Using BIND - was Re: [ntp:questions] Re: How long do I havetowait for sync?

Brad Knowles brad at stop.mail-abuse.org
Fri Jun 3 18:47:41 UTC 2005


At 5:21 PM +0000 2005-06-03, David J Taylor wrote:

>  - the apparent lack of any online documentation for the Windows version of
>  BIND

	There's very little difference in the operation of BIND for 
Windows as opposed to BIND for Unix.  What differences there are tend 
to be focused around the differences in how BIND is started up.  The 
BIND ARM (Administrator Resource Manual) should have the necessary 
information.

	Of course, the best manual for BIND is the collection of books 
written by Paul Albitz and Cricket Liu.  It's very hard to beat what 
they've got.

>  - the lack of any user manual for BIND - at least I didn't see any
>  pointers on the page:  http://www.isc.org/index.pl?/sw/bind/   I'm not
>  going to run the installer just to get the documentation - it should be
>  online like the NTP documents.

	BIND doesn't have much in the way of user documentation.  BIND is 
not something that is used by normal users -- administrators install 
it and configure it, and then users make use of whatever program they 
have that makes use of the DNS -- be that a web browser, mail 
program, etc....  But normal users have no interaction with BIND 
itself.

>  - the UNIX-oriented nature of the FAQs

	BIND comes from the Unix tradition, yes.  If you don't like that, 
I'm not sure that there's much anyone can do to help you.  Moreover, 
I don't think there are any alternatives available to you that can 
provide the kind of facilities and robustness of operation that BIND 
can provide, Microsoft Active Directory especially included.

>  - seeing 50 files in the Zip archive versus the four files I currently
>  manage.

	I'd have to take a look at the Zip archive to see what you're 
talking about, but I imagine that most of what's there are DLLs that 
are required to get BIND running under Windows, documentation, and 
various other things that you need.  Take another look at them, and I 
believe you will find a lot of things that you've said that you need 
but do not have.

>  What I was asking about was this: my present systems all point to multiple
>  DNS servers on different external networks, so that in the event of one
>  DNS server going down I can still resolve using the other servers.

	You may think that's the way Windows works, but it's not.  You 
can list as many nameservers as you want, but the way Windows works 
is that it only ever uses the first one on the list -- period.  If 
that one nameserver goes down, you are toast.

	If you run your own local caching/recursive nameserver, that 
program is likely to be running as long as the machine is running, 
and you are isolated from problems with the upstream nameservers.

>                                                                      Does
>  BIND possess a similar multiple-master capability?  In the DNS
>  implementations I have run in the past (some time ago), there was a single
>  master to which my server linked, not multiple masters.

	If you run your own local caching/recursive nameserver, it will 
contact however many upstream servers it needs to in order to get the 
information you have requested.  There's no need to run any kind of 
forwarders in your configuration, because odds are that you can get 
that information for yourself as quickly as they could give it to you 
out of their cache.

	Generally speaking, you greatly weaken your local 
caching/recursive nameserver configuration if you use forwarders, 
because you then become dependant on them working correctly, which 
they frequently are not.  If you run your own local caching/recursive 
nameserver and by-pass those servers, you greatly increase your own 
local stability and independence.

>  I am grateful for the pointers you have given, but it seems that it's a
>  sledgehammer to crack a nut.

	No, it's a sledgehammer to crack the boulder under the nut.  The 
problem is that most PC users never see anything other than the nut, 
and they don't understand the scope or magnitude of the problem.

-- 
Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.



More information about the questions mailing list