North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Network diversity Software diversity

  • From: Roeland Meyer
  • Date: Thu Jan 25 12:42:20 2001

> From: [email protected] [mailto:[email protected]]
> Sent: Wednesday, January 24, 2001 9:47 PM
> 
> [ On , January 24, 2001 at 17:19:29 (-0800), Sean Donelan wrote: ]
> > Subject: Network diversity Software diversity
> >
> > Using FreeBSD and BIND on *ALL* your name servers may be just as
> > bad a practice as using Windows 2000 and Microsoft DNS on *ALL*
> > your name servers.  I still think NSI is taking a tremendous risk
> > using identical servers for all their GTLD-servers, even though
> > they are geographically distributed.
> 
> Yeah, I was going to mention that, but I thought I'd already been
> preaching too much to the converted!  :-)

Unless another name server, besides BIND8p7, can do SRV updates properly, I
don't think it is possible to build that heterogenous software environment,
when Win2K Active Directory is involved. In fact, even BIND8 has problems.
It's only possible, with WinNT4, because WinNT4 doesn't have [very] many
silly requirements and can live with a standard name server.

> > You might try using UltraDNS on half your critical nameservers and
> > BIND on the other half.  And even using Solaris on some of the
> > boxes and AIX or Linux, or NetBSD on the others. This is not because
> > I think one or the other has a fatal flaw, but because software is
> > a hard beast to manage.  The idea behind diversity isn't you will
> > never have an error.  But the errors are unlikely to strike both
> > servers at the same time.
> 
> Therein lies the rub -- adding extra complexity to your systems also
> makes them more difficult to manage, prone to error, and subject to
> interoperational problems.
> 
> Diversity of all forms definitely has its advantages, but it has its
> costs too.  The trick is to find a fair balance.  :-)

In this case, at this time, that is not possible under Win2K. It's the MSFT
way or the highway ... However, if you think about it, this will definitely
delay MANY Win2K Data Center migrations.