Windows 2000 to provoke domain game 337
According to this article found on PC Week, Mircosoft Windows 2000 implements DDNS (Dynamic Domain Name System) in a way that makes it extremely difficult for administrators to
integrate the operating system upgrade with Unix systems, which use the older, static DNS. I would like to ask if someone here could explain what is the difference between Static DNS and Dynamic DNS, and why it's not implement almost at all unices, including Linux. I smell a fight here between Unix Admins and NT/2000 Admins in some corporates. Am I wrong?
Re:Ironic (Score:1)
Re:dhcp - dns (Score:1)
It ain't illegal (Score:2)
Oh good grief (Score:1)
I've seen a few intelligent comments here, along with a whole slew of "Help me! Help me! Microsoft is out to get me, those evil dirty bastards!"
Sheesh. Assign your root DNS to your Unix machines, and delegate the Win2K DDNS to a subdomain. It's that simple...
They can coexist. How the hell do you think the internet works except for delegation of DNS duties to thousands of different machines and DNS implementations?
The Microsoft DNS implementation is compliant with BIND 8. It may or not allow dynamically allocated Unix machines, but it most certainly responds to DNS lookups from Unix machines, and it most certainly will use a Unix machine as an authorative DNS for a different domain. I'll bet it even implements some level of security to prevent a machine from overwriting the DNS record for a server... in fact I'm going to go experiment with this right now.
Sheesh, what a bunch of maroons. This is a non issue, the article was FUD, get over it.
Re:DDNS vs. Static DNS (Score:1)
What's this I hear?
YOU talking about SECURITY?
Haven't been paying attention to recent news, eh? Remember the 7-second crack? Used a trojan installed on an employee's NT box to fetch their password though they were connecting via SSH.
But no, a hacker can't do any harm an NT box. Riiiight.
An NT admin would be just as wise to apply patches as we are -- there's no less need. Except Microsoft distributes patches but rarely, so you CAN'T. Personally, I'd rather have the option to spend the time to be secure. You don't even have the choice.
Re:MSFT is full of soulless evil people (Score:1)
"While we will eventually support a standard, the IETF is having problems coming up with final draft."
Crap why do you lie? You know as well as I do that M$ has no intention of supporting the standard. You will give some lame excuse like you did with your HTML standard. Why can't you ship W2K which supports the current standards and then implement the new standards when they get approved. Read the haloween docs it is the stated intent of m$ to break standards.
RE JAVA.
It does not matter if Java is a language or platform you dolt!. You signed a contract and then violated it with malicious intent. M$ INTENDED to break java. m$ signed a contract they knew they were going to break. Read the DOJ transcripts, real the depositions before you go sprouting off on lame excuses.
M$ lies, m$ cheats, m$ steals. You my friend are an instrument of unethical people. Clean up your karma before it's too late.
Re:Corporate environment, infomercials (Score:1)
You can learn a lot from this guy. (Score:1)
Re:MSFT is full of soulless evil people (Score:1)
Re:Way to go, Microsoft! (Score:1)
Static vs. Dynamic IP. (Score:2)
---
Stephen L. Palmer
http://midearth.org
Just another BOFH.
True--better MetaIP than MS (Score:1)
Re: FUD request job for you programmers... (Score:1)
A document becomes an RFC by:
a) being written
b) being sent to the IETF
c) waiting in a 100-deep queue for some time
d) getting assigned a number
RFC-ness doesn't guarantee that it is official doctrine, only that "hey, here's the spec, get it at your local site."
There are stronger levels of IETF document for official blessings.
dynamic/static dns (Score:1)
Re:DDNS vs. Static DNS (Score:1)
Hopefully when a more complete linux dhcp client is working the problems will be solved.
Ironic (Score:1)
BTW, you probably want to change that before someone sues.
---
Put Hemos through English 101!
"An armed society is a polite society" -- Robert Heinlein
Re:How long to find security hole in DDNS (Score:1)
For the record, get it straight. MICROSOFT DID NOT INVENT DDNS! In my (not so) humble opinin, this is a great move! Finally we are getting rid of WINS (which was TRULY a Microsoft-only thing) and replacing it with a decent 'standard'.
Stop looking for reasons to berate Microsoft, especially when the lot of you haven't even tried to check on the facts. I have to be one of the few people here who knows what WINS was, and to realize that it deserved all of the negative feelings that DDNS is getting.
Get a life. Go read Linux-Advocacy-HOWTO. Stop being a bunch of conspiracy-driven punks.
Re:Ironic (Score:3)
Re:Security (Score:1)
Yes, this could be a risk. To address this risk, you are allowed to limit who you accept updates from (in both BIND and WIN2K DDNS).
A Win2K DHCP server can act as a proxy for its clients so that registration of both A and PTR records occurs via the DHCP server, NOT the DHCP client.
Most installations that I've seen only accept updates from the DHCP server, not the individual clients.
DDNS (Score:1)
dhcp - dns (Score:2)
DHCP Distribution: Version 3.0
Current Version: 3.0b1pl0
Version 3 of the ISC DHCP Distribution adds conditional behaviour, address pools with access control, and client classing. An interim implementation of dynamic DNS updates for the server only is included, but is not supported. The README file contains information about how to enable this - it is not compiled into the DHCP server by default.
Features in upcoming releases, starting with 3.1, will include the final asynchronous Dynamic DNS Support, DHCPv4 16-bit option codes, asynchronous DNS query resolution, DHCP Authentication, and support for a DHCP Interserver Protocol and live querying and update of the DHCP database. I don't see why they say it doesn't exist on UNIX. There are also perl scripts that do the job.
Politics of Name Spaces (& noncluefull reporter) (Score:3)
I'm working with DDNS both at home and at work using both Unix (Proprietary or Linux) and Win2K. They interoperate fine.
The only issues I've seen are with IXFR implementations (incremental zone transfers) and some "noise" data for some subzones. The workaround is that you can delegate the "noise" zones back over to a Win2K box until the BIND 8.2.1 code is fixed.
The REAL PROBLEM as documented in the story about Boe...oh, the "large aerospace firm" is that many large enterprises segment their IT structure along operating system lines rather than functional lines. It is much more efficient to LOSE operating system religion and use the "appropriate tool" for a job.
The DNS folks where I'm consulting use both Solaris and Win2K systems as nameservers. Solaris hosts the root namespace and the IP management tools. Win2K hosts the Active Directory Integrated delegated zones. The same folks in THE NETWORK GROUP (a functional split not an OS-centric split) manage all of these zones. There is no pissing contest over OS machismo. If more companies were to split their IT into functional areas, rather than OS empires, they might see a better result.
I'll get off my soapbox now. Just my two cents.
Re:Static vs. Dynamic IP. (Score:1)
Re:stay in sckool (Score:1)
Re:MSFT is full of soulless evil people (Score:1)
Now, please mark this as Off Topic, and let's get back to DDNS.
--Rae
sysadmins at "war"? (Score:1)
They've swallowed the FUD about DDNS in this article, ignored the fact that's it's substantially a technical non-issue, and now I have both of them in my office shouting at each other, both demanding control.
What do I do?
Yep. Sack 'em both, and get two (or one?) admins who are prepared to work on both systems and do what it takes to get the job done. The company will be a better place without weenies, OS bigots, or prima donnas.
Re: (Score:2)
changing the icon (Score:1)
or, at least I _think_ I got the old expression right
Re:Way to go, Microsoft! (Score:1)
Installations are permutable. Order matters.
Raelin
nPr vs nCr
Re:hahaha. (Score:1)
time_t st_ctime;
and further down
...
st_ctime Time when file status was last changed. Changed by
the following functions: chmod(), chown(),
creat(), link(2), mknod(), pipe(), unlink(2),
utime(), and write().
Yes, creating a hard link to a file, chowning it, or chmoding it will change its ctime. creation time my eye. Oh well slashdot doesn't respect pre tags anymore, deal with the formatting.
Re:DDNS vs. Static DNS (Score:1)
Nobody can set anything up these days on NT with the click of a mouse, you need MCSEs, service packs, hotfixes, HUGE NT manuals, etc.
I added 100 IP addresses to an NT box recently and it took more than one mouse click to do it.
Re:nt kernel is old too (Score:1)
Huh? NTs design is influenced by a number of things, including early versions of OS/2, VMS and Mach, but it really isn't any of those things, and it certainly isn't a monolithic kernel.
The POSIX API support you mention is separate from the OS core, so, for that matter, is the Win32 API.
Re:hmm.. (Score:1)
Re:nt kernel is old too (Score:1)
Yes, I agree. At my work I have a very nice oak desk. For fear of wrecking the wood, I use the NT4 CD as a coaster. It's very effective.
It's been working great for over 4 months. Who says NT is worthless.
Re:carnegie mellon u (Score:1)
1. They are keeping up with their students, and just keeping a record of what MAC addresses are whose, that way if you do anything illegal, they can say "It was this guy".
2. They are giving you a static IP (good thing) which is the way to go. That way, you get the benifits of DHCP, and the benifits of a static IP. So, is your IP the same all the time? Or does it change?
Re:Agreed (Score:1)
Let me be the FIRST to announce,..
"LAST POST!"
Ok,. now no one else make comments please...
Re:DHCP is lame, DDNS is lame (Score:1)
This is BIND 4 vs BIND 8, not NT vs Unix (Score:1)
Re:DHCP is lame, DDNS is lame (Score:1)
Re:Way to go, Microsoft! (Score:1)
Cool, Astroturf has reached Slashdot...
I don't know what experience you have on UNIX boxen, but I've used both UNIX workstations and NT workstations, and I can tell you you are full of shit. NT is a productivity destroyer, as the Windows interface just isn't designed to get work done. It may have been designed not to scare Joe Blow, with the dancing paperclips and the flying sheets of paper, but it certainly hasn't been designed to let people do what they want to do.
Hell, even the bloody Macintosh is better in that respect, because at least it has a good graphical interface. Windows is just an ugly, unholy mess built on top of an unstable kernel.
Re:dhcp - dns (Score:1)
Umm...most business users don't admin a server at all. I've had to download patches for everything I admin, from the NT boxes to the Linux boxes to the Cisco routers. The PHB's just want it to work, and usually don't care how you do it.
Leave the system admin to root, baby....
Re:hmm.. (Score:1)
I like Linux because of the plethora of modifications I can make to it, and the amount of customization I can make to the UI. I also really appreciate the online documentation, which is in a sane and easy to use format. Once I figured out how to use it, I fell in love.
So, what computing paradigm to you love? I probably haven't tried it, but if you would help me get it installed, I'll be happy to give it a try.
Re:Way to go, Microsoft! (Score:1)
Re:Way to go, Microsoft! (Score:1)
Re:Please, someone RTFM. (Score:1)
Re: pretty good (Score:1)
you know that is obviously false. i think his point was that microsoft is often associated with having fabulous amounts of money, perhaps more than people should be giving them. (oh god, i'm just setting myself up for an anti-trust debate, aren't i?)
>>Micros~1 - Hello... I've used win95/98/nt and I've *never* had to type in an 8.3 file name.
if you use any of your older 16-bit apps in windows, you will encounter these silly abbreviations (eg pictur~1.jpg) all the time. however, i usually run into these things in DOS, which turns long filenames into a nightmare, not a blessing.
>>I think linux geeks are just bitter about MS's dominance.
the complaints about ~1 filenames have nothing to do with MS's dominance. just because you've never had to struggle against its ugly side does not mean it's not a bad system. people complain because it sucks.
>> Macrostupid - Surely the people who were fooled into running these macros are to blame.
the people that passed on that virus are mostly newbies, and don't know how to wield the power of macros anyway! unfortunately, there are millions of newbies out there, and microsoft pushes their products into their hands more feverishly than any other demographic. if you don't believe me, i'm sure the talking paperclip can convince you otherwise.
>>I get 15+ days uptime all the time on my machine.
well cool, as long as we're sharing our experiences i might as well give mine! i've got win98 on a top of the line dell machine that i'm using right now. this whole summer it has not had an uptime of more than 5 days. hell, i don't even push this machine! i use it to browse slashdot and chat mostly. what causes it to crash after 5 days for no good reason? beats me. buggy coding i guess. oh sure, it made it to 8 days *once* but who wants to use a computer that has 194 meg of allocated memory with no apps running?
and this is windows *98*, supposedly fixing those truckloads of bugs. when i had win95 on a diff computer (that i sold, hehe) i couldn't even make it through the *day* without it crashing. usually crashed 3 times a day. are you telling me this is 'acceptable'?
Re:Wake up and quit babbling (Score:1)
There I was addressing the current roaming user, using a non-Microsoft platform. I have a problem
with DDNS in general, not just Microsoft's.
I don't think dynamic DNS solves the roaming
machine problem because of the TTL and security
issues. The problem it does help solve is plug-
and-play -- you can fire up 100 w2k boxes on a
network using a promiscuous DHCP server or even
the client-autoconfigured range and they will
all get registered in the DNS based on the
network settings on the *client* end. Just like
the Macintosh Chooser. How useful that is depends
on what you plan to do with the information and
how scalable it needs to be. In our environment,
out-of-band end-user access through a secure web
server is better.
To answer your question, as far as I've seen, the
w2k DDNS client does not do kerberos or any other
form of strong auth.
Internet Explorer does not and for the forseeable future will not do kerberos (according to the lead
NT5 security engineer when I was in Redmond). The
NT5/w2k version does some SID token-passing with
proprietary headers, not SASL. You can't really
fault MS for this, though, because there are no
standards for kerberos over http. CMU keeps trying
to get people to kerberise web applications, but
Stanford gave up and went s/ident and even MIT
makes x509 client certs for users rather than
force kerberos on an unwilling application.
File & print service does do kerberos and can be
configured to refuse to negotiate non-kerberised
connections if you know that all clients and all
servers on your network are guaranteed to be
running w2k. In the real world, I expect WINS and
legacy NT domains to last through 2010. We still
have 2 key production NT 3.51 servers because the
commercial off-the-shelf application they run is
not reliable under NT 4.0. There are more
architectural differences between NT4 and w2k than
between NT3 and NT4.
Re: FUD request job for you programmers... (Score:1)
> been updating the W2K code to follow the RFC.
> drafts.
Or vice versa.
Win2K dynamic DNS client is 100% BIND 8 compatible (Score:1)
requests with no authentication whatsoever.
If you do that, you deserve what you get.
Re:Way to go, Microsoft! (Score:1)
bugs. On my machine, installing VC 6.0 broke at
least 2 non-MS applications. Go take a look at
bug reports.
Man, I had to take care of a dozen NT boxes
loaded with development tools. I know more about ways to destroy this systems by a wrong sequence in applying patches, fixes and errata than I ever wanted. Our Linux boxes are order of magnitude easier to maintain. And I am no UNIX fan. I like goog GUI and IDE's. It just a fact that
UNIX style is much more stable for development use.
Original poster insisted that MS enviroment is stable. I think he is full of shit.
AcceleratedX rocks, BTW...
Possibly not needed... (Score:1)
Always the chance I could be wrong, of course.
Re:uhhh... no (Score:1)
I was talking about the concept of DDNS vs SDNS.
The concept behind DDNS is that a device should always have the same name but the IP can change.
The concept behind SDNS is that a device should always have the same IP but the name can change.
That is what I meant by bindings.
Re:Way to go, Microsoft! (Score:1)
Re:the article got it all wrong (Score:1)
Re:How useful really is DDNS or DHCP facing ipv6? (Score:1)
If you don't have any REAL subnets / LANs then you can tell the ridges that all conference rooms are really in all the vLANs of the organisations, and stuff will just magically work. I suspect the behind-the-scenes cost in data traffic is horrific, but I don't care
This also lets you grab a server, complete with UPS, and run over to another building with it, and hardly anyone notices
Or so I'm told (Do you read this stuff Tim?)
DDNS without security and stability is Evil (Score:2)
problem.
You say, "Its nice to be able to connect w/ a laptop anywhere on a 100+ subnet network and get the same domain name to resolve everytime."
Why?
How many people besides you regularly connect to
a server running on your laptop?
Are you sure you control the TTL on your DNS
server, every DNS server used by every client
that talks to you, and every server you talk to?
What do you do when a remote site's TCP wrappers
refuse access because they cached your old PTR
record?
What assurances do you have that someone can't
spoof your dynamic name and steal credentials? If
you think you're authenticated by MAC address,
try ifconfig eth0 hw de:ad:be:ef:01:23 (doesn't
work with all enet cards, but does with the common
ones). If you use kerberos, x509, or ssh host keys
and you actually bother to verify them, then you
have less of a problem, but many common services,
like unencrypted web pages, have no end-to-end
server verification protocol. Interestingly
enough, Microsoft's NT domain protocols do not
strongly authenticate the server to the client.
If an attacker puts himself at the server's IP
address and generates a nonrandom nonce, you lose.
Microsoft considered strongly authenticating
DDNS to be too hard (and nonexportable), so they
basically trust whatever you put in the Network
Control Panel (or a packet manufactured with
smblib) as long as the name has not already been
taken. Taken names can probably be freed up with
the same sort of games people play to take over
IRC channels. Bzzt! Game Over.
Microsoft says it plans to get rid of WINS, but
the initial implementation brings all the
instability and insecurity of WINS to DNS. No
thanks. The non-Microsoft solutions tend not to
be much better at this time.
Out-of-band authentication like MyIP or the old
ml.org web page works, but that ain't DDNS,
that's end-user access to static DNS... which
can be a good thing. We provide something similar
for our students.
In case deja URLs aren't permanent, search for "WINS" in comp.os.ms-wendows.networking.win95 during January 1996.
http://x22.deja.com/getdoc.xp?AN=135549278&CONT
Re:Boys, be ambitious - (Score:1)
politics is politics...
posix is posix...
and personally i am not surprised that you feel
way and i am not surprised MS has taken another
step...it's just unfortunate..oh well...
Re:Blame the right people (Score:1)
Get real. You don't actually think that MS didn't approve of this article before PCWeek released it,do you?
You MS PR flacks are really quite stupid,you know.
Re:Oh Dear (censored by Atheist Commision) (Score:1)
ISC supports Windows better than Microsoft does (Score:1)
of w2k are totally unrelated.
The ISC DHCPD 3.1 feature referenced, and the
patches to 2.0 which have been around for over a
year, does this:
When a Windows 95/98/NT client, or a UNIX or any
other client configured to send option 12, is
assigned an IP address, the ISC DHCP server
connects to the DNS server on the client's
behalf to update its entry.
This allows you to secure your DNS server to
accept (possibly DNSSec'd) updates from your
DHCP server only.
The Microsoft DDNS solution does this:
After a Windows 2000 client has been assigned an
address by the DHCP server, it contacts the DNS
server directly to update its entry.
The Microsoft solution requires your DNS server to
accept updates directly from your clients. The
Microsoft solution does not attempt to support
Win95/98/NT clients at all.
Re:Oh Dear (censored by Atheist Commision) (Score:1)
As for the comment that
"[Anyone making the] assumption that a Sys Admin that runs MS products is ignorant, is nothing more than tunnel-vision and narrow mindedness",
the plain hard facts are that anyone voluntarily using an MS Product for mission critical (otherwise phased as 'important') server applications is a little daft as the tendancy for MS products (in the vast majority) to be:
1. Crashware 2. Bloated 3. Slow/Inefficient 4. Insecure
is notorious. While not every MS System Admin does so of their own free will, I would have to agree that anyone that claims that NT is a better solution to everything else is being a little ignorant of the facts.
(For actual references, just refer to the many past slashdot articles and posts on similar subjects. This topic is getting old...
I guess MS marketing really does get to some people...
Re:Oh Dear (censored by Atheist Commision) (Score:1)
As for the comment that
"[Anyone making the] assumption that a Sys Admin that runs MS products is ignorant, is nothing more than tunnel-vision and narrow mindedness",
the plain hard facts are that anyone voluntarily using an MS Product for mission critical (otherwise phased as 'important') server applications is a little daft as the tendancy for MS products (in the vast majority) to be:
1. Crashware 2. Bloated 3. Slow/Inefficient 4. Insecure
is notorious. While not every MS System Admin chooses their server platform of their own free will, I would have to agree that anyone that claims that NT is a better solution to everything else is being a little ignorant of the facts.
(For actual references, just refer to the many past slashdot articles and posts on similar subjects. This topic is getting old...
I guess MS marketing really does get to some, dare I say it, *ignorant* people...
Re:Khttpd is not in the kernel. We have uhttpd. (Score:1)
Its in 2.3.15
Paul Laufer
Re:Static vs. Dynamic IP. The scoop! (Score:4)
First, some background as to what Dynamic DNS truly is, because its obvious most of the slashdotters are posting without a clue. Here's a clue, and its free, as in free software
What is Dynamin DNS?
DynDNS is result of putting together several RFC documented techniques in a quite nifty way. Start with DNS [rfc1034 & 1035], add DHCP [1531, 1532, 1533, 1534] and tie the two together with Incremental Zone Transfers and Notify [rfc 1995 & 1996], and call it DynDNS [rfc 2136 & 2137].
Read rfcs 1995 & 1996 for a discussion on why full zone transfers [AXFR] are a bad thing (for bandwidth consumption), and see the elegant solution proposed with the incremental zone transfer [IXFR] extension. This is the basis for updating a primary name server with a new RR containing the hostname & IP pair (and IP->hostname reverse pair). You can also use this mechanism to remove a RR when the host is no longer associated with that address. There is also a discussion of security so that only pre-programmed IP addresses can do IXFRs, and allows extensions for fully authenticated updates when someone gets around to writing the code someday.
Read rfc 2132 to understand how a DHCP client does a DHCPREQUEST to a dhcp server, and how it can pass its hostname inside of option 61, client identifier. This is what win9x currently does with its client code, but only a patched version of some dhcp clients for linux do this.
Now, to put it all together.
A machine [win or linux] with a dhcp client boots up, broadcasts a bootp request (the transport mechanism for dhcp) with a DHCPDISCOVER message. A dhcp server on the network responds with its local address in a broadcast (because the client has no IP address at this point, all traffic must be broadcasts), and then the client broadcasts a DHCPREQUEST to that specific server. Contained in the REQUEST packet is option 61, containing the hostname of the machine. In win9x, this is what is entered in the network control panel "computer name" field, in *nix it the contents of
Then there is a whole bunch of communication between the dhcp server and client so they both agree on things (go read the rfcs, or sniff some packets off the wire, or both) with the end result the dhcp server now has given the client a lease on an IP address for a certain amount of time.
Now comes the DynDNS bit.
The dhcp server now communicates to the primary name server with an IXFR message, sending a RR containing an A record (and a PTR to the reverse DNS server) with the any and all information that might be contained in a RR, and the TTL is set to one half of the lease time given to the client. If the name and IP address are not currently in the DNS database, they are added. If they already exist, the IXFR message is refused, and the DHCP server must change the name to something unique. This is one mechanism to prevent overwriting your important servers addresses with bogus info.
What micros~1 is doing.
From what I can tell from some presentations I have seen, and playing with win2k beta, they have tied their DynDNS into ActiveDirectory as an attempt to shut out the *nix/OSS implementations until they get a foothold in the corporate door. I can't tell exactly what they are doing until I get a lab testbed set up and see if they interact correctly with BIND 8.2.1 or other rfc2136 compliant systems (someone mentioned cisco's registrar product, its real nice, and real expensive, and not based on any bind code). There is something going on with rfc 2052 defining directory servers on the internet, but I only read enough of it to give me a headache.
Static vs. Dynamic
M$ strategy is to put all IP addresses into AD, making the entire network a big, dynamic mess. As a network guy, I want all the important services to have static IP addresses. This means servers, DNS machines, router ports, mail servers, and anything else that should be stable.
M$ considers servers to be unstable (based on BSoDs and regular reboots), so they want the IP addresses to be dynamic. That's a bad way of thinking.
The article in ZD is actually correct on a lot of things. There are already battles going on between the ultra-reliable thinking *nix admins and the reboots-are-good ninnies who have realised they can't make M$s win2k work in a unix based world.
The only solution is for the OSS community to make a standard implementation of dhcp client, one that by default passes
the AC
Re:dhcp - dns (Score:1)
Re:Way to go, Microsoft! (Score:1)
Re:microsoft rulez (Score:1)
DDNS vs. Static DNS (Score:5)
DDNS is indeed implemented in the Unices - w/o a problem. The current version of Bind (8) supports DDNS and the development version of DHCP supports the DDNS updates.
The difference in the two (Dynamic/Static) is that, as everyone knows, static DNS requires you to know the IP address of the domain name you're recording. In DDNS, the client requests an IP address from a DHCP server, then, as long as the DHCP server is configured to 'know' the client, it recognizes which client is requesting the IP (based on MAC addressing) and informs the DNS server that it is giving a certain IP address to a client for a particular domain name, and the DNS server accepts the information and adjusts its lookup tables accordingly.
I've implemented this in Linux w/o a problem whatsoever - and I know of a school that has implemented it in a Solaris environment.
Its been out there for a LONG time, btw - by that I mean at least 3 yrs. It wasn't pretty, at times, 3 yrs ago - but it was there. Now, it is a very well integrated solution.
Its nice to be able to connect w/ a laptop anywhere on a 100+ subnet network and get the same domain name to resolve everytime :).
Btw - first? :-)
Brice
Re:Oh Dear Lord (Score:1)
Re:Boys, be ambitious - (Score:1)
The situation I described with their MCSE's has to be addressed if Linux is to keep their gains in the server market...
Jim in Tokyo
Interesting... (Score:1)
Last I checked, DDNS was already a set standard, albeit a very new one that most Unices don't use yet. So there's nothing inherently evil about including that in Win2000. But, M$ is breaking interoperability with Unix servers to do so, due to the poor design decision of making a lot of their stuff (although with "Active" in its name, you can tell it's going to be insecure/unstable/buggy/all-of-the-above) depend on a standard which isn't mainstream yet, even if it is probably an open one.
Very clever, I must admit. A way to twist Open-Source to their advantage. Nonetheless, I'd say this ought to go into the 2.3 development tree now, so that it'll hopefully be ready before Win2k or at least not long after.
Re:Ironic. Don't you think? (Score:1)
Re:dhcp - dns (Score:1)
Re:DHCP is lame, DDNS is lame (Score:1)
-earl
heh...some sensitive admins here.... (Score:1)
i would read it as referring to the subset of MS-using sysadmins who are ignorant, not as labeling the entire group as ignorant...
Re:MSFT is full of soulless evil people (Score:1)
Oh, please Bill! Let me work there!
Honestly, can you really think of another company that has enough power to even think of doing what the Halloween documents suggested. Remember, might != right. Being able to force your customers to buy something does not make a good long-term business plan. Eventually they come after you with pitchforks.
Re:Another job for you programmers... (Score:1)
Re:Interesting... (Score:1)
I'd say this ought to go into the 2.3 development tree now
Except that DNS isn't done with the kernel, just as HTTP and SMTP aren't either.
Re:Khttpd is not in the kernel. We have uhttpd. (Score:1)
Re: pretty good (Score:1)
Re:dhcp - dns (Score:1)
Re:dhcp - dns (Score:3)
Networking, DNS/DHCP administration, network security, etc are things that should NOT be left to Windows dialog boxes and wizards. The person in charge of these should study, and learn about them before trying to use them. After that is done, compiling and configuring Bind and dhcpd to do these DYNDNS updates is trivial. My original point was that the technology exists for any mildly competent person in charge of DHCP/DNS on a Unix box, despite the PCWeek author's claim that it just does not exist.
For adequate security models, I'll trust Bugtraq and the dozens of other mailing lists/newsgroups far over MS's little bug page which takes 3-4 weeks to acknowledge security problems, and another 3-4 to come out with a workaround like "don't use this option." If a business wants to protect their networks, they MUST hire a competent person to do the job (I'm available if anyone's looking
Running network services like these on Windows just doesn't promote the Unix concepts of RTFM. Explaining to my brother the concept of mapping hostnames to an IP and likewise that IP to the hostname, or what an MX record is, was made terribly difficult because of what Microsoft has done.
you can dynamic dns now! (Score:1)
I'm not sure what the whole issue is here - ISC's BIND supports dynamic updates now. And their DHCP client supports sending the hostname as part of the packet.
In fact, if you look at this link [sector13.org], you'll see that I currently use a perl program to take entries out of my DHCPD lease file, and update my DNS with the new hostnames, DYNAMICALLY!
- Kazin
Microsoft doesn't like standards. (Score:1)
Problem is.. it violates the real standards for DNS.
To do DDNS requires that all upstream servers update excessively; AXFR's are performed on average every *FIVE MINUTES* in DDNS from what I've seen.
Problem #2; Microsoft doesn't even know what an AXFR is. NT DNS follows standards for lookups, but if you need a secondary DNS server and your primary is NT, well, break out the checkbook. M$ DNS follows ZERO standards in zone transfers, not to mention file format! You *CAN'T* secondary with unix without more headaches than it's worth.
DDNS is nothing more than another Microsoft attempt to gain more control over the internet through 'evolving' standards by blatantly ignoring them.
I pity the fools who believe the hype.
-RISCy Business | Rabid System Administrator and BOFH
Re:Microsoft's ploy... bullchit. (Score:1)
Re:microsoft rulez (Score:1)
Dynamic vs Static (Score:1)
There is nothing that says that you need dynamic DNS in order to associate a FQDN to a specific workstation in a DHCP environment. With DHCP, you can reserve an IP address for a specific workstation simply by giving it the workstation's ethernet address. I set up a bunch of X terminals like this at my previous job. Works great. Less filling.
As a rule of thumb, servers (i.e. hosts that need to be accessed via a specific FQDN) ought to have a static IP address anyway, and it is unwise to create dependencies like this (for example, NIS server needs DHCP server in order to boot).
In my opinion, Dynamic DNS is nifty, but if Microsoft is not keep the standard open, then it is useless.
That's a really naive view... (Score:1)
If you don't trust a patch floating around a mailing list/newsgroup, fine. They will eventually get looked at by the (trusted) maintainers, who will personally review the patch and likely include it in the standard distribution. It's not as if joe schmoe can magically write some code, post it on a newsgroup, and *bam*, it's in the distro. It doesn't work like that. Code has to go through an EXTENSIVE public review process before it gets merged into the main tree. That's a more than adequate security model, and better than most proprietary software vendors.
If getting patches from an untrusted source in a newsgroup bothers you, then you can wait for them to get reviewed and either be rejected (and the functionality added in some other way), or make their way into the standard distribution. I don't see what's so hard about that.
You obviously haven't actually had any direct experience with the way these projects work.
Berlin-- http://www.berlin-consortium.org [berlin-consoritum.org]
MS DDNS vs Unix DNS (Score:1)
We're currently installing an Oracle workflow system that relies on LDAP to grab user information from our e-mail server to populate the workflow system directory. The Oracle system is hosted on a Unix box, but most of the user information comes from our e-mail servers, which are all MS Exchange. We also use NetWare.
If the directory services in Win2k are all one-way into the MS directory and we migrate to Win2k, will it prevent our Oracle WF system from pulling user data from the DDNS to populate its own LDAP directory?
Thanks in advance. And if I've phrased the question incorrectly (or cluelessly), please give me a clue.
(Pulling on reflective armor and awaiting response to my first-ever Slashdot post!)
Re:dhcp - dns (Score:1)
Re:dhcp - dns (Score:1)
Re:New ? (Score:1)
Re:DDNS vs. Static DNS (Score:1)
DDNS is an option (Score:1)
RFCs MS will (hopefully) use (Score:3)
If anyone is interested in actually reading them, the RFCs MS is SUPPOSED to be following with this are 2136 and 2052.
Also, no one I know who is testing this out (in the IT consulting firm who will be doing a great deal of this whem it spills out upon the world) is fooling themselves about what a GIANT political battle this could turn into. To avoid this, you will probably see Active Directory Domains handling their own DDNS, and forwarding to existing UNIX infrastructure for all other name resolution if those doing the implementation aren't up to the fight.
...how other systems in the network will resolve to systems in the DDNS zones is supposed to be worked out, (with the use of some crazy zone magic) but I've not seen it work yet.
Re:Static vs. Dynamic IP. (Score:2)
However, the dialect of transactional signatures (TSIG) supported by Windows 2000 is *not* the same as that supported by vanilla BIND, and that will cause problems. Basically, you'll have to allow "unsigned" dynamic updates if you use BIND instead of the Microsoft DNS Server.
MS supporting DDNS is a Good Thing (Score:2)
At home, because it's almost always the only DHCP client, my laptop always gets 192.168.0.10 (the beginning of my assigned DHCP range), so I can pretend it has a fixed IP address for local DNS purposes. At work, it gets a different IP address almost every day. WINS can resolve its name anyway; DNS can't because we don't have DDNS yet. MS supporting DDNS is good; my Solaris and Linux machines (which have clients for DNS but not WINS) would be able to look up my laptop by name, just like my Windows box (which has clients for both DNS and WINS).
Yes, MS might screw up DDNS, through malice or incompetence, and provide something only 99% compatible with the RFC. Recall the pump DHCP client included with Red Hat 6.0, which worked great with most Unix DHCP servers but not with NT's. But note that it was quickly patched to work with NT. Open-sourced clients can quickly deal with a bit of incompatibility, whether malicious or accidental.
The fact that MS supports a new open standard like DDNS before your favorite OS does is a reason to start working on an open DDNS client, not an excuse to bash MS. DDNS is good. NT becoming more standards-compliant is good. If at some point in the future MS starts changing their DDNS server around to deliberately cause problems with other people's clients, *then* bash MS, and suggest to your local sysadmin that he run DHCP and DNS from a cheap Linux/*BSD/whatever box instead of an NT server to maintain maximum compatibility with existing clients. But bashing MS in advance just for announcing the intent to support a good, new, open standard is counterproductive. Would you really prefer WINS?
Re:Umm? (Score:2)
DHCP vs DDNS (Score:2)
Corporate environment, infomercials (Score:2)
I agree with you completely, because this strengthens my theory about MS's server strategy.
DDNS may not be a compelling solution for a global, public network, but it sounds as though it's a very nice option for a local net, and that's where Microsoft is concentrating their efforts.
It is important to remember that the Winxx platform is not the logical center of Microsoft's empire. MS Office is. MS Office is the "killer app" which makes most businesses buy Wintel boxes on the desktop, and Windows on the desktop is why those same businesses buy NT servers. The presence of MS Office for the Mac was a significant factor in Apple's resurgence in sales.
Microsoft is leveraging this advantage very effectively, integrating Office with IIS, and with DDNS they are now making it even easier for any salesperson to connect their Windows laptop to connect to any open ethernet port in the office and start working immediately.
That, all by itself, is a good thing. What is not a good thing is for MS to specifcially design their ActiveDirectory so that it requires DDNS. Novell's NDS doesn't require DDNS, and from what I've seen ActiveDirectory does less than Novell's solution. I'm sure that the programmers behind W2K are very good at their jobs, so I must assume that the decision to make W2K DDNS dependant was a conscious choice. If MS publishes a white paper stating the reasons for this, I will read it, (and the soon-to-follow slashdot commentary) and make my mind up then.
PC Week deserves criticism for not doing their homework on this (no surprise there). To state that Unix does not offer this service, when it does, is terrible journanlism.
But then, any "news" article about Windows 2000 which is followed by a link titled
"Check prices: Windows 2000" isn't actually journalism at all, it's an infomercial.