Using BIND - was Re: [ntp:questions] Re: How long do I havetowait for sync?
brad at stop.mail-abuse.org
Fri Jun 3 18:47:41 UTC 2005
At 5:21 PM +0000 2005-06-03, David J Taylor wrote:
> - the apparent lack of any online documentation for the Windows version of
There's very little difference in the operation of BIND for
Windows as opposed to BIND for Unix. What differences there are tend
to be focused around the differences in how BIND is started up. The
BIND ARM (Administrator Resource Manual) should have the necessary
Of course, the best manual for BIND is the collection of books
written by Paul Albitz and Cricket Liu. It's very hard to beat what
> - the lack of any user manual for BIND - at least I didn't see any
> pointers on the page: http://www.isc.org/index.pl?/sw/bind/ I'm not
> going to run the installer just to get the documentation - it should be
> online like the NTP documents.
BIND doesn't have much in the way of user documentation. BIND is
not something that is used by normal users -- administrators install
it and configure it, and then users make use of whatever program they
have that makes use of the DNS -- be that a web browser, mail
program, etc.... But normal users have no interaction with BIND
> - the UNIX-oriented nature of the FAQs
BIND comes from the Unix tradition, yes. If you don't like that,
I'm not sure that there's much anyone can do to help you. Moreover,
I don't think there are any alternatives available to you that can
provide the kind of facilities and robustness of operation that BIND
can provide, Microsoft Active Directory especially included.
> - seeing 50 files in the Zip archive versus the four files I currently
I'd have to take a look at the Zip archive to see what you're
talking about, but I imagine that most of what's there are DLLs that
are required to get BIND running under Windows, documentation, and
various other things that you need. Take another look at them, and I
believe you will find a lot of things that you've said that you need
but do not have.
> What I was asking about was this: my present systems all point to multiple
> DNS servers on different external networks, so that in the event of one
> DNS server going down I can still resolve using the other servers.
You may think that's the way Windows works, but it's not. You
can list as many nameservers as you want, but the way Windows works
is that it only ever uses the first one on the list -- period. If
that one nameserver goes down, you are toast.
If you run your own local caching/recursive nameserver, that
program is likely to be running as long as the machine is running,
and you are isolated from problems with the upstream nameservers.
> BIND possess a similar multiple-master capability? In the DNS
> implementations I have run in the past (some time ago), there was a single
> master to which my server linked, not multiple masters.
If you run your own local caching/recursive nameserver, it will
contact however many upstream servers it needs to in order to get the
information you have requested. There's no need to run any kind of
forwarders in your configuration, because odds are that you can get
that information for yourself as quickly as they could give it to you
out of their cache.
Generally speaking, you greatly weaken your local
caching/recursive nameserver configuration if you use forwarders,
because you then become dependant on them working correctly, which
they frequently are not. If you run your own local caching/recursive
nameserver and by-pass those servers, you greatly increase your own
local stability and independence.
> I am grateful for the pointers you have given, but it seems that it's a
> sledgehammer to crack a nut.
No, it's a sledgehammer to crack the boulder under the nut. The
problem is that most PC users never see anything other than the nut,
and they don't understand the scope or magnitude of the problem.
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the questions