Re: Advice - solution for a company server
From: Imhotep (Imhotep_at_nospam.net)
Date: 09/29/05
- Next message: Don Paolo: "net1.exe question"
- Previous message: Byron Hynes [MS]: "Re: Windows Firewall/Internet Connection Sharing (ICS)"
- In reply to: Steven L Umbach: "Re: Advice - solution for a company server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 Sep 2005 01:14:36 -0400
Steven L Umbach wrote:
> For an AD domain there is no advantage in cost to use Bind and it would
> actually add the cost of another server to run on. Windows DNS,
> particularly for Windows 2003, has shown to be very robust. Bind can not
> use Active Directory integrated dns zones which use multimaster
> replication which is a huge plus where dynamic dns is used and it also
> makes sense to run DNS on domain controllers for performance reasons.
Multimaster DNS replications is proprietary!!!!
> The
> SANS top 20 vulnerabilities does not even mention DNS for Windows while
> Bind is number one for Unix vulnerabilities though recent versions of Bind
> have proven to be secure so far as Windows 2003 DNS has.
Now hold on if we are going to go back to old versions there are just as
many in MS DNS!
> The latest
> versions of Bind would be the choice
> for DNS servers on the internet. --- Steve
Ask yourself why all the root DNS servers are BIND and not Windows. How many
times have those few (12 or so?) servers withstood multi-country DDOS
attacks!!!
Again, the choice is clear. OpenLDAP with Bind DNS...
Im
- Next message: Don Paolo: "net1.exe question"
- Previous message: Byron Hynes [MS]: "Re: Windows Firewall/Internet Connection Sharing (ICS)"
- In reply to: Steven L Umbach: "Re: Advice - solution for a company server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
