Windows 2000 Name Services - What do you think? 12
ianna asks: "I read the description about the new win2k implementazion of name services at Lucent. It speaks about IETF compatibility, Dynamic DNS, SRV, LDAP and about removing NetBIOS and WINS (finaly!) I have the impression that this time Microsoft did things in the right way. Is it true? I'm an Opensource software advocate, but more that everything I always look for the best solution... This time I'm wondering: do we have something similar (or better) or shall we follow the Microsoft this time?" Interesting thought. Did Microsoft get it right this time, or is there a better solution?
Re:First of all... (Score:1)
Re:Microsoft's Directory strategy (Score:1)
www.novell.com/advantage is a good place to start. Somewhere on that site is a very good web page, smashing M$'s claim that AD is much faster than NDS (NDS can perform the search "Pa*" 1250 times faster than AD! With the same search with 100 clients, AD didn't return a result within a minute!)
:-)
Ross
Re:First of all... (Score:1)
Re:First of all... (Score:1)
>can crash a BIND 8.1.1 DNS server (8.1.2 & above
>are OK)
This is not surprising, Microsoft said (at Teched 99) that Win2k will not work with a 3rd party DNS server unless it is BIND 8.1.2 (or above) compatible, meaning among other things that it implements SRV records (RFC 2052), and Dynamic Updates (RFC 2136).
If you follow those Novell URL's its obvious that NDS is a very evolved product. Novell is unfortunately facing a loosing battle that stems from the fact that their overall suite of applications is poor. For those organisations using NDS comparing Groupwise vs. Exchange has lead many of them choose Exchange server for their messaging.
It is these same organisations that have NDS and Exchange that will be changing to Windows 2000 and Active Directory, as the next version of Exchange will REQUIRE it. As in the past, it seems Microsoft will use their dominance in one area to leverage its way into other areas. This is what is causing them to have so much trouble with the DOJ lately.
Anyhow, thats the way it seems to me.
Jamz.
Old Slashdot story (Score:2)
Most of the talk was about the Windows 2000 DNS system beeing incompatible with most other OSes (Windows 2000 using dynamic DNS) and the fear that IT departments would probably soon "be forced" to use the Windows 2000 DNS system.
Re:First of all... (Score:2)
Novell has commented on some of W2k's DNS oddities at their 'The Novell Advantage' site: http://www.novell.com/advantage/ [novell.com]
There is more specific information on Windows 2000 at http://www.novell.com/advantage/w2k.html [novell.com]
Specific DNS-related comments can be found at the following URLs:
http://www.novell.com/advantage/w2k_d yk7.html [novell.com] - this one refers to a scenario where a W2k client can crash a BIND 8.1.1 DNS server (8.1.2 & above are OK)
http://www.novell.com/advantage/w2k_d yk8.html [novell.com] - this one discusses W2k's use of SRV RRs to refer to dynamic services. Stale SRV RRs can cause a variety of problems.
The whole series of 'Did You Know?' web pages has been re-posted as a
(Obvious) Disclaimer: Novell is a big competitor of Microsoft, especially in the area of enterprise networking and enterprise directory services. I do not work for either Novell or Microsoft, but I do use Novell & NDS extensively in my day job.
First of all... (Score:3)
I've heard some strange stories about the W2k DNS stuff, such as a W2k PDC having trouble if the DNS server for the 2k domain wasn't another W2k box, but I haven't experienced this personally. I don't like hte way they've integrated the DNS with Active Directory - this causes a lot of problems when upgrading an old NT4 domain (it has the most problems with underscores, which aren't valid DNS characters, but were just fine (and previously preferred) in windows domains... you can work around it, but in a large domain, it can be a lot of work getting everything back up and running happily again.
The SRV records are nothing new, but are rather useful, though many implementations don't rely on them all that much - W2k seems to take advantage of this a little more, and I think they should be applauded for that (I just said something positive about M$?!). However, they use more underscores in the SRV records, and, as the article says, many peeople are concerned about it... there used to be a forum at dnspolicy.com, but I can't seem to access it anymore...
Some good, some bad - mostly (but not all) standard, and Active Directory +DNS = yikes...
Microsoft's Directory strategy (Score:3)
Microsoft has been saying for a while that Active Directory was going to be the focal point for Win2000 [microsoft.com], and to a certain extent, it is. It is the part of win2k that has changed the most from previous versions of NT (4.0 and earlier used the domain model, which is basically identical to the domain model used by NIS -- a collection of computers grouped into a flat (non-hierarchical) group, with one or more master servers (Primary Domain controllers) and zero or more slave servers (Backuck Domain Controllers)). Active Directory is a true hierarchical directory service, similar to Novell's NDS [novell.com]. Active Directory has an LDAP interface, proprietary interfaces for D?COM and the like, as well as a direct API that can be used by VB/C++ programmers.
Yeah, Microsoft is on the leading edge as far as Dynamic DNS is concerned, and LDAP support, and all those lovely wonderful things that no one is implementing for real. All this comes at a price, of course, even assuming that there won't be a huge amount of bugs in Active Directory (this is not a flame or a jibe at microsoft; AD is a 1.0 product, and a huge one at that). When you implement any of these things, you have to implement them all. Because of the radical differences between AD and the NT 4.0 domain model, all of your domains and workgroups need to be replanned and re-implemented (no small feat even for small companies). Are you using DHCP for your windows clients? Ooops, you have to use the AD version of DHCP; the older "outdated" (NT 4.0) version doesn't work with AD.
Another problem that has been plaging AD is the speed issue. AD is written as a part of the win2k OS, naturally; to access it via all these disparate methods (LDAP, the API, etc), which the OS doesn't support natively, there needs to be a compatibility layer. And this compatibility layer is way slow. So slow as to render AD unusable on anything but super boxen (Uber-Boxen?). So, merely upgrading your NT 4.0 servers, whose hardware requirements are modest compared to Win2k, is not a good option here.
Do I think Microsoft did a good thing here? In theory, yes. Having only worked with it a little, and that in passing on another person's box, I can't say authoritatively whether I think they did in actuality do it right. The approach has the outward appearance of being done right, but Microsoft's track record for playing by the rules is not spotless (to say the least). We'll have to wait and see, I guess...
darren
Cthulhu for President! [cthulhu.org]