Entry

How do I set up djbdns and Windows 2000 DNS to work together?

Shouldn't I just replace djbdns with Windows 2000 DNS everywhere?

Mar 12th, 2002 05:19
Brian Coogan,

Couldn't we just simply use Windows 2000 DNS services for both internal 
and external DNS requirements?  Could anybody out there speak to the 
advantages/disadvantages of Windows 2000 DNS services vs djbdns?
Answer:
Windows 2000 domains live and die with their DNS servers. I would not 
expose such a critical part of my infrastructure to the Internet. 
Tinydns is small, fast and secure. In a split horizon model it has a 
number of features that will help keep things sane for your 
administrators.  Windows 2000 DNS is not as secure and has been known 
to suffer from cache poisoning;  exposing it to the internet is 
probably foolhardy.  While it does provide a GUI for configuration, for 
all except the smallest of sites djbdns will save time in long term 
admin and troubleshooting.
DNSCache is a perfect tool to use as a forwarding target for the 2K 
servers.  It is secure and fast.  It correctly forwards the SRV records 
(and any other RFC-conformant records that may be defined in the 
future) that are required for Active Directory functionality.  In 
contrast, only later versions of Bind recognize and forward these 
records;  Bind only forwards records it knows about, dnscache forwards 
everything.  (For what it's worth, Windows DNS is based on Bind)
Use TinyDNS to delegate a subdomain for the 2K domain to the Windows 
DNS controllers.  Tell dnscache to look at tinydns for your domains 
then point the 2K boxes at dnscache.  This way you use the Windows DNS 
controllers for Windows needs and you get the advantages of djbdns for 
all your other local DNS management -- and the result is seamless as 
far as the users are concerned.  They just point their resolvers at 
your dnscache and go from there!
-- Al Lipscomb/Brian Coogan May 2001