Windows DNS server vs Bind

[TyRmYz]

Just hi to all! :)

Im setting my third DNS server to external network for domains and was thinking what about if i set up Windows DNS Server (2k8 R2) and place it behind TMG.

All my 2 DNS servers are now on BIND in chroot jail version hidden etc...

Trying to google about Bind vs Windows DNS Server and havent found anything about that.

Thinking that Microsoft has DNS servers on Windows and not on bind.. So it should be secure?

So wich is better BIND or Windows DNS Server.

How about security?

Hope i will get nice responses.

[Roger H. Veteran]

Can't say i've done any comparisons but I always using Windows DNS in either SBS or 2k8R2 and they've always worked fine for me. Not sure what benefits can be had from other options so guess i should probably read up on that :D.

I say if anything just sign up on TechNet and do a demo of the software (that's what that's for) and see how it runs for you?

[CPressland]

I'm personally a fan of Windows 2k8 DNS over Bind. No massive real-world experience beyond my own testing, just a preference.

[TyRmYz]

  On 24/07/2012 at 11:09, SHoTTa35 said:

Can't say i've done any comparisons but I always using Windows DNS in either SBS or 2k8R2 and they've always worked fine for me. Not sure what benefits can be had from other options so guess i should probably read up on that :D.

I say if anything just sign up on TechNet and do a demo of the software (that's what that's for) and see how it runs for you?

Thank you for reply :)

Readed from technet that there is nice tutorial for securing Windows DNS Server. I think that i pop one up and see what happens for my test environment domain.

I didnt found any bad about it while googling Windows DNS server vs Bind.

Think ppl are shamed for running Windows DNS Servers in internet and wont say it in public :)

[TyRmYz]

  On 24/07/2012 at 11:17, CPressland said:

I'm personally a fan of Windows 2k8 DNS over Bind. No massive real-world experience beyond my own testing, just a preference.

Thank you for reply.

Im fan too. Easy management etc.

[+BudMan MVC]

Yes windows dns has a nice gui to manage it. But comes down to feature set and performance if you ask me. And lets not forget cost, BIND is FREE - can be run on a FREE OS, can be run on much less hardware than windows OS, etc. etc.

These things should all come into play when looking to pick one over the other.

Seems you have experience with running bind, so why would you be looking to switch to something you have less experience with? Is there some specific feature that your looking for that is provided with MS dns vs bind? Bind is normally much more configurable than MS DNS, but what specific versions are you looking to run, bind 9.9, 9.8, 9.7, 9.6, 8? compared to MS on 2k3, 2k8, 2k8r2, etc. Also what type of things are you looking to do, anything fancy - zone transfers, views, etc. or just serving up a few records for a few domains? How many zones are you going to be serving - a handful or 1,000s?

Cost can really come into play with the cost of server OS to run MS dns compared to running bind on say some bsd or linux.

[TyRmYz]

  On 24/07/2012 at 15:56, BudMan said:

Yes windows dns has a nice gui to manage it. But comes down to feature set and performance if you ask me. And lets not forget cost, BIND is FREE - can be run on a FREE OS, can be run on much less hardware than windows OS, etc. etc.

These things should all come into play when looking to pick one over the other.

Seems you have experience with running bind, so why would you be looking to switch to something you have less experience with? Is there some specific feature that your looking for that is provided with MS dns vs bind? Bind is normally much more configurable than MS DNS, but what specific versions are you looking to run, bind 9.9, 9.8, 9.7, 9.6, 8? compared to MS on 2k3, 2k8, 2k8r2, etc. Also what type of things are you looking to do, anything fancy - zone transfers, views, etc. or just serving up a few records for a few domains? How many zones are you going to be serving - a handful or 1,000s?

Cost can really come into play with the cost of server OS to run MS dns compared to running bind on say some bsd or linux.

Thanks for reply.

I will but here little details.

I work in place where is about ~2000 pc.s and i have moved everything to run to Microsoft products (infrastructure and virtualization enviroinment). Only linux machines what i have left is Moodle and 2x Bind.

Hyper-V is much cheaper for us than VMWare.

The licensing and resources isnt issue bec i have 3 Hyper-V hosts running 2k8 R2 datacenters in cluster.

Have 40+ virtual machines running there mixed with those 3 Linux machines, 2k3 servers and 2k8/2k8r2 servers. oh and 1 NT 4.0.....

My goal is to kill all linux server from my work place.

So im trying to resolve wich is more secure. Can i ever but Microsoft DNS Server on Internet is it full of holes and drilled in seconds when it enters there.

Just thinking the future. Less and less guys who can run linux and knows how to configure things.

MS is rolling very nicly on every place.. And in Finland i see less and less Linux servers.

[+BudMan MVC]

If your running a MS shop, that is fine - I have worked for many many years in one. Nothing wrong with that.

But you mention external DNS, so we are not talking internal DNS for your AD? That is not the impression I got from your 1st post, nor can I tell from your second post what this dns is going to do??

Is it going to provide dns for your AD, and internal users to query for say google.com. Or is it hosting external zones for the internet to query for a A record in somedomain.com ?

I think you would be hard pressed to find anyone running MS dns for providing dns to the public on more than a handful of domains. Have you ever seen a webhost host their dns via MS? Do you think any of the DNS service companies provide these services via MS dns? ;)

In my last company, global fortune 500 company - international locations in well over 23 countries. Hosted their handful of public domains on their own servers for the internet, they were not MS DNS boxes ;) No reason for them to be! No reason to pay for the licenses for the server to just serve DNS.

How many domains do you need to provide name services for to the public internet? To be honest, depending how many zones your talking - if for the public, your more than likely better off just getting some outside company to host your domains for you and not have any servers for external domains. Very cost effective, no elec, no patches to deploy. And can get a global dns infrastructure providing your domain records to the planet. Vs a couple of servers at your location. There are many many many services where providing dns to the public internet is their main bread and butter.

Before I left my last company, I had many discussions with the global network manager on why we were hosting our own dns. It was serving no purpose and just costing us $s for no valid reason.

So I would also think about why should use host these services at all, be it bind or ms. And just get someone else to do it for you that whole network is designed to provide dns to the planet ;) vs your couple of servers your going to have to pay for and maintain.

How many domains, how many records, how many queries per day, hour, second? One of my current projects is setting up DNS for a customer that is running off infoblox devices. That will when completed host over 3000 domains I have not counted the number of records ;) Personally they should go elsewhere I have not a clue to why they think my current company should be hosting dns, but then again I am just the banana bender on this project - setup the zones and such. I am not sure if the current appliances can even handle the amount of traffic that will be seen, and they can handle 24k queries a second each. I don't feel the location is best, located here in the us while lots of queries will be across the globe not just from the us. And I can tell you for sure the current bandwidth to the devices is no where near enough, etc. etc.

My point of this ramble?? ;) is there are lots and lots of things to take into account when providing dns to the globe. So as stated before, performance and features, and cost of running plus much much more need to be taken into account to pick the right solution. Its great that your moving to a MS shop for your internal needs - this has little to do with picking the best way to provide dns to the globe?? If that is what we are talking about??

How many domains? Just a couple for your company or hosting for other users, etc. Number of queries that will be seen, etc. etc..