| Author |
Why I switched from bind to MS DNS
|
|
| chodan 2002-11-24, 10:57 am |
| I recently switched from bind to Microsoft DNS on our public DNS servers and here is my reasoning for it.
1.Ease of administration for my staff.
2.replication between primary and secondary is much simpler to set up.
3.this is the biggy and will probably get me flamed  but security is far easier to manage on a standalone windows 2000 server.
Out of the last 2 dozen cert advisories I have gotten only a couple have been on windows 2000 almost all the rest have been on Linux variations. The ones that came out on windows 2000 were already addressed by windows update by the time the advisory had been released.
Out of the last dozen BIND security advisories there was always the disclaimer "windows 2000 DNS servers were not affected by this exploit"
As for applying security patches to BIND or linux in general, you will ussually wind up recompiling the kernal if you can find a fix at all.
Or you could upgrade BIND versions but then you will have to learn new Syntax for configs and Zone files with scant documentation.
I have a network to run and have had to administer the windows 2000 DNS servers less than half as much as I did when they were on redhat.
OK
that being said you can start flaming me now hehe just be sure you back them up with solid tech, not: "are you crazy!! linux rox!! its way more secure than windoze!!! " | |
| dannyboy 950 2002-11-24, 3:58 pm |
| OOOHHHH they had a heck of a debate on just thoese issues in the DSL Reports security forum this past week. | |
| chodan 2002-11-24, 5:37 pm |
| Cools
do you have a link to that forum?? | |
| dannyboy 950 2002-11-25, 11:22 am |
| I have found this place worth going too lots of good info and many of these people are practicing security people.
Here is the link you requested.
http://www.jasons-toolbox.com/Forum/ go to the security forum.
Enjoy | |
| Adorik 2002-11-25, 3:53 pm |
| hi,
if u want to try another unix dns go for djbdns 
ciao
adorik | |
| chodan 2002-11-28, 10:08 am |
| quote:
Originally posted by Adorik
hi,
if u want to try another unix dns go for djbdns
ciao
adorik
Thanks but I am steering away from Linux/Unix for awhile.
I just got a cert advisory with multiple new vulnerabilities in bind some apache vulnerabilities and the MS MDAC vulnerability.
The Microsoft MDAC vulnerability was the only one out of the batch that had the fix ready before it was released in the advisory.
Not only that Microsoft pushed the fix out to me, I didn't have to go find it buried in a subdirectory on an obscure ftp server somewhere.
Don't get me wrong, Linux is cool and has a place, but I have a production network to run and its not a test lab I just want it to work, I don't have time to experiment.
I know linux is free, but my staff time isn't free and in the end I save money by going with Windows 2000 for my network services. | |
| Bobby Digital 2002-12-05, 12:26 pm |
| @Chodan, no flames here. You are speaking like a realistic administrator (not to offend anyone).
Like you said "...linux is free, but my staff time isn't free."
BD |
|
|
|