Moving From BIND to Windows Server 2008?


My organization is moving from Novel to Active Directory. I am looking for some justifications to move from the current DNS (BIND) to a Server 2008 DNS. Can anyone provide some good justifications or resources where I can find some?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

If you're going to be migrating to an AD integrated zone, here are some good justifications:
In my point of view there's no good reason to downgrade from netware to m$ Server OS's...

But if you will really have to downgrade to Active Directory, you will almost certainly also have to use the DNS server of 2008 server, as the Active Directory are practically integrated. It would be very hard to properly manage if you are using it solely on a netware server.
nkillAuthor Commented:

I'm not looking for rants against microsoft. I'm looking for justifications to do something that I would like to do. Preferably technical justifications.
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

The second part of my post does give you reasons to use 2008 server's DNS server, as I mentioned it and AD are highly integrated and would be difficult to manage using a 3rd party DNS server.
Active Directory intergrated DNS
Less servers/enviorments to support.
May be easier for new staff to learn Windows DNS
nkillAuthor Commented:
how is it integrated?
You can't install AD without DNS. AD also creates special records which no other DNS server knows about, so you would have to manually set those up on a 3rd party server. If a 3rd party server is used in an AD domain, then in my point of view that would be a slave server, which automatically gets it's info from a DNS server running on a 2008 DC.
The DNS records are typically stored in AD, which means that they replicated and backed up like other AD objects. You can modify DNS records at any DNS server and the changes will replicate just like other AD changes. AD integrated DNS can handle dynamic DNS updates, and you can even make it so only domain member computers can make entries or modify their own entries. The Microsoft DNS service will get patched as necessary, and is arguably more secure over the years than BIND. You don't need to configure zone transfers.
An AD without MS integrated DNS servers are possible, but puts a huge stress on the people that need to maintain it.

Daily administration of user accounts, computers, servers, folders, etc is all based round DNS in AD. It is the central store and naming provider for the whole network. As other have mentioned, there is no need to setup zone transfers, as AD-integrated DNS will take care of that automatically. There is very little maintance and work on an AD-integrated DNS compared to BIND, it is mostly taking care of its own.

If you still want to maintain and use a BIND server for AD, it is possible, but it has to be a BIND version that supports dynamic updates and it is pretty much setup work for you. Because of the extra work, very very few large organisations use BIND for AD. They are mostly using MS DNS for AD, and BIND for some lab/external webservers.

Services like DHCP and WINS can also be integrated into AD/MS DNS (also recommended and enabled by default), so for example when a client (XP, Win7 etc) boots up, it is also registering it self into the DNS zone (client101.domain.local), the same goes for all clients/servers with a static IP. MS DNS also do some scavenging of old and obsolete DNS records, usually after 7-14 days.

I myself cannot imagine how you can manage an AD without integrating it with MS DNS, as it makes life much more easier for your self. If not, I can bet that you will have many minor issues with DNS that you have to spend a lot of time and troubleshooting on. If you are only providing File/print in AD, that it is not so complicated to use BIND. If you add an Exchange servers, maybe some Lync servers, SQL servers etc, then you ask for trouble and extra work.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.