnell den DNS ... Der Bind unter Linux erlaubt Dir dynamische ... Damit die Windows-Clients sich im Bind direkt selbst eintragen ...
    • Re: Restrict Dynamic Updates
      ... in the near future from the Windows platform is Windows ... BIND/DNS servers to resolve all non-AD queries and redirect them to ... the AD/DNS servers only for AD-specific queries, allowing the BIND ... ISP/external DNS servers. ...
    • Re: Vertrauensstellung
      ... >> der bind ist 8.3.2, ... > Dann lies mal bei MS nach in Sachen Interoperabilität zwischen AD und ... > Master Zone May Not Work with BIND DNS for Windows 2000 Active Directory ...
    • Re: DNS Zone Type
      ... There may be only one primary when the zone is on both ... Windows DNS and Bind. ... Microsoft MVP (Windows Server System: ...
    • Re: CAIS-ALERT: Vulnerability in the sending requests control of BIND
      ... > BIND versions 4 and 8 use procedures that allow a remote DNS Spoofing ... > attack against DNS servers. ... the cost of a blind forgery depends quite noticeably on the ...