DNS - differences between internal and Bind9?

Kai Blin kai at samba.org
Tue Jun 4 06:12:10 MDT 2013 

On 03/06/13 23:44, Marc Muehlfeld wrote:

> The internal DNS
> - automatically installed and used by default. No additional work
> neccessary.
> - New (what doesn't mean it's bad)
> - currently have problems with MX queries (but already fixed in master)

There's a bunch of other bug fixes coming into the next bug fix release 
as well, master should be fine already.

> Bind DLZ

Marc is mainly talking about the BIND server an not about the DLZ plugin 
a lot. Let me highlight some of the differences here.

> - tried and tested for many years on huge environments

True for Bind, the DLZ module is about as old as the internal DNS server.

> - Bugs in the DLZ implementation (how it is hooked into Bind), have to
> be fixed by ISC (so bug fixing can be delayed)
> - Zone transfers from/to defined hosts supported
> - Needs to be reloaded, when adding/deleting a zone in AD.

> - Existing Bind installations can be continued to use (even if they
> aren't integrated in Samba and can't be managed with the windows tools)

If your Bind is in the correct version. Also, Bind needs to be running 
on the same file system as the AD DC, because the DLZ module uses hard 
links to the sam.ldb to gateway access to the SAM database.

> - Redirecting dedicated zones to defined other name servers
> - High scalable and tested on high-load systems

True for Bind, unknown/untested for the DLZ module.

> - Incremental zone transfers
> - Can be bind to different interfaces, than just the ones samba is
> listening on (e. g. bind listen on eth0+eth1, samba only on eth0).

But of course this mostly makes sense if the box is your main DNS server 
that also is accessible from the internet. And as Bind needs to be 
running on the same machine as your AD DC, that might not be the best 
set-up anyway.

> - Additional resource types SPF or SSHFP

File a bug if you need any extra ressource types, it's pretty 
straightforward to add them to the internal server.

> - Views
> - Supports ACLs (e. g. allow/deny recursive queries by IP/ranges)
> (Some of the listed aren't maybe possible to use by the DLZ module. But
> you can have zones in Bind byside Samba/AD, too)
>
>
> Kai, please correct me, if something from my Bind list is possible with
> the internal DNS, too.

Sounds about right, I added some caveats for Bind use.
Cheers,
Kai

-- 
Kai Blin
Worldforge developer http://www.worldforge.org/
Wine developer http://wiki.winehq.org/KaiBlin
Samba team member http://www.samba.org/samba/team/

More information about the samba-technical mailing list