Windows 2000 to provoke domain game

According to this article found on PC Week, Mircosoft Windows 2000 implements DDNS (Dynamic Domain Name System) in a way that makes it extremely difficult for administrators to integrate the operating system upgrade with Unix systems, which use the older, static DNS. I would like to ask if someone here could explain what is the difference between Static DNS and Dynamic DNS, and why it's not implement almost at all unices, including Linux. I smell a fight here between Unix Admins and NT/2000 Admins in some corporates. Am I wrong?

Re:Way to go, Microsoft!

Yeah, like *NIX is a good productivity system! Shitty X-Servers as the windowing system, lousy performance, gah! Not to put too fine a point on it, the interface in any version of *nix sucks. Only Gnome and KDE are starting to rectify this at the moment.

Re:dhcp - dns

no, that was just shitty reporting and Slashdot FUD.

Re:Ironic

[markb]

It's okay to use an excerpt from the article, as long as you use quotation marks. Otherwise, it's just plagiarism.

Re:How useful really is DDNS or DHCP facing ipv6?

check the logs - maillogs/weblogs whatever. check the dns servers..you should know your machines name if not its ip address.

Re:dhcp - dns

[kijiki]

You've obviously never seen a major corporation deal with a crack. No one but the admins know about it, unless enough damage was done to be obvious to everyone, or a web page got tagged. Slashdotters hear about less than 1% of corporate security problems.

Wake up and quit babbling

the bets bit o' bull from your post has got to be this

"If you use kerberos, x509, or ssh host keys
and you actually bother to verify them..."

The DEFAULT authentication for Win2K is kerberos. And it's SERVER side controled. This is for damn near every thing on a W2K box.

this one is good also...

"Microsoft considered strongly authenticating
DDNS to be too hard (and nonexportable)."

...it would be a felony to do as you suggest. Why don't you crawl back under your rock and hide for 3 more years.

Re:Wake up and quit babbling

[rcgraves]

"...The DEFAULT authentication for Win2K is kerberos."

There I was addressing the current roaming user, using a non-Microsoft platform. I have a problem
with DDNS in general, not just Microsoft's.

I don't think dynamic DNS solves the roaming
machine problem because of the TTL and security
issues. The problem it does help solve is plug-
and-play -- you can fire up 100 w2k boxes on a
network using a promiscuous DHCP server or even
the client-autoconfigured range and they will
all get registered in the DNS based on the
network settings on the *client* end. Just like
the Macintosh Chooser. How useful that is depends
on what you plan to do with the information and
how scalable it needs to be. In our environment,
out-of-band end-user access through a secure web
server is better.

To answer your question, as far as I've seen, the
w2k DDNS client does not do kerberos or any other
form of strong auth.

Internet Explorer does not and for the forseeable future will not do kerberos (according to the lead
NT5 security engineer when I was in Redmond). The
NT5/w2k version does some SID token-passing with
proprietary headers, not SASL. You can't really
fault MS for this, though, because there are no
standards for kerberos over http. CMU keeps trying
to get people to kerberise web applications, but
Stanford gave up and went s/ident and even MIT
makes x509 client certs for users rather than
force kerberos on an unwilling application.

File & print service does do kerberos and can be
configured to refuse to negotiate non-kerberised
connections if you know that all clients and all
servers on your network are guaranteed to be
running w2k. In the real world, I expect WINS and
legacy NT domains to last through 2010. We still
have 2 key production NT 3.51 servers because the
commercial off-the-shelf application they run is
not reliable under NT 4.0. There are more
architectural differences between NT4 and w2k than
between NT3 and NT4.

Re:Corporate environment, infomercials

"The point about being able to modify DNS dynamically (DDNS) is that it makes it easier to run networks. "

s/run/hack/

Re:Unlike MS

But any company LAN needs the features, so M$ walks away with the fame.

It ain't illegal

[dirty]

you are allowed to use parts of copyrighted material in review, critique, or parody. I'd say this prolly falls under review. Besides, zdnet i'm sure is happy everytime one of their articles gets posted to slashdot, more hits, more banners loaded, more ad money.

Oh good grief

[sheldon]

What is it with slashdot that attracts moron posters?

I've seen a few intelligent comments here, along with a whole slew of "Help me! Help me! Microsoft is out to get me, those evil dirty bastards!"

Sheesh. Assign your root DNS to your Unix machines, and delegate the Win2K DDNS to a subdomain. It's that simple...

They can coexist. How the hell do you think the internet works except for delegation of DNS duties to thousands of different machines and DNS implementations?

The Microsoft DNS implementation is compliant with BIND 8. It may or not allow dynamically allocated Unix machines, but it most certainly responds to DNS lookups from Unix machines, and it most certainly will use a Unix machine as an authorative DNS for a different domain. I'll bet it even implements some level of security to prevent a machine from overwriting the DNS record for a server... in fact I'm going to go experiment with this right now.

Sheesh, what a bunch of maroons. This is a non issue, the article was FUD, get over it.

Re:Oh good grief

Slashdot.org News for Lynch mobs. Stuff that matters.

Re:dhcp - dns

I know it can be made to work, but most business users prefer something that can be enabled in a standard distribution, not some patch that can be pulled from a mailing list. Especially because there are so many of these loose ends.

Re:How long to find security hole in DDNS

I don't remember the last time they extended a standard technology and not have some bug of any kind (security, functionality, etc.) Get with it, Microsoft. You'll never win by going this route.

That explains why NSCP stock is burning up the charts, huh?

Re:DDNS vs. Static DNS

[cduffy]

Pardon, Mr. NT Admin?

What's this I hear?

YOU talking about SECURITY?

Haven't been paying attention to recent news, eh? Remember the 7-second crack? Used a trojan installed on an employee's NT box to fetch their password though they were connecting via SSH.

But no, a hacker can't do any harm an NT box. Riiiight.

An NT admin would be just as wise to apply patches as we are -- there's no less need. Except Microsoft distributes patches but rarely, so you CAN'T. Personally, I'd rather have the option to spend the time to be secure. You don't even have the choice.

Re:Names for Microsoft/MS Software

micro$oft=m$ = $$$ in microsofts bank. we all know that. microsloth,crap,shit = the software they write is bloated buggy and slow. we all know that too. micros~1 = we all know about the DOS 8.3 limit. Macrostupid = all those macro viruses. winxxx = its crap (as we all saw on win2ktest.com) etc etc. enough justification ?

Re:Interesting...

Millennium,

A. Where/when did you last check? Perhaps you should try again

B. Please describe the -broken- interobility that you mentiond. Are you able to? Are you simpliy lying and making things up? Why do you think the tests we've been doing don't share your problems. Can you prove it and cite verifable facts?

C. What exactly is your position anyway? Can you share the reasons one should not depend on a published standard. What is a non -mainstream- standard anyway?

Patrick R. Hancox
Stanford Linear Accelerator Center
hancox@slac.stanford.edu

--where is my /. account email?--

Re:MSFT is full of soulless evil people

[Malcontent]

Honestly I don't know how you m$ employees sleep at night you must have no concience.

"While we will eventually support a standard, the IETF is having problems coming up with final draft."

Crap why do you lie? You know as well as I do that M$ has no intention of supporting the standard. You will give some lame excuse like you did with your HTML standard. Why can't you ship W2K which supports the current standards and then implement the new standards when they get approved. Read the haloween docs it is the stated intent of m$ to break standards.

RE JAVA.

It does not matter if Java is a language or platform you dolt!. You signed a contract and then violated it with malicious intent. M$ INTENDED to break java. m$ signed a contract they knew they were going to break. Read the DOJ transcripts, real the depositions before you go sprouting off on lame excuses.

M$ lies, m$ cheats, m$ steals. You my friend are an instrument of unethical people. Clean up your karma before it's too late.

Re:Corporate environment, infomercials

[Allnighterking]

I agree with the concept of Office being the "killer ap" that drives M$. I recently was working with the CTO of one of the largest Cable companies (as in leased line) in Asia, who told me that if Office or something that could guarantee 100% compatability with M$Office (both in read/write and user interface) were available he would switch all 20,000 (yes the number is correct) of his corporate desktops to Linux immediately. This by the way is comming from a man who has linux on his desktop and notebook with Staroffice. Currently Staroffice comes close but it doesn't do what is needed. Porting of Doc and Excell files is still a little iffy. It comes close and doesn't lose too much data but it seems to usually require a cleanup, which drives secerataries and bookeepers nuts, and costs companies $$$ in lost productivity. Look at what M$ did to Lotus, Harvard Graphics, Dbase, and Multimate (Yes these were once the dominate force in corporate software) by giving the user 100% compatability with their current DB of information and archives in one package with 1 licensing fee they gained total dominance of the market. Dynamic DNS won't sell servers in and of itself. Most good sysadmins have already created a work around for this problem. What drives M$ is Office and it's lack of competition.

Re:DDNS vs. Static DNS

M$ derives much of its success from the fact that small and medium sized companies try to downscale their IS departments from scientific research institutes to groups of people who install readily available off-the-shelf stuff that does the job. When a very common job like setting up an IP address assignment and nameserving system becomes a research project where you have to scan homepages for extra additions to distributed packages, no wonder that some people (and their managers) prefer the system that provides it at a click of the mouse! Ignoring this long-existing problem with Unix and Linux system by their maintainers has tremendously helped M$. They should have worked on this, instead of branching off the next version of an X window manager.

Re:New Acronym

the fact that RFC's have documented it years ago and most products implement it anyway...

Re:MS vs Linux

no, only for those unixes that dont have ddns..which most will by the time win2k finally ships...if it ever ships in working order.

You can learn a lot from this guy.

[Noke]

Hopefully some of the linux zealots will take your advice and do some research about NT before they start making wild claims that it crashes every 4 hours.

Re:Informative, could rebooting also be a reason?

the post was lacking -accurate- info.

FWIW, you rarely have to reboot a W2k box when you change network configs. IP can be modifed on the fly (assuming privs) and most services can be started/stopped and installed/de-installed without rebooting. PCMCIA hot-swap works very well with this.

Re:hmm..

Well if you know more about the history of Unix, then you would know why file creation time is not stored...but obviously you don't know as much as you think you do.

Please, someone RTFM.

If you like Perl then use PERL! You can, really! just read the god-damn docs before flapping your ill-informed mouth. No vi but edit works over a telnet session just fine.

Since the topic is NT5 it's fair to say that it does support the nsupdate you describe. Againg, read the instructions.

This topic has produced the most heat and least light I've seen on /. in a while.

Re:Please, someone RTFM.

[Auwe]

Practice what you preach there, pal. I've got no idea what you are talking about and neither do you it seems. NT4/2k stores the DNS data in a binary format, have fun admining that with edit.com.

Re:Please, someone RTFM.

With pleasure

DDNS can store the database in 3 possible locations

1. a text file. (text file, usualy imported into #2 or #3 and discarded)

2. the registry (wierd flatfile database that we all love)

3. the AD. (wierd jet based database)

to manage these you could ...
#1,use edit.com.

#2 use regini.exe or *.reg files made with edit.com.

#3 use perl or jscript to publish your will via the ADSI.


assuming you want to build a directory-enabled DDNS host you most likely will use option 3. As you noted. the file is indeed binary in nature. The most common way to administer this is the reasonable good tools in the MMC.

However, thankfully we have a cli method to manage the AD-DDNS. The WindowsScriptHost that is part of every NT5 system is the decent shell scripting tools that nt needed. You want to managed the DDNS with a quick perl script?
Go for it. Its going to be very fimaliar to a lot of Unix admins, if they look at it


there are also some cli mode tools for manageing DDNS in the W2K reskit. I have yet to try them and as such can't coment

Sermon over.

Re:How useful really is DDNS or DHCP facing ipv6?

I believe DHCP will still have its place in the ipv6 world, but not so much as they are needed in ipv4. The problem is, v6 isn't going to take over any time soon. I'd bet that a decade from now, you still won't have to look far to find a v4 node...

Re:MSFT is full of soulless evil people

[Rational]

M$ lies, m$ cheats and m$ steals I can live with. It' the way how M$ sucks that kills me.

Re:DHCP is lame, DDNS is lame

Find out about the Federalist Papers. "Accountability" is a euphemism for making unpopular opinions too risky to express ("I hope you know that this will go down on your permanent record"). If you can't be bothered to judge ideas on their own merits, what's the point of ever reading anything?

Re:Way to go, Microsoft!

[Alex+Zepeda]

Uhh, NetBSD and FreeBSD already have very useable USB drivers, and support for USB keyboards and mice. And yes Virginia, Linux isn't the only Open Source OS. That is if you consider the GPL open.

Re:How useful really is DDNS or DHCP facing ipv6?

Any competent admin KNOWS what addresses are in use or which ones are not. DHCP is not a substitute for proper documentation / record keeping. DHCP can make it easier for workstations that don't ever need to be addressed. It's awesome for dragging a laptop into a conference room and such and not worrying about switch issues, etc.

Static vs. Dynamic IP.

[slpalmer]

Correct me if I'm wrong, but hasn't BIND 8.x had this capability for some time? What is the difference in M$'s implementation? Are they "extending the specs" the way they did HTML?
---
Stephen L. Palmer
http://midearth.org
Just another BOFH.

Re:Static vs. Dynamic IP.

[CigarBuff]

No, BIND does not implement Dynamic DNS. Several commercial DNS servers, some based on BIND, offer DDNS, but vanilla BIND does not.

Re:Static vs. Dynamic IP.

[huskymo]

"Vanilla BIND" (i.e., the version release by the Internet Software Consortium) has supported Dynamic Update (as specified in RFC 2136) since version 8.1.

However, the dialect of transactional signatures (TSIG) supported by Windows 2000 is *not* the same as that supported by vanilla BIND, and that will cause problems. Basically, you'll have to allow "unsigned" dynamic updates if you use BIND instead of the Microsoft DNS Server.

True--better MetaIP than MS

[cthompso]

At work (not my URL) even the NT admins were annoyed by MS' behavior, trying to ram Win2K DNS down our throats. So the NT guys--to their credit--decided to go with MetaIP from Checkpoint. The one thing I'd like to see from MetaIP would be a little less proprietary approach, then I could endorse them. They talk of a "one-time conversion" of DNS files from human-readable text to some funky proprietary format. As anyone who has administered DNS or mail will attest, you do NOT want your info to be a binary blob that you can't decipher if you start having problems. Anyway, at least Checkpoint pays lip service to standards, and since Checkpoint is an Israeli company, over time they'll be inclined to favor Linux for its technical elegance, accessibility, etc.

Re: FUD request job for you programmers...

[jimz]

RFC status means nothing.

A document becomes an RFC by:

a) being written
b) being sent to the IETF
c) waiting in a 100-deep queue for some time
d) getting assigned a number

RFC-ness doesn't guarantee that it is official doctrine, only that "hey, here's the spec, get it at your local site."

There are stronger levels of IETF document for official blessings.

Re:DHCP is lame, DDNS is lame

Actually you did. This is a public forum for any one to use. AC status just means you (the original poster) of a message, dosen't have a chance in hell of establishing copywrite to their own words. AC posts are public domain by definition.

M$ DDNS

This sounds pretty good, I just hope it's not a retarded attemp to change the world, as WINS was.

dynamic/static dns

Dynamic dns takes automatically care of nameip mappings when ip's change due to for example dhcp. Static dns systems will need to run update scripts for this or the mappings have to be updated manually. (Or, as in the company I work for, names change when ip's change.) The whole thing could be done with a dhcp server that knows how to update the name info of bind. The friendly people at Redmond have some sort of system available for this. Note, though, this is nothing new; it's available for current NT's if you look hard enough.

BIND 8 _does_ do DDNS that works with W2K!

Yup, I got to witness this firsthand. I setup a test zone for the Windows guys to play with, and gave that address the ability to do updates... the result? A _bunch_ of crap got registered in the zone. Stuff like this (imagine appropriate values for my pseudo variables below)

$WORKGROUP.$OURDOMAIN
$MACHINENAME.$WORKGROUP.$OURDOMAIN
gc._msdcs.$WORKGROUP.$OURDOMAIN

Something REALLY nutty it registered:

a6582901-30a1-11d3-bcc2-005004a6039a.$OURDOMAIN as a CNAME to $MACHINENAME.$WORKGROUP.$OURDOMAIN

More strange stuff:

_ldap._tcp.dc._msdcs.$WORKGROUP.$OURDOMAIN
_kerberos._tcp.dc._msdcs.$WORKGROUP.$OURDOMAIN
_ldap._tcp.Default-First-Site._sites.dc._msdcs.$ WORKGROUP.OURDOMAIN
_kerberos._tcp.Default-First-Site._sites.dc._msd cs.$WORKGROUP.$OURDOMAIN

... and a TON more.

So, yes, it works, but it will fill your zones with TONS of crap. I don't plan on letting this stuff onto my "real" nameservers, that's for sure.

Re:DDNS vs. Static DNS

[KillNateD]

I'm fairly certain my school(USC) implements this, and it honestly works fine w/ the win9x/nt dhcp clients, but all the linux clients i've tried to use have screwed it up.

Hopefully when a more complete linux dhcp client is working the problems will be solved.

Ironic

[FascDot+Killed+My+Pr]

Does anyone else find it ironic that someone named "HeUnique" would copy a headline word for word from another publication?

BTW, you probably want to change that before someone sues.
---
Put Hemos through English 101!
"An armed society is a polite society" -- Robert Heinlein

Re:Ironic

[scrytch]

Have you just noticed this fact? Most slashdot headlines are taken verbatim from the original article. This isn't unusual in itself, but custom and courtesy dictate that the name of the publication or service be placed before the headline. This is what Linux Today does.

Re:Ironic

[HeUnique]

sue me? for what?
That I took word for word? I took that paragraph because it matches EXACTLY the point.
ZD wants you to read the article on their pages, cause they put some ADs there so they can make money on it. I put the link to the article, and NOT copying the entire article.

HeUnique

Re:How long to find security hole in DDNS

[Moonwick]

Alright. I'm getting sick and tired of listening to all of these MS conspiracy freaks blow 'facts' out of their a$$es.

For the record, get it straight. MICROSOFT DID NOT INVENT DDNS! In my (not so) humble opinin, this is a great move! Finally we are getting rid of WINS (which was TRULY a Microsoft-only thing) and replacing it with a decent 'standard'.

Stop looking for reasons to berate Microsoft, especially when the lot of you haven't even tried to check on the facts. I have to be one of the few people here who knows what WINS was, and to realize that it deserved all of the negative feelings that DDNS is getting.

Get a life. Go read Linux-Advocacy-HOWTO. Stop being a bunch of conspiracy-driven punks.

Oh Dear Lord

[Keck]

This oughta be just _GREAT_ -- MS is again trying to use sysadmins all around the world as their pawns -- Imagine:

1. Ignorant MS-using sysadmins have already promised to migrate corporate network to Win1900 as soon as it is released
2. Ignorant MS-using sysadmins cannot back down NOW, just because of some silly addressing thing they don't really understand
3. Ignorant MS-using sysadmins already dislike UNIX sysadmins for being 'stuck with 20 year old technology' ( Ignore this if you administrate both.. :) )
4. Ignorant MS-using sysadmin is now Microsoft's pawn in their latest Embrace/Extend/Extinguish attempt...

Can 'The Government' sue them for THAT, please? This is somewhat hypocritical in the face of MS wanting AOL to release a spec so 'everyone' can conform (those AIM thingys), and here they want to cause more division...

Re:Oh Dear Lord

Oh, and then run fetchmail -d in an /etc/ppp/ip-up.d script.

Re:Oh Dear Lord

I am sure there are just as many "Ignorant" Linux/Unix sysadmins as there are "Ignorant" NT sysadmins........

Re:Oh Dear Lord

[MassacrE]

probably more, since installing NT doesn't automatically make you a sysadmin like installing Linux does (anyone know how to get fetchmail working over ppp with Debian slink?)

Re:Security

[DNSDave]

Yes, this could be a risk. To address this risk, you are allowed to limit who you accept updates from (in both BIND and WIN2K DDNS).

A Win2K DHCP server can act as a proxy for its clients so that registration of both A and PTR records occurs via the DHCP server, NOT the DHCP client.

Most installations that I've seen only accept updates from the DHCP server, not the individual clients.

DDNS

[CigarBuff]

Dynamic DNS, if Microsoft is following the emerging RFC (yeah, right) give you the ability to automatically update your DNS tables if a machine's IP address changes. So, for example, if your machines are on DHCP, and their lease runs out and they get a new IP address, the DNS server will be updated to reflect this new address so that other clients will be able to resolve it's address.

are you smoking crack?

"(NT4) is not subject to tens of new kernel updates which severly effect the stability of the system." What have you been smoking? How many updates are in SP1-SP5 (with SP6 reportedly on the way)? Tens? HA! I scoff in your general direction. Nay, hundreds if not thousands. And everyone I've ever talked to who has installed any of them has echoed my own experiences, that each Service Pack simply gives you a new set of bugs. You even admit to the "occasional" crash. An OS should never crash without it being caused by some hardware defect or critical hardware failure. OS crashes are completely unacceptable.

dhcp - dns

from : ISC homepage

DHCP Distribution: Version 3.0

Current Version: 3.0b1pl0

Version 3 of the ISC DHCP Distribution adds conditional behaviour, address pools with access control, and client classing. An interim implementation of dynamic DNS updates for the server only is included, but is not supported. The README file contains information about how to enable this - it is not compiled into the DHCP server by default.

Features in upcoming releases, starting with 3.1, will include the final asynchronous Dynamic DNS Support, DHCPv4 16-bit option codes, asynchronous DNS query resolution, DHCP Authentication, and support for a DHCP Interserver Protocol and live querying and update of the DHCP database. I don't see why they say it doesn't exist on UNIX. There are also perl scripts that do the job.

Re:dhcp - dns

[trog]

I know it can be made to work, but most business users prefer something that can be enabled in a standard distribution, not some patch that can be pulled from a mailing list. Especially because there are so many of these loose ends.

Umm...most business users don't admin a server at all. I've had to download patches for everything I admin, from the NT boxes to the Linux boxes to the Cisco routers. The PHB's just want it to work, and usually don't care how you do it.

Leave the system admin to root, baby....

Re:dhcp - dns

Since we're engaging in childish namecalling, I feel that "Windows 1900" is a good name to refer to Linux by. Actually, Linux would be "Windows 1969."

Re:dhcp - dns

I know it can be made to work, but most business users prefer something that can be enabled in a standard distribution, not some patch that can be pulled from a mailing list. Especially because there are so many of these loose ends.

Bingo! You just explained why Linux will never catch on in a big way. The Mailing List and Newsgroup just aren't an adequate security model.

Re:dhcp - dns

[kijiki]

thanks for making me laugh. I suppose having microsoft deny the existance of a REMOTELY exploitable buffer overflow in IIS for two weeks until someone PUBLICLY released an exploit is a better security model? I wonder how many hosts got compromised by crackers privately trading exploits on IRC in those two weeks while microsoft denied the existance of the problem?

Re:dhcp - dns

[trog9000]

yeh, switch to linux! nope...that won't work either...linux doesn't like DHCP on my cable modem...never gets default route...oh well..so much for mindless advocacy....

Re:dhcp - dns

[lvman]

M$ DHCP in NT5 betas does not work now. If you load W2kP (NT Workstation 5) Release Candidate 1 and then try to connect using a cable modem (using DHCP), you will never be assigned an IP address or be able to connect. Had to reformat hd and go back to beta 3 installation to get around this. Same result with W2kS (NT Server 5). Perhaps Release Candidate 2 of the betas fixes this.

Re:dhcp - dns

[whoop]

A Windows interface does not a LAN Admin make.

Networking, DNS/DHCP administration, network security, etc are things that should NOT be left to Windows dialog boxes and wizards. The person in charge of these should study, and learn about them before trying to use them. After that is done, compiling and configuring Bind and dhcpd to do these DYNDNS updates is trivial. My original point was that the technology exists for any mildly competent person in charge of DHCP/DNS on a Unix box, despite the PCWeek author's claim that it just does not exist.

For adequate security models, I'll trust Bugtraq and the dozens of other mailing lists/newsgroups far over MS's little bug page which takes 3-4 weeks to acknowledge security problems, and another 3-4 to come out with a workaround like "don't use this option." If a business wants to protect their networks, they MUST hire a competent person to do the job (I'm available if anyone's looking :)), and not rely on the OS manufacturer to secure their systems.

Running network services like these on Windows just doesn't promote the Unix concepts of RTFM. Explaining to my brother the concept of mapping hostnames to an IP and likewise that IP to the hostname, or what an MX record is, was made terribly difficult because of what Microsoft has done.

Re:dhcp - dns

"starting with 3.1, will include" is just too late! this feature is required by so many installations that it should have been included long ago. Microsoft can be accused of many things, but this is just something that the Unix community had to do years ago and they just let it slip.

Re:dhcp - dns

[Politas]

Have you considered that your cable modem may be the cause of your problems?

Re:dhcp - dns

[whoop]

There is a patch I pulled from the dhcp-server mail list to do it now. Check their archives. I use ISC's dhcpd 2.0b1pl18 with it. Well, it sometimes forgets to delete hosts that are no longer connected. And I haven't checked for any newer versions in like 8 or more months. But overall it works very nicely.

Re:dhcp - dns

[Burnon]

The article did mention something about msft's "Active Directory". Maybe they've got a protocol for dealing with it tied into the DDNS thing that effectively "embraces and extends" DDNS?

Re:dhcp - dns

maybe you should stop using Micros~1 Windows 1900 and quit wasting your time.

Re:dhcp - dns

You can bet a vanishingly small number got compromised. If there were many and damage could be documented, there'd be messages all over sites like slashdot reveling in the humiliation of the Evil Empire.

Re:dhcp - dns

[Vladinator]

Yeah - esp. when you consider that the last exploit found for Linux was solved in around 8 hours - and that was just a DoS not a nasty root/administrator type attack.


"I have no respect for a man who can only spell a word one way." - Mark Twain

Politics of Name Spaces (& noncluefull reporter)

[DNSDave]

I'm working with DDNS both at home and at work using both Unix (Proprietary or Linux) and Win2K. They interoperate fine.

The only issues I've seen are with IXFR implementations (incremental zone transfers) and some "noise" data for some subzones. The workaround is that you can delegate the "noise" zones back over to a Win2K box until the BIND 8.2.1 code is fixed.

The REAL PROBLEM as documented in the story about Boe...oh, the "large aerospace firm" is that many large enterprises segment their IT structure along operating system lines rather than functional lines. It is much more efficient to LOSE operating system religion and use the "appropriate tool" for a job.

The DNS folks where I'm consulting use both Solaris and Win2K systems as nameservers. Solaris hosts the root namespace and the IP management tools. Win2K hosts the Active Directory Integrated delegated zones. The same folks in THE NETWORK GROUP (a functional split not an OS-centric split) manage all of these zones. There is no pissing contest over OS machismo. If more companies were to split their IT into functional areas, rather than OS empires, they might see a better result.

I'll get off my soapbox now. Just my two cents.

Re:stay in sckool

[Raelin]

And how many languages do you know? The world doesn't revolve around the US and Britain. Hell, if you're going to start getting technical on spelling and grammar, you're just being pedantic. How many people do actually speak proper English anymore anyway? Learning the language is a good thing, and more than likely the person is. Just don't dock him for not being a master yet, and learn some compassion. Being a tight wad doesn't make you friends.

Re:Still makes no sense

I understand your grief, and I'm not saying that everything that is MS is good. But what we must realise is that many businesses are going to be implementing Windows 2000 to leverage the Active Directory and associated services, and we will have to make compromises along the way.

I've been working with MS products along side Linux and Solaris, and I've seen ups and downs to all systems. Admittedly MS products leave more to be desired than others, but it's not my call to run an Enterprise business on a particular OS. The right tools for the right job, buggy or not. And if it sells, executives will buy it.

Point is, there's no use screaming about the facts that will happen, but get on board in both camps and learn to build the best systems with what is there.

As for the MCSE bit, that means nothing to me anymore. When I got my MCSE, it was a Good Thing. Now every dipstick and his dog has one, and they can't do the work. I've often thought that MS products gain an even worse image since supposed qualified people can't even make it work. I'm just glad that I have my Compaq ASE and Cisco skills to separate me from all of 'those people'.

Cheers mate, you're right to gripe about what's happening, I'm just as sick of the things you mention. Althought becoming a truck driver is a little lame IMHO. ;)

Re:MSFT is full of soulless evil people

[Raelin]

Let's see. This one is easy to debunk. I've made an expert system, I've made a distributed system, hell, I've even made a music composition program. All worked cross platform, without JDirect stuff. I disagree that Java sucks ass without Microsoft. Java's pretty cool. Even if I feel it's a bit slow, You can write faster Java if you pay attention to what you are doing. I'm not some grandious visionary, I just write the code to fit the specs of the people paying the checks.
Now, please mark this as Off Topic, and let's get back to DDNS.
--Rae

Re:MSFT is full it.

Don't forget that RNI (their proprietary interface for native Java code) was so poorly designed that it happens to work now but would prevent them from ever implementing a decent garbage collector like HotSpot's.

DHCP and DDNS

Linux w/ ISC's Bind has been doing this for a while. I actually set up my own DHCP/DDNS machine at work, using RedHat 6.0, and it works great! No problems whatsoever. As is usually the case, M$ releases "new technology" after it already exists, and tried to scare the OSS community through press manipulation. Long live Slashdot!

sysadmins at "war"?

[Captain+Teflon]

So I'm a corporate IT manager. I've had the misfortune to hire an NT bigot and a Unix weenie as sysadmins for their prospective domains. Both refuse to work on each other's systems, and both demand control of DNS.

They've swallowed the FUD about DDNS in this article, ignored the fact that's it's substantially a technical non-issue, and now I have both of them in my office shouting at each other, both demanding control.

What do I do?

Yep. Sack 'em both, and get two (or one?) admins who are prepared to work on both systems and do what it takes to get the job done. The company will be a better place without weenies, OS bigots, or prima donnas.

Re:sysadmins at "war"?

[MassacrE]

Religious wars are faught over beliefs that cultures have held for thousands of years. I find these ridiculous in almost all cases (believing a cow to be a holy animal while your next-door neighbor is having bbqs everynight is one case that I can imagine where it may be justified).

So you can only imagine my feelings for people who fight OS religious wars. NT and linux have been around for what, eight years? Give it a rest, when you've gotten gray hairs fighting over the right to use emacs, there will be completely new systems on the battlefront. Best just to choose the right tools for the right jobs, and be willing to lose the fights that just plain don't matter worth shit.

Re:DDNS, what msn said

[Erik+Hollensbe]

This is very open to interpretation. Linux has more security issues, because the code is able for review by anyone.

Beside the fact that I disagree with you, perhaps the reason that NT has less "security issues" is because the code is not open for such review.

If the code was at least open for REVIEW (not development), at least a lot of unresolved bugs that are going to pop up sooner or later, and take big hits with them. At least if the code is there for review, an admin could take steps to prevent something from getting exploited, even if it doesn't actually FIX the problem.

I'm a full advocate for open source, but when security is an issue, the more you can see the better.

-Erik-

changing the icon

[RoLlEr_CoAsTeR]

but why change it when, as the old expression goes "a picture says a thousand words"?

or, at least I _think_ I got the old expression right

Re:Way to go, Microsoft!

[Raelin]

Well, are you using Visual Studio 6.0, IE 5.0 and Office 2000? I believe his point was that order very much matters on installing these things because some installations rewrite system files without checking to see if it's a later version, and without prompting you to replace them. My big problem is that they even replace these files through app installs. If you're just using NT with SP5, you can get it to work just fine. Try adding in a few random other microsoft products, though.
Installations are permutable. Order matters.
Raelin
nPr vs nCr

Re:hahaha.

[scrytch]

man stat

time_t st_ctime; /* Time of last file status change */
/* Times measured in seconds since */
/* 00:00:00 UTC, Jan. 1, 1970 */


and further down
...

st_ctime Time when file status was last changed. Changed by
the following functions: chmod(), chown(),
creat(), link(2), mknod(), pipe(), unlink(2),
utime(), and write().


Yes, creating a hard link to a file, chowning it, or chmoding it will change its ctime. creation time my eye. Oh well slashdot doesn't respect pre tags anymore, deal with the formatting.

Re:DDNS vs. Static DNS

[ChrisJones]

Oh please, that is such utter piffle.

Nobody can set anything up these days on NT with the click of a mouse, you need MCSEs, service packs, hotfixes, HUGE NT manuals, etc.

I added 100 IP addresses to an NT box recently and it took more than one mouse click to do it.

Re:nt kernel is old too

[Gumber]

"The NT kernel comes formt the UNIX family...microsoft just took the kernel developed it to there own means...in fact winnt is posix compatible..."

Huh? NTs design is influenced by a number of things, including early versions of OS/2, VMS and Mach, but it really isn't any of those things, and it certainly isn't a monolithic kernel.

The POSIX API support you mention is separate from the OS core, so, for that matter, is the Win32 API.

Re:hmm..

[scrytch]

Why not? Could it be that metadata can't ever be associated with an inode? tch, just too bad, isn't it.

Another job for you programmers...

Hey, another ploy to edge competitors out by providing proprietory standards (remember, these tactics were promised in the Halloween documents). Solution - crack it and impliment compatible GNU solutions across all Unices... Who knows, the Unix version may end up being more inovative than the MS version and leave MS trying to catch up, once again...

Re:Another job for you programmers...

It isn't a case of a "proprietary extension" to a standard. It's a case of something better coming along and Microsoft pushing the envelope by implementing it.

The Unices will just have to play catch up on this. That's basically what Linux is all about anyhow.

Re:Another job for you programmers...

[kijiki]

BIND 8 has this, and has for a while. Copying standards and then making them incompatible with the rest of the world is the only way microsoft pushes the envelope.

Re:nt kernel is old too

[MonkeyPaw]

"in fact winnt is posix compatible I am a unix guy but nt has its place too"

Yes, I agree. At my work I have a very nice oak desk. For fear of wrecking the wood, I use the NT4 CD as a coaster. It's very effective.

It's been working great for over 4 months. Who says NT is worthless.

Re:carnegie mellon u

[hunterotd]

Two possibilities:

1. They are keeping up with their students, and just keeping a record of what MAC addresses are whose, that way if you do anything illegal, they can say "It was this guy".

2. They are giving you a static IP (good thing) which is the way to go. That way, you get the benifits of DHCP, and the benifits of a static IP. So, is your IP the same all the time? Or does it change?

Re:Agreed

[MonkeyPaw]

First posting sucks,..
Let me be the FIRST to announce,..

"LAST POST!"

Ok,. now no one else make comments please...

Re:dhcp - dns the clock is ticking

--Bingo! You just explained why Linux will never catch on in a big way.-- Ahem! Are you talking about the next 2 years? What happens over the next ten years when kids around the world learn Linux and Networking and poke around in the code? Are you giving your company's future to MS developers? I hope not. Price + Learning Curve will render Windows 2000 obsolete in the future, perhaps not in the U.S. at first, but the turn will occur in most other parts of the world. Schools can't afford Win 2000 or the cost of maintaining it. DDNS notwithstanding as if MS has had a positive influence on networking standards anyway.

Re:DHCP is lame, DDNS is lame

[QuantumG]

In a very very very long while.

This is BIND 4 vs BIND 8, not NT vs Unix

[Auwe]

MCP Magazine published a similar piece in the 9/99 issue. For various reasons, they claimed that NT's DNS as superior to Unix. However, the uneducated author of that piece was really contrasting BIND 4 and BIND 8. I sent MCPMag a nasty-gram for that. Linux has had a BIND 8 compliant DNS out for a couple of years already. Unfortunately, many of the major Unices don't have a BIND 8 DNS out. AIX 4.3 being one exception to that. IBM was fairly aggressive in keeping up with the latest RFCs governing DNS/DDNS and DHCP. The key difference between static DNS and DDNS is that DDNS allows zone files to be updated via special nsupdate packets. Update packets are sent to the DNS by either a DHCP/BOOTP server or by each node. No current MS OS supports this latter type of DDNS registration, but their are 3rd party tools to make it happen. One bummer about Linux is that its DHCP server does not yet support DDNS updates. Here's one area where NT's DNS/DDNS really stinks: you are forced to use the MMC GUI tool to admin it. Yucko! IMNSHO, vi & perl are the ONLY tools for DNS. =)

Re:hmm..

Gee, you don't know the answer after all those "hours of studying"? It's absent not because "shit happens"...it was considered to be 'useless' in the design process.

Tom Christiansen:

A few weeks back, I asked dmr about this design decision. He pointed out that creation time provides nearly nothing that helps the day-to-day running of the system. It would serve merely as an historical record, little more. Inode change time, on the other hand, is critical for running daily back-ups. Therefore, given finite fields in the inode and virtually no use for creation time, it lost.

Dan Mercer:

It's a fairly meaningless concept...Part of the problem is that we refer to files by name and think of the name as their identity, but it's the seldom referenced inode that is their true identity. If you gzip a file and gunzip it again, you haven't changed it physically, but you have moved it to two different inodes. What should its creation date be? How about a file installed via tar? Creation time makes sense on an IBM mainframe where you are actually allocating and naming a hunk of disk storage, but not on Unix.

Me:

You seem to like talking a lot of sh**. Fsck off.

Re:DHCP is lame, DDNS is lame

[QuantumG]

accountability is about saying "you know.. if I post this stupid comment someone might form an opinion about me" and then maybe reconsidering.

Re:Way to go, Microsoft!

[Rational]

Cool, Astroturf has reached Slashdot...

I don't know what experience you have on UNIX boxen, but I've used both UNIX workstations and NT workstations, and I can tell you you are full of shit. NT is a productivity destroyer, as the Windows interface just isn't designed to get work done. It may have been designed not to scare Joe Blow, with the dancing paperclips and the flying sheets of paper, but it certainly hasn't been designed to let people do what they want to do.

Hell, even the bloody Macintosh is better in that respect, because at least it has a good graphical interface. Windows is just an ugly, unholy mess built on top of an unstable kernel.

Re:Corporate environment, infomercials

Precisely, more kids in Asia and Europe will come to know Linux and X windows than MS products in the coming years since their schools will embrace Linux. Will they then work in corporations without Linux just because they have poorly supported non-English version of MS Office? I think not. Development worldwide favors Linux. Education worldwide is starting to look at Linux/FreeBSD as a solution to the cost of Site Licenses. They will gladly take a Unixed StarOffice/Applixware office suite over a $300 MS Office suite.

Re:DDNS vs. Static DNS

>M$ derives much of its success from the fact that
>small and medium sized companies try to downscale
>their IS departments from scientific research
>institutes to groups of people who install
>readily available off-the-shelf stuff that does
>the job.

now that the NT part of our IS department has obviously been downscaled, could somebody please find a researcher somewhere to install that quad-ethernet card in our NT server? looks like installing an ethernetcard in a NT box is not as off-shelf as one might believe.

Re:hmm..

[hunterotd]

Please, enlighten me as to what I should use instead? Not Windows, surely. I don't hate Windows because it is succesful, and I don't have a deep need to be elite. I hate Windows, because it hampers my ability to do anything.

I like Linux because of the plethora of modifications I can make to it, and the amount of customization I can make to the UI. I also really appreciate the online documentation, which is in a sane and easy to use format. Once I figured out how to use it, I fell in love.

So, what computing paradigm to you love? I probably haven't tried it, but if you would help me get it installed, I'll be happy to give it a try.

Re:Corporate environment, infomercials

> Keep an eye out for network admin salaries going down ...

boy, am i looking forward to replacing all those corporate WANs that will be designed and installed by the people who installed W2KS.

i don't see _my_ salary going down anytime soon.

Re:Way to go, Microsoft!

[warmi]

I am running Office 97, VS 6.0 and IE 5 ( it is my developent machine - server cause I need to test stuff with MS SQL 6.5 - which by the wy is installed too - and all of this in the IBM thinkpad -128 MB ram ) So far works perfectly ...

Re:Way to go, Microsoft!

[warmi]

And also Linux on another partition - works fine too with exception that video drivers were so painfully slow I had to get AcceleratedX...

Re:DDNS, what msn said

[warmi]

COnsider this, once a while somebody figures out way to get admin access on NT ( very rare - only couple cases ...) On Linux - every friggin week there is security update related to some package allowing people to get root access ( specially RH is full of those )
I am not trolling , those are the facts.

Re:Umm?

I believe what you meant to say is:

With DDNS, the hostname is bound to a device and the IP changes.

With static DNS, the hostname is bound to an IP and the device changes.

First reply.....

...to the first post

Re: pretty good

[Lavahead]

>>Are unix people all anti-capitalists?

you know that is obviously false. i think his point was that microsoft is often associated with having fabulous amounts of money, perhaps more than people should be giving them. (oh god, i'm just setting myself up for an anti-trust debate, aren't i?)

>>Micros~1 - Hello... I've used win95/98/nt and I've *never* had to type in an 8.3 file name.

if you use any of your older 16-bit apps in windows, you will encounter these silly abbreviations (eg pictur~1.jpg) all the time. however, i usually run into these things in DOS, which turns long filenames into a nightmare, not a blessing.

>>I think linux geeks are just bitter about MS's dominance.

the complaints about ~1 filenames have nothing to do with MS's dominance. just because you've never had to struggle against its ugly side does not mean it's not a bad system. people complain because it sucks.

>> Macrostupid - Surely the people who were fooled into running these macros are to blame.

the people that passed on that virus are mostly newbies, and don't know how to wield the power of macros anyway! unfortunately, there are millions of newbies out there, and microsoft pushes their products into their hands more feverishly than any other demographic. if you don't believe me, i'm sure the talking paperclip can convince you otherwise.

>>I get 15+ days uptime all the time on my machine.

well cool, as long as we're sharing our experiences i might as well give mine! i've got win98 on a top of the line dell machine that i'm using right now. this whole summer it has not had an uptime of more than 5 days. hell, i don't even push this machine! i use it to browse slashdot and chat mostly. what causes it to crash after 5 days for no good reason? beats me. buggy coding i guess. oh sure, it made it to 8 days *once* but who wants to use a computer that has 194 meg of allocated memory with no apps running?
and this is windows *98*, supposedly fixing those truckloads of bugs. when i had win95 on a diff computer (that i sold, hehe) i couldn't even make it through the *day* without it crashing. usually crashed 3 times a day. are you telling me this is 'acceptable'?

extended DHCP?

I can not believe more people arent wondering why M$ is creating an even more complex version of a relatively simple protocol (DHCP) that completely sucks the monkey balls under NT. Lots of places in Houston are running DHCP on linux and dont know it - why? because it works! I've seen M$ DHCP service bite it several times - REBOOT REBOOT! small companies are afraid of "restart" and should be. stability is crucial to small companies. M$ could give a fuck about the small man and will continue to burn 'em - no matter how pretty and convincing the propaganda. btw: I was talking w/ M$ head this week. a rationalisation for them is: hey M$ doesnt stick protocols/innovations/features/bugs in committee they rev until they get it right. DHCP still sucks. but most people can agreee IETF is a bottleneck. A.C. who forgot his passwd Burning Airlines Gives You So Much More. . .

Re: FUD request job for you programmers...

> *last I looked the RFC wasn't final yet, MS has
> been updating the W2K code to follow the RFC.
> drafts.

Or vice versa.

Re:microsoft rulez

LiNuX rulZ u laMeR, iM 3733t h4x0r d00d, i wIlL wRite aN 3733l sCrIPt aNd h4k YoUr lAmE aSS!!! Phear!

Microsoft is using RFC 1995 & 2136.

http://www.microsoft.com/Events/winworld/ww17cone/ tsld021.htm
nuff said

freshmeat today

I just read a few comments in here and went back to the top level and low and behold my eyes fell on "dhcp-dns" in the freshmeat box. This stirred such a wonderful feeling that I just had to share it, reminicent of the whole cddb hoopla:) I love you geeks!

Random dist wars

I'm not sure how true what you're saying about "only a couple cases" is, when you include 3rd party add-ons -- which is basically all of what redhat is (all those exploits you see target a very specific, usually very rarely used, program). Plus, linux exploits are publicized; how many NT exploits exist that no-one (yet) knows about (or that only the crackers know about)? Also, when was the last time you saw debian have this problem?

Win2K dynamic DNS client is 100% BIND 8 compatible

[rcgraves]

Assuming you configure BIND 8.2 to accept DDNS
requests with no authentication whatsoever.

If you do that, you deserve what you get.

Re:Agreed

We're just providing a service by giving you something to be angry about.

Re:Way to go, Microsoft!

[Axe]

Yeah, and did you notice that msvcrt.dll changed in between VC 6.0 and VC 6.0 SP2? That was to fix
bugs. On my machine, installing VC 6.0 broke at
least 2 non-MS applications. Go take a look at
bug reports.
Man, I had to take care of a dozen NT boxes
loaded with development tools. I know more about ways to destroy this systems by a wrong sequence in applying patches, fixes and errata than I ever wanted. Our Linux boxes are order of magnitude easier to maintain. And I am no UNIX fan. I like goog GUI and IDE's. It just a fact that
UNIX style is much more stable for development use.
Original poster insisted that MS enviroment is stable. I think he is full of shit.

AcceleratedX rocks, BTW...

Possibly not needed...

[Elvii]

I remember reading somewhere that although ipv6 is 128 bit addresses (iirc), only the last 64 bits are used for actuall address... thr rest are country, state, etc... (not sure how it's split up in this part) but you automacically keep your ip and routers can figure out from the first part of the addy if they've got to drop packets to your backyard or to china... I remember that it promised to make routing much simpler, iirc...

Always the chance I could be wrong, of course.

Re:DDNS vs. Static DNS

Please just go back to your newsgroup and continue scanning for patches to apply. Make sure you don't take a single day off from the task, as a hacker has a LOT more power on a rooted Unix box. You could come back from the weekly LinuxWorld convention to find your server playing mary-had-a-little-lamb.

Re:uhhh... no

[Flammon]

Ya I figured this might happen. Sentence and word optimizations can confuse people.

I was talking about the concept of DDNS vs SDNS.

The concept behind DDNS is that a device should always have the same name but the IP can change.

The concept behind SDNS is that a device should always have the same IP but the name can change.

That is what I meant by bindings.

Re:Way to go, Microsoft!

[waddgodd]

If you need a GUI to do productive work, I feel sorry for you. I rarely use the GUI functions of windoze, and even then I use them only when a CLI solution doesn't readily exist. Point and click is for dry firing your gun, not for using your computer.

Re:DDNS vs. Static DNS

Be nice now. Unix isn't a eunich. It's a shaggy old man in a beard. With red suspenders. Hasn't been laid in fifteen years, but that isn't due to being physically altered.

Re:the article got it all wrong

[witz]

I just sat in on a several hour AD presentation done by MS. You can tie the DDNS in Win2k to Bind 8.x servers.

Re:How useful really is DDNS or DHCP facing ipv6?

[tialaramex]

There's another way of doing that of course, but it's evil as hell.
If you don't have any REAL subnets / LANs then you can tell the ridges that all conference rooms are really in all the vLANs of the organisations, and stuff will just magically work. I suspect the behind-the-scenes cost in data traffic is horrific, but I don't care :)
This also lets you grab a server, complete with UPS, and run over to another building with it, and hardly anyone notices :)
Or so I'm told (Do you read this stuff Tim?)

Re:Corporate environment, infomercials

Keep an eye out for network admin salaries going down ...

Keep an eye out for the price of red suspenders and linament going down.

We've known for some time that a part of the "Unix or die" contengent is just the modern parallel to the "Mainframe or die" boys in the glass house. They're almost all gone now.

And users are liberated from that kind of condescencion.

Re:Corporate environment, infomercials

With Kerberos being implemented as the new default Security Model on Windows 2000, I think you'll find a lot less hackers having their fun.

DDNS without security and stability is Evil

[rcgraves]

I think dynamic DNS is a solution in search of a
problem.

You say, "Its nice to be able to connect w/ a laptop anywhere on a 100+ subnet network and get the same domain name to resolve everytime."

Why?

How many people besides you regularly connect to
a server running on your laptop?

Are you sure you control the TTL on your DNS
server, every DNS server used by every client
that talks to you, and every server you talk to?

What do you do when a remote site's TCP wrappers
refuse access because they cached your old PTR
record?

What assurances do you have that someone can't
spoof your dynamic name and steal credentials? If
you think you're authenticated by MAC address,
try ifconfig eth0 hw de:ad:be:ef:01:23 (doesn't
work with all enet cards, but does with the common
ones). If you use kerberos, x509, or ssh host keys
and you actually bother to verify them, then you
have less of a problem, but many common services,
like unencrypted web pages, have no end-to-end
server verification protocol. Interestingly
enough, Microsoft's NT domain protocols do not
strongly authenticate the server to the client.
If an attacker puts himself at the server's IP
address and generates a nonrandom nonce, you lose.

Microsoft considered strongly authenticating
DDNS to be too hard (and nonexportable), so they
basically trust whatever you put in the Network
Control Panel (or a packet manufactured with
smblib) as long as the name has not already been
taken. Taken names can probably be freed up with
the same sort of games people play to take over
IRC channels. Bzzt! Game Over.

Microsoft says it plans to get rid of WINS, but
the initial implementation brings all the
instability and insecurity of WINS to DNS. No
thanks. The non-Microsoft solutions tend not to
be much better at this time.

Out-of-band authentication like MyIP or the old
ml.org web page works, but that ain't DDNS,
that's end-user access to static DNS... which
can be a good thing. We provide something similar
for our students.

In case deja URLs aren't permanent, search for "WINS" in comp.os.ms-wendows.networking.win95 during January 1996.

http://x22.deja.com/getdoc.xp?AN=135549278&CONTE XT=935866614.1926103089&hitnum=9

Re:carnegie mellon u

CMU IPs are "mostly" static. Which is to say that you are asked to use dhcp, but will most likely be handed the same address every time you request a lease. However, the networking groups reserve the right to change it out from underneath you if necessary. They try very hard to make these changes however over the summer when a minimum number of students will be affected.

CMU makes you register machines for a bunch of reasons, but there's one simple overriding one: accountability. This way when your script kiddie friend that you foolishly gave an account to decides to attack j-random irc server, saturates the network, and keeps your next door neighbor from doing his homework/downloading pr0n in the process, it's very convenient for the networking groups to call you up and make sure you're at home while they're grabbing their lead pipes.

Re:Boys, be ambitious -

[cwells]

whatever man...
politics is politics...
posix is posix...
and personally i am not surprised that you feel
way and i am not surprised MS has taken another
step...it's just unfortunate..oh well...

Re:Blame the right people

[C.Lee]

>If anyone deserves bashing here, it is PCWeek and/or this particular >reporter,not MS.

Get real. You don't actually think that MS didn't approve of this article before PCWeek released it,do you?

You MS PR flacks are really quite stupid,you know.

Re:stay in sckool

keep in mind that not everyone on this planets speaks english as well as you.

Re:Oh Dear (censored by Atheist Commision)

[rips]

How come all of these MS praising posters are all Anonymous Cowards?? As for the comment that "[Anyone making the] assumption that a Sys Admin that runs MS products is ignorant, is nothing more than tunnel-vision and narrow mindedness", the plain hard facts are that anyone voluntarily using an MS Product for mission critical (otherwise phased as 'important') server applications is a little daft as the tendancy for MS products (in the vast majority) to be: 1. Crashware 2. Bloated 3. Slow/Inefficient 4. Insecure is notorious. While not every MS System Admin does so of their own free will, I would have to agree that anyone that claims that NT is a better solution to everything else is being a little ignorant of the facts. (For actual references, just refer to the many past slashdot articles and posts on similar subjects. This topic is getting old... I guess MS marketing really does get to some people...

ISC supports Windows better than Microsoft does

[rcgraves]

This feature of ISC DHCPD and the DDNS features
of w2k are totally unrelated.

The ISC DHCPD 3.1 feature referenced, and the
patches to 2.0 which have been around for over a
year, does this:

When a Windows 95/98/NT client, or a UNIX or any
other client configured to send option 12, is
assigned an IP address, the ISC DHCP server
connects to the DNS server on the client's
behalf to update its entry.

This allows you to secure your DNS server to
accept (possibly DNSSec'd) updates from your
DHCP server only.

The Microsoft DDNS solution does this:

After a Windows 2000 client has been assigned an
address by the DHCP server, it contacts the DNS
server directly to update its entry.

The Microsoft solution requires your DNS server to
accept updates directly from your clients. The
Microsoft solution does not attempt to support
Win95/98/NT clients at all.

WINS != DDNS

DDNS We have been working on this type of feature for a while and even have it available on NT4.

Um, yeah, except you called it NETBIOS. Oh, excuse me, WINS. There are internet standards, and then there are Microsoft-isms.

Don't confuse NetBIOS and WINS with DDNS. They're not the same thing. WINS is used to resolve NetBIOS names (not hostnames) to IP addresses across a multiple subnetted network. Very useful on a Windows network. BTW NetBIOS over TCP/IP or NBT is an Internet standard with it's own RFC.

Re:Oh Dear (censored by Atheist Commision)

[rips]

How come all of these MS praising posters are all Anonymous Cowards??

As for the comment that

"[Anyone making the] assumption that a Sys Admin that runs MS products is ignorant, is nothing more than tunnel-vision and narrow mindedness",

the plain hard facts are that anyone voluntarily using an MS Product for mission critical (otherwise phased as 'important') server applications is a little daft as the tendancy for MS products (in the vast majority) to be:

1. Crashware 2. Bloated 3. Slow/Inefficient 4. Insecure

is notorious. While not every MS System Admin does so of their own free will, I would have to agree that anyone that claims that NT is a better solution to everything else is being a little ignorant of the facts.

(For actual references, just refer to the many past slashdot articles and posts on similar subjects. This topic is getting old...

I guess MS marketing really does get to some people...

Re:Oh Dear (censored by Atheist Commision)

[rips]

How come all of these MS praising posters are all Anonymous Cowards??

As for the comment that

"[Anyone making the] assumption that a Sys Admin that runs MS products is ignorant, is nothing more than tunnel-vision and narrow mindedness",

the plain hard facts are that anyone voluntarily using an MS Product for mission critical (otherwise phased as 'important') server applications is a little daft as the tendancy for MS products (in the vast majority) to be:

1. Crashware 2. Bloated 3. Slow/Inefficient 4. Insecure

is notorious. While not every MS System Admin chooses their server platform of their own free will, I would have to agree that anyone that claims that NT is a better solution to everything else is being a little ignorant of the facts.

(For actual references, just refer to the many past slashdot articles and posts on similar subjects. This topic is getting old...

I guess MS marketing really does get to some, dare I say it, *ignorant* people...

Re:DDNS vs. Static DNS

Don't worry. Linux will eventually catch up. It always has in the past.

Re:Khttpd is not in the kernel. We have uhttpd.

[SegFault]

"Khttpd is not in the kernel."

Its in 2.3.15

Paul Laufer

Re:Static vs. Dynamic IP. The scoop!

[anticypher]

This is my current project, so here is my take on what micros~1 is doing.

First, some background as to what Dynamic DNS truly is, because its obvious most of the slashdotters are posting without a clue. Here's a clue, and its free, as in free software :-) At the end is an opinion, which is not a clue, but can be ignored or countered as you see fit.

What is Dynamin DNS?

DynDNS is result of putting together several RFC documented techniques in a quite nifty way. Start with DNS [rfc1034 & 1035], add DHCP [1531, 1532, 1533, 1534] and tie the two together with Incremental Zone Transfers and Notify [rfc 1995 & 1996], and call it DynDNS [rfc 2136 & 2137].

Read rfcs 1995 & 1996 for a discussion on why full zone transfers [AXFR] are a bad thing (for bandwidth consumption), and see the elegant solution proposed with the incremental zone transfer [IXFR] extension. This is the basis for updating a primary name server with a new RR containing the hostname & IP pair (and IP->hostname reverse pair). You can also use this mechanism to remove a RR when the host is no longer associated with that address. There is also a discussion of security so that only pre-programmed IP addresses can do IXFRs, and allows extensions for fully authenticated updates when someone gets around to writing the code someday.

Read rfc 2132 to understand how a DHCP client does a DHCPREQUEST to a dhcp server, and how it can pass its hostname inside of option 61, client identifier. This is what win9x currently does with its client code, but only a patched version of some dhcp clients for linux do this.

Now, to put it all together.

A machine [win or linux] with a dhcp client boots up, broadcasts a bootp request (the transport mechanism for dhcp) with a DHCPDISCOVER message. A dhcp server on the network responds with its local address in a broadcast (because the client has no IP address at this point, all traffic must be broadcasts), and then the client broadcasts a DHCPREQUEST to that specific server. Contained in the REQUEST packet is option 61, containing the hostname of the machine. In win9x, this is what is entered in the network control panel "computer name" field, in *nix it the contents of /etc/hostname.

Then there is a whole bunch of communication between the dhcp server and client so they both agree on things (go read the rfcs, or sniff some packets off the wire, or both) with the end result the dhcp server now has given the client a lease on an IP address for a certain amount of time.

Now comes the DynDNS bit.

The dhcp server now communicates to the primary name server with an IXFR message, sending a RR containing an A record (and a PTR to the reverse DNS server) with the any and all information that might be contained in a RR, and the TTL is set to one half of the lease time given to the client. If the name and IP address are not currently in the DNS database, they are added. If they already exist, the IXFR message is refused, and the DHCP server must change the name to something unique. This is one mechanism to prevent overwriting your important servers addresses with bogus info.

What micros~1 is doing.

From what I can tell from some presentations I have seen, and playing with win2k beta, they have tied their DynDNS into ActiveDirectory as an attempt to shut out the *nix/OSS implementations until they get a foothold in the corporate door. I can't tell exactly what they are doing until I get a lab testbed set up and see if they interact correctly with BIND 8.2.1 or other rfc2136 compliant systems (someone mentioned cisco's registrar product, its real nice, and real expensive, and not based on any bind code). There is something going on with rfc 2052 defining directory servers on the internet, but I only read enough of it to give me a headache.

Static vs. Dynamic

M$ strategy is to put all IP addresses into AD, making the entire network a big, dynamic mess. As a network guy, I want all the important services to have static IP addresses. This means servers, DNS machines, router ports, mail servers, and anything else that should be stable.

M$ considers servers to be unstable (based on BSoDs and regular reboots), so they want the IP addresses to be dynamic. That's a bad way of thinking.

The article in ZD is actually correct on a lot of things. There are already battles going on between the ultra-reliable thinking *nix admins and the reboots-are-good ninnies who have realised they can't make M$s win2k work in a unix based world.

The only solution is for the OSS community to make a standard implementation of dhcp client, one that by default passes /etc/hostname in option 61 of the DHCPREQUEST, and get that code into every major package out there. Then the FUDders will not be able to do any more than superficial damage.

the AC

Re:Agreed

First?

Re:Microsoft's ploy...

Hopefully it will work. Not that it's Microsoft's primary aim in implementing Windows 2000. People seem to think that Microsoft doesn't have a clue about anything.

That's wrong.

Who cares W2000

Seems like W2000 will not be released until next century (year 2001). Just dont use it

Re:How useful really is DDNS or DHCP facing ipv6?

i don't care... its easier.. thats what computers are for.. ;)

Re:Cisco's Network Registrar?

you're stupid

Re:MSFT is full of soulless evil people

I sleep fine. Like any large corporations there are many different types of people. Most are good, some are not. MSFT is an extremely competitive environment. Insiders get eaten up and spit out just as regularly as ouside companies.

Now, I must tell you that I have no direct influence over these matters (by any stretch of the imagination), I do hear a lot about them. The Java issue is a contract interpretation issue. As for the DDNS, you'll have to wait and see. MSFT has some influence, but there are bigger players in the arena (think hardware). It will be OK.

The Halloween documents were nothing more and nothing less than the standard white papers developed internally at most businesses. It was a distillation of ideas, both good and bad. It was not policy.

Take care.

But what about client side caches w/ DDNS?

Doesn't a fair bit of client side software cache IP addresses once resolved from names? Why would my Netscape think to keep asking for an IP if it's got it? So all the clients get hoses every server reboot?

Re:Way to go, Microsoft!

So, are you still using VI and EDLIN for writing letters and memos? Obviously multimedia has never graced the barren pit of your mind. if you are satisfied with a command prompt, then I fell sorry for you. Imagin being stuck in the days of DOS Word Perfect. Yeah, great fun. You are the sort of sad man that yearns for the days of the Amstrad PCW and Locoscript. GUI's improve productivity and make complex programs easier to use. I bet your customers would love it if you developed a world class Word Processor or Spreadsheet that relied on typed commands. Yeah! Some things are fine by CLI, running scripts, python, perl ok. but not serious prod prog. Gah. Think before you open your trap next time.

Re:DDNS vs. Static DNS

FOR ANYONE ELSE BUT BRICE - please ignore Hey Brice - Since I figure that you're probably checking the replies to your post, and I don't know what your e-mail is now that you've graudated, let me ask you something horribly off-topic. Did you ever return that IEEE magazine (from the Comp Arch StrongARM report) to the library? You realize that they're probably going to hold my diploma and/or fine me into oblivion if you don't. bp

stay in sckool

"Alresy"? I bet your exstructors have funn grading your assisnements... lotsa red eenk...

Re:stay in sckool

What kind of a lame excuse is that?!..would you be so accomodating if a computer laic happened to commit 5 major technical blunders in 2 sentences? Learn the language. It's the minimal courtesy one can have toward others when verbally interacting.

Re:Win2K dynamic DNS client is 100% BIND 8 compati

Ouch....more "tight security" by the people that brought you the "Windows Password" - Just press Cancel if you don't know it to bypass.

Re:DHCP is lame, DDNS is lame

Stick with the old school. Yep. When you need excitement, go see Bertha, the department secretary. She'll snap your red suspenders. It will help you to forget the oily smell of your Teletype ASR-33 intermingled with the linament you rubbed in this morning before putting on your long johns.

Re:Way to go, Microsoft!

[Rational]

Good user interfaces can improve productivity. The Windows user interface is just about the most useless I've seen in my life. The SGI UI is the best I've used so far, followed by the Mac. KDE suffers from trying to look like Windows.

Re:DHCP is lame, DDNS is lame

So set your default threshold at 1 and shut the hell up, then, dood.

I didn't give you permission to read my posts.

I would hate to see slashdot shut down...

over a lawsuit.

Re:microsoft rulez

[The+Hooloovoo]

Rob - You may want to change the M$ icon. I think the troll kiddies get aroused whenever they see it.

Re:hmm..

Thanks for the info. Would you care to provide some way to verify what you said? An url, or newsgroup posting?

I do not doubt what you said, but some educated (like me) could easily write believable accounts like that, y'know.

Xah
xah@best.com
http://www.best.com/~xah/PageTwo_dir/more.html

Re:hmm..

There was whole thread on this just recently on comp.unix.programmer. Go to deja and search for 'inode creation time'. Also there's plenty of other material in books and old Bell Labs Tech Reports.

More Slashdot FUD

MS web site does not run off of Solaris. It runs off of NT.

DDNS vs. Static DNS

[Jobe_br]

DDNS is indeed implemented in the Unices - w/o a problem. The current version of Bind (8) supports DDNS and the development version of DHCP supports the DDNS updates.

The difference in the two (Dynamic/Static) is that, as everyone knows, static DNS requires you to know the IP address of the domain name you're recording. In DDNS, the client requests an IP address from a DHCP server, then, as long as the DHCP server is configured to 'know' the client, it recognizes which client is requesting the IP (based on MAC addressing) and informs the DNS server that it is giving a certain IP address to a client for a particular domain name, and the DNS server accepts the information and adjusts its lookup tables accordingly.

I've implemented this in Linux w/o a problem whatsoever - and I know of a school that has implemented it in a Solaris environment.

Its been out there for a LONG time, btw - by that I mean at least 3 yrs. It wasn't pretty, at times, 3 yrs ago - but it was there. Now, it is a very well integrated solution.

Its nice to be able to connect w/ a laptop anywhere on a 100+ subnet network and get the same domain name to resolve everytime :).

Btw - first? :-)

Brice

Re:DDNS vs. Static DNS

[Cactos]

re: first?

not even close!

to everyone: it's a nice game. Enjoy being the
first, but *please* stop making suggestions that
you might have posted the first message...

Re:DDNS vs. Static DNS

Actually, I am not sure what the fuss is about. DHCP alone can 'dynamically' assign the same address every time. As for new additions, I would much rather be aware of them before they connect anyway. Leave the DNS alone and make the client adjust...

Re:DDNS vs. Static DNS

Sure "it can be done in Linux". But it is not available as a standard feature in Linux, you have to search the web to find a script and hack it into your system. It should have been available as a standard feature by cooperation of dhcpd and named, then M$ could be criticized for coming up with a proprietary solution. Now they are just solving a problem the Unix community effectively ignored.

Re:DDNS vs. Static DNS

[otis+wildflower]

What about Firewall/NATs? if the internal server was DDNS and the NAT assignation was tied into DDNS, then it wouldn't matter what the world thought and you could run your internal updates as fast as you like with external updates set to a more bandwidth-friendly longer settign.

Re:DDNS vs. Static DNS

[weave]

I understand the concept, but there's an amount of lag time between when a DNS change is made and it progates through everyone's DNS cache.

For example: If slashdot.org was on some net that used DDNS and it was rebooted and got a different IP address on the way up, it'd take a while before other nets would flush the old info from their cache and get the new address. Correct?

Or is it set to have a VERY short cache time, causing every lookup to hit the main server instead of being cached locally.

Sounds like a good idea. I'm just curious about the implementation.

Re:DDNS vs. Static DNS

[SuperQ]

in a coperate envoiornment, this isn't an issue, since most machines are requesting DNS from a central, or slave DNS server, which are updated within seconds, and don't have to wait for the normal internet timeouts. at a previous company I worked for, we setup a DHCP server, and had to integrate it into the existing DNS update/request system.. (icky email based, but it was reliable, and fairly secure) because of the way the email system worked, (and the fact that it was HP/UX DNS) it took 10min for updates to happen. (cron job) but if we had repalced the DNS server with bind 8 we could have had the DHCP server use the Dynamic DNS update feature of bind 8. updating instantly.

Re:DDNS vs. Static DNS

[matthewg]

Debian has a package called dhcp-dns which I believe implements DDNS.

Re:DDNS vs. Static DNS

[rawlink]

"Sure "it can be done in Linux". But it is not available as a standard feature in Linux, you have to search the web to find a script and hack it into your system". Please research before you make comments like these. If you go to ISC's home page you will find that their DHCP daemon has the feature to update the standard BIND 8.x daemon with dynamic addresses. It is not an obscure script that is hard to find on the net; nor is it difficult to implement (hack it into your system). If you weren't familiar enough with BIND you shouldn't have made your "authoritative" comment in the first place.

Re:DDNS vs. Static DNS

Now they are just solving a problem the Unix community effectively ignored.


Oh but you forgot the unix mantra: Why change if it ain't broken?

Long live eunuchs.

Xah
xah@best.com
http://www.best.com/~xah/PageTwo_dir/more.html

Re:DDNS vs. Static DNS

It's not the local DNS that the timeouts would be the problem. When you make a DNS change it gets propogated to other sites one way or another (depending on your setup). This new data is then considered to be valid for so long. If the DNS data is always changing you would have to set the time to expire very short and require everyone always get fresh data from the local DNS servers. This is very ineffecient.

Re:DDNS vs. Static DNS

[RudeDude]

Yes BIND 8 works VERY nicely under Linux for me as well. I haven't used all of the new features, like having other hosts besides official secondary hosts getting updates, but even that is much nicer and MORE SECURE than previous versions of bind.
---
Don Rude - AKA - RudeDude

Re:OS/2 Warp Server had DDNS a few years ago.

If I'm not hallucinating more than usual, this sounds like DDNS is exactly the same thing as Wins, but in a more cross-plattform way.

Microsoft's ploy...

[linuxy]

It sounds to me like a case of Microsoft trying to muscle linux (and other unixes) out of their network positions, as opposed to being a real 'Microsoft technical innovation.' MS is betting that they have the muscle and influence to push linux out of the small server operating system market, killing it before it really catches on as a desktop operating system.

Since use as servers happens to be Linux's big market niche, MS probably figures that if they can get rid of it there, it can be stopped from being an even more major threat to Microsofts larger home market in the future.

Hopefully this will not work.

Re:Boys, be ambitious -

[wirefarm]

Just meant to say that MS has added a useful feature and Linux should do the same.
The situation I described with their MCSE's has to be addressed if Linux is to keep their gains in the server market...
Jim in Tokyo

nt kernel is old too

the NT kernel comes from the unix family... so it is just as old... microsoft just took the kernel developed it to there own means..and put there windowing system on top of it...in fact winnt is posix compatible I am a unix guy but nt has its place too

Re:nt kernel is old too

[frivolous]

Actually, it's much more to do with VAX. One of DEC's head developers joined MS to work on OS/2 not long before M$ dropped it...

Interesting...

[Millennium]

It's Embrace, Extend and Extinguish all over again, but with a substantially different tactic.

Last I checked, DDNS was already a set standard, albeit a very new one that most Unices don't use yet. So there's nothing inherently evil about including that in Win2000. But, M$ is breaking interoperability with Unix servers to do so, due to the poor design decision of making a lot of their stuff (although with "Active" in its name, you can tell it's going to be insecure/unstable/buggy/all-of-the-above) depend on a standard which isn't mainstream yet, even if it is probably an open one.

Very clever, I must admit. A way to twist Open-Source to their advantage. Nonetheless, I'd say this ought to go into the 2.3 development tree now, so that it'll hopefully be ready before Win2k or at least not long after.

Re:Interesting...

[Spiv]

I'd say this ought to go into the 2.3 development tree now

Except that DNS isn't done with the kernel, just as HTTP and SMTP aren't either.

Re:Interesting...

[QuMa]

actually, there is khttpd :-)

Re:Ironic. Don't you think?

Somehow, I don't think that Ziff-Davis if going to take Slashdot to court over something as simple as the title of an article. 'Sides, they'd fire a warning shot first. (Nastygram from the lawyer.) Even more so, why flip off Slashdot when it brings them so much revenue? Ziff loves Maldo, and so does Davis. (But I don't think they're having a three-way.)

Re:Unlike MS

Look, you can do it with bind. It's just beta.Everything by MS is beta. At least with bind you know what you are getting into.

Re:DHCP is lame, DDNS is lame

[earlytime]

if that's your philosophy, why don't you just change your minimum threshold to be 1. That way you won't see stoopid posts by AC's. I prefer to read the AC postings because every once and a while an AC had something useful to say.
-earl

heh...some sensitive admins here....

[trog9000]

someone mentions 'Ignorant MS-using sysadmins' and everyone assumes they were the subject...
i would read it as referring to the subset of MS-using sysadmins who are ignorant, not as labeling the entire group as ignorant...

Re:MSFT is full of soulless evil people

[Adam+Knapp]

Insiders get eaten up and spit out just as regularly as ouside companies.

Oh, please Bill! Let me work there! ;)

The Halloween documents were nothing more and nothing less than the standard white papers developed internally at most businesses.

Honestly, can you really think of another company that has enough power to even think of doing what the Halloween documents suggested. Remember, might != right. Being able to force your customers to buy something does not make a good long-term business plan. Eventually they come after you with pitchforks.

Re:Khttpd is not in the kernel. We have uhttpd.

[QuMa]

thank you.

Re:MSFT is full of really nice people

Dr. Dos: Never heard of this...

HTML: Your arguments seem reasonable...

DDNS: Doesn't matter, UNIX is the ultimate kludge, a competent administrator can make it do anything, that's its strength.

Java: Here we disagree. The "emulator" abstraction is the next stage in a progression. All modern operating systems are layered, in order to abstract software from the hardware layer. Java just finishes the abstractions started with device drivers, windowing systems, etc.

If you're such a speed demon, why don't you want everything written in assembler? We accept the speed degradation because it gives us something really cool in return.

In the case of Java we get the ability to build network software that runs on several machines during its execution cycle. And we can do this really easily, (and I mean REALLY easily) because we have abstracted the operating system.

The ability to have the code move around with the data also leads to a OO networked app, which makes code easier to maintain (that's why OO languages are so sexy now, despite the fact that they're slower than procedural languages).

Also... there is some merit to defering the compilation of software until runtime. Current compiler thinking makes it possible to optimize the compilation for the exact type of processor (Pentium II vs. Pentium III) as well dynamically optimize during execution based upon how the user is using the software.

BTW... What's with Anonymous Coward, admit it you're Bill aren't you, come on, tell us the truth!!! With all those "we"'s and talk of policy directions! :-)

Re: pretty good

[Gleep]

wow, that really beats my linux box that's been up for ~100 days since that power outage...

you can dynamic dns now!

[Kazin]

I'm not sure what the whole issue is here - ISC's BIND supports dynamic updates now. And their DHCP client supports sending the hostname as part of the packet.

In fact, if you look at this link, you'll see that I currently use a perl program to take entries out of my DHCPD lease file, and update my DNS with the new hostnames, DYNAMICALLY!

- Kazin

Microsoft doesn't like standards.

[RISCy+Business]

For those of you who don't know, DDNS is basically DHCP with hostnames built in.

Problem is.. it violates the real standards for DNS.

To do DDNS requires that all upstream servers update excessively; AXFR's are performed on average every *FIVE MINUTES* in DDNS from what I've seen.

Problem #2; Microsoft doesn't even know what an AXFR is. NT DNS follows standards for lookups, but if you need a secondary DNS server and your primary is NT, well, break out the checkbook. M$ DNS follows ZERO standards in zone transfers, not to mention file format! You *CAN'T* secondary with unix without more headaches than it's worth.

DDNS is nothing more than another Microsoft attempt to gain more control over the internet through 'evolving' standards by blatantly ignoring them.

I pity the fools who believe the hype.

-RISCy Business | Rabid System Administrator and BOFH

Re:Microsoft's ploy... bullchit.

[Starbuck]

Its all a buncha BS. it is 100% possible imho to have a unix box and an NT4SVR box competing for the same "highest" uptime. our WWW (AIX) and DNS (NT) boxes never go down. the real problem here is the stupid NOVELL using sysadmins pulling the power cable on the boxes to restart them because they dont know how to restart a service. just use WHAT WORKS FOR YOU.

Re:microsoft rulez

[gvim]

hmm, someone forgot to get a babysitter for the script kids tonight..

Dynamic vs Static

[CybSirius]

I am only guessing, but I imagine that W2K integrates DNS and DHCP in such a manner that a UNIX DNS server cannot be used (embrace and extend, anyone?). A FQDN would be assigned to a host regardless of its IP address; the DNS server would update the host's IP address dynamically whenever it changes.

There is nothing that says that you need dynamic DNS in order to associate a FQDN to a specific workstation in a DHCP environment. With DHCP, you can reserve an IP address for a specific workstation simply by giving it the workstation's ethernet address. I set up a bunch of X terminals like this at my previous job. Works great. Less filling.

As a rule of thumb, servers (i.e. hosts that need to be accessed via a specific FQDN) ought to have a static IP address anyway, and it is unwise to create dependencies like this (for example, NIS server needs DHCP server in order to boot).

In my opinion, Dynamic DNS is nifty, but if Microsoft is not keep the standard open, then it is useless.

Re:Dynamic vs Static

[leonbrooks]

> As a rule of thumb, servers (i.e. hosts that

> need to be accessed via a specific FQDN) ought

> to have a static IP address anyway, and it is

> unwise to create dependencies like this (for

> example, NIS server needs DHCP server in order

> to boot).

Yes, but... what if your servers fall over all the time, and you need to have a service available at a specific name for 24x7... like http://www.windows2000test.com/, hyuk, hyuk, hyuk...

Also, since when have M$ and "unwise" been distinct concepts? (-:

That's a really naive view...

[MenTaLguY]

> The Mailing List and Newsgroup just aren't an adequate security model.
If you don't trust a patch floating around a mailing list/newsgroup, fine. They will eventually get looked at by the (trusted) maintainers, who will personally review the patch and likely include it in the standard distribution. It's not as if joe schmoe can magically write some code, post it on a newsgroup, and *bam*, it's in the distro. It doesn't work like that. Code has to go through an EXTENSIVE public review process before it gets merged into the main tree. That's a more than adequate security model, and better than most proprietary software vendors.
If getting patches from an untrusted source in a newsgroup bothers you, then you can wait for them to get reviewed and either be rejected (and the functionality added in some other way), or make their way into the standard distribution. I don't see what's so hard about that.
You obviously haven't actually had any direct experience with the way these projects work.
Berlin-- http://www.berlin-consortium.org

Re:hmm..

plan9? :-) /m

New ?

Hasn't this been alresy possable under NT? In NT4 (3.5?) you could setup the DNS server to do reverse WINS lookup. That sound just like "DDNS". I think it's more of a new protcol for the exstraction on funds.

Re:New ?

I think there is an option to replicate the WINS lookup information to the secondaries... I'm not in front of a NT server right now, but I know that it is under some menu somewhere in there.

Re:New ?

[lvman]

WINS is limited to M$ machines. Non-M$ machines will not appear. So reverse WINS != DDNS.

Re:New ?

[olmy]

Not quite ... the WINS lookup feature on NT DNS
will, as you pointed out, return WINS client values in response to dns queries to that NT
DNS server. However, it does not actually add
the WINS entry to the domain zone like DDNS does.

This doesn't really become too much of an issue
until you start setting up other DNS servers like
BIND to become secondaries to that NT DNS server.
Because the WINS entries aren't actually in the
zone, the secondary BIND servers CANNOT retrieve
the WINS values or lookups. Further, they cannot
retrieve the info from the WINS server directly
since the WINS resource type is not RFC compliant
and only works on NT DNS.

So, in this scenario, the non-NT DNS servers
are incapable of returning dns lookup queries
for any WINS client.

MS implemented DDNS in win2k to actually inject
netBIOS names into the dns zone like DDNS does
in ISC DHCP 3.0 and the nsupdate tool in BIND 8.x.

Re:MSFT is full of soulless evil people

Java sucks ass without Microsoft extensions (JDirect).

You can't do much useful stuff without it.

Did you (as in *) really do your research?

hmmm...

Linux and *BSD do already have this functionality. I really am surprised by all the clueless postings about all the UNIXes and clones not having this capability or that. Good grief people. Turn your brain on and do five minutes of research before running your mouth off.

blu3

Like Netscape did too?

Oh you mean the way Netscape extended HTML? And Lynx repressed it? (tee hee)

No, not good enough.

M$ - MS is a commercial entity. Therefore they act in the interests of making moola. Are unix people all anti-capitalists?

Microsloth, etc. - Umm, the software may be somewhat bloated, but there sure are a lot of features. I do agree somewhat here though.

Micros~1 - Hello... I've used win95/98/nt and I've *never* had to type in an 8.3 file name. If I create a directory called 'Microsoft', I see 'Microsoft', not 'Micros~1'. I think linux geeks are just bitter about MS's dominance.

Macrostupid - Surely the people who were fooled into running these macros are to blame. Macros are a 'feature' of MS programs, not a bug that made it past QA.

WinXX - You haven't justified the 'crappiness' of Win yet. I think it works fine. I get 15+ days uptime all the time on my machine. And don't tell me that's not enough. It's fine for non-mission-critical servers and the like.

As for Win1900 that I saw earlier today, I'm not sure what this is referring to. Is the person saying that Windows 2000 is non year 2000 compliant? Pffsh.

Slashdot should be called News for Nerds. Advocacy for Linux Doofuses.

Regards,
--

Re:MSFT is full it.

DR-DOS was only a good and stable product from version 6. I'm not going to try and defend any of the actions surrounding this issue as I wasn't here for that.

Anyone who followed the Caldera - Microsoft legal fight knows what MS did. DR-DOS was too good, so Microsoft put some "spin" directly in Windows to get developers away from DR-DOS.

HTML I assume here you're talking about 'extension' tags to the HTML specification? Both Netscape and Microsoft were busy building extensions to add new features. The W3 was not really moving fast enough and our customers needed things like tables on their page.

Actually, the W3C had a table spec (draft, anyway) before MSIE supported tables. What is truly, truly sorry about your answer here is that the web is the one area where MS supports more standards than other organizations (at least, until Mozilla.org produces real product). You could have mentioned CSS support, IETF Table support, ECMA script support, but noooooo, you had drag out the hoary "Standards committee not fast enough, we innovated to satisfy customer's needs" excuse/lie.

DDNS We have been working on this type of feature for a while and even have it available on NT4.

Um, yeah, except you called it NETBIOS. Oh, excuse me, WINS. There are internet standards, and then there are Microsoft-isms.

Java This is partly a philosophical issue. Is Java a language or a platform? We see the benefit of Java as a language and at one point we were toying with the idea of using it to take on many of the enterprise tasks along with VB. We did add some extensions to allow it to have better access to the system.

No, this is a developer-relations issue. Developers liked Java, and JNI resolved a lot of access-to-the-system issues. But JNI would mean a java application could run everywhere, which isn't good for MS's monopoly. So MS threw some stuff in that would only run on Windows. Again, you use the old "we innovated to satisfy customer's needs " excuse, but it's not valid here.

Your statements about emulation are somewhat true (although this java situation is not as bad as as with SoftWindows), but hey, Windows 95 ran dead slow on the average computer available when it was released (486-66 with 8 megs ram.) Hardware eventually made up for it. As that IBM-guy said (can't remember his name) about speed: "The hardware boys and girls give, and the software boys and girls take away."

Re:Static vs. Dynamic IP. The scoop!

"The only solution is for the OSS community to make a standard implementation of dhcp client, one that by default passes /etc/hostname in option 61 of the DHCPREQUEST, and get that code into every major package out there. Then the FUDders will not be able to do any more than superficial damage."

Isn't that what adding '-h $HOSTNAME' to the 'pump' call in the initscripts does?

MS DDNS vs Unix DNS

[Gallenod]

I've been lurking for a bit and watching the discussion. Perhaps some of you could tell me what the MS DDNS means for the following implementation:

We're currently installing an Oracle workflow system that relies on LDAP to grab user information from our e-mail server to populate the workflow system directory. The Oracle system is hosted on a Unix box, but most of the user information comes from our e-mail servers, which are all MS Exchange. We also use NetWare.

If the directory services in Win2k are all one-way into the MS directory and we migrate to Win2k, will it prevent our Oracle WF system from pulling user data from the DDNS to populate its own LDAP directory?

Thanks in advance. And if I've phrased the question incorrectly (or cluelessly), please give me a clue.

(Pulling on reflective armor and awaiting response to my first-ever Slashdot post!)

Re:hmm..

>Well if you know more about the history of Unix, then you would know why file creation time is not stored...but obviously you don't know as much as you think you do.
--
Dear Anon Coward:

I don't know the answer to this particular case, but I knew enough eunuchs history that I'll bet your pecker that there's not much reason other than "shit happens". (and i'll bet'ya ass that rob & hemo moron pair don't know either.)

If there is really some well-hung reading this post, I'd be delighted to take a beating.

Xah
xah@best.com
http://www.best.com/~xah/PageTwo_dir/more.html
"Perl -- all unix's stupidities in one."

Re:hmm..

>Please, enlighten me as to what I should use instead?
--
as modern os goes, use a Mac OS. Use BeOS. Or, use GNU. Last but not least, use your brain.

Xah
xah@best.com
http://www.best.com/~xah/PageTwo_dir/more.html
"Perl--All unix's stupidities in one."

f

If I remember correctly, this has been a slowly emerging standard. Microsoft, not satisfied to wait for the IETF to work, created their own "standard." Last I heard MS was rather lukewarm in supporting the actual standard over their own. Looks like they are pushing their own now.

Re:NT already does this - no it doesn't.

No, no, no! WINS only resolves NetBIOS names to IP addresses. It does NOT resolve IP hostnames as DDNS does. Don't confuse NetBIOS names with hostnames!

DDNS is an option

[The1Genius]

As far as DDNS' usability goes. Keep in mind that DDNS is an option in Win2k - not a requirement. On my win2k advanced server running Release Candidate 1 of the beta code, you can still choose to run the regular DNS service. The advanatages of DDNS will likely make administrators want to move to it.

Re:DDNS is an option

[rjreb]

Also the fact that Active Directory insists upon it...

"...a site also will likely have to use DDNS because it is extremely difficult to integrate the operating system and its Active Directory into a network using static DNS."

Cisco's Network Registrar?

[draggy]

Seems like Microsoft is (yet again) taking other people's ideas and making it their own.

Cisco has had a DNS/DHCP server implementation for a long time
The new "Network Registrar" comes in Solaris and NT (4) flavours.

It has a policy based DHCP server and dynamic DNS functionality.

It basically allows the administrator to map a hostname to a MAC address, independent of the IP Address (hence the need for dynamicaly updating the hostname's IP). I can see only a few instances where this might be required. For 95% of the cases, why not just put a static IP in the DHCP server for a particular host. Saves lots of problems.

I guess Microsoft not only invented the internet, they pioneered DDNS with Windows 2000 as well! (*cough*)
--
Let's not all suck at the same time please

Re:Cisco's Network Registrar?

Did they claim to have invented it? Care to post a link or are you just talking out of your ass? MS is saying they are "implementing" this feature, you do know the difference between "implementing" and "inventing" don't you?

And Al Gore claimed to have invented the Internet, not MS you troll.

Re:Cisco's Network Registrar?

i think that was meant sarcastically you flaming idiot.

Still makes no sense

[Anomie-ous+Cow-ard]

The concept behind SDNS is that a device should always have the same IP but the name can change.

Why would you do this? Just randomly change the name associated with everyone's static IPs to confuse them? Part of the point of static IP addresses is that you can then use static DNS (specifically, a name-to-ip database without capability for easy rebinding) and still keep the same name corresponding to your device.

Basically, you just said the exact same thing with slightly different terminology, without making any more sense than you did the first time.

Unless you're using some odd definition of DNS, the IP address and name are always bound together. The new idea in dynamic DNS is that this binding can be easily and quickly changed, the purpose being that the changes in IP->name binding will match those in device->IP binding, giving an apparent binding of device->name even though it's really just carefully managed co-incidence.

-----

Re:Still makes no sense

It's all very easy guys, DNS of any kind is there to resolve names to addresses, regardless of being static or dynamic. This whole argument is pointless anyway as the Windows 2000 DDNS can boot from the same BIND DNS files. Turn on dynamic updates and install Active Directory and the job is done. These Unix admins that fear for their jobs from Windows 2000 running DNS instead of Unix should stop crying and cross-train, make themselves more valuable to their employer.

Re:Still makes no sense

WHY? When you have something that is reliable, WHY CHANGE ANYTHING? The simple fact is (at least where I work) that nothing works the same once converted to NT. Blue screens, constant monitoring, walking a half mile and up 11 floors to reboot, etc. NO THANK YOU. We run our primary DNS servers on old SCO UNIX boxes, and a backup on Linux (which is the most reliable of our servers). But our NT machines, all tuned and running SP5, can't stay up for more than a week or two. So why would we risk one of the most critical network services to NT? I don't want to be bothered with Microsoft's constant 'beta test' OSs! Next thing you know, they'll try to replace routers with W2000 boxes citing their 'cost advantage - you don't need to buy a $25,000 Cisco box!). If this is the future, I think I'll be a truck driver.... Really, not to be in the flaming mood, but I'm getting a little sick with all the MCSEs out there bashing anything that isn't Microsoft (Translation: anything they can't understand). Many of us out here have HAD experience with MS products AS WELL AS the alternatives. I can say, with many years of experience, that Microsoft products tend to be some of the buggiest, bloated programs that are not the result of innovation, but rather poor copies of tried and true concepts. I gave NT a chance, loaded some stuff, was impressed with a few things, but soon I got annoyed with the constant problems I just didn't encounter with UNIX and other OSs. And that was NT4.0 back in 1997, and not too much has changed. These 'EverythingThatsMicrosoft' people should actually try to learn a little Linux or UNIX concepts and then comment! Hey, they might learn something in the process. I often wonder why people would campaign so strongly around their inferior software - just to keep themselves in business. Hey, that's their business. Personally, I like to be able to get some sleep at night (without a call that the server is down).

DDNS

What kind of flaming company would have a domain hosted on a dynamic IP anyway? What the hell, are these people getto or what here...

DDNS, what msn said

[Darkstorm]

Well, when dealing with msn for a peron at work, I got the (dis) pleasure of talking to the tech support of msn. Thier reason for dynamic dns was due to not wanting hackers to get ms ip's to hack on. Sounds more like fear of weak security to me. If M$ had better security like linux/unix then this wouldn't be a problem. But since they can't seem to do it they are playing musical ip's to try and replace their lack of security.

Of corse this is just my opinion based off of what I was told. Hmmm....wonder why ms uses solaris for thier web site?

Re:DDNS, what msn said

[warmi]

Branded UNIX possibly, but Linux has much more security issues than NT. Simply pout, Linux is _less_ secure than NT.

Re:DDNS, what msn said

[Ticker]

If Microsoft uses Solaris on their main web site (http://www.microsoft.com), then how come I constantly get ASP/VBScript errors on the site?

Perhaps you are referring to Hotmail, which runs on Solaris servers and is supposed to take 4 years to migrate to NT?

RFCs MS will (hopefully) use

[Skidmarq]

If anyone is interested in actually reading them, the RFCs MS is SUPPOSED to be following with this are 2136 and 2052.

Also, no one I know who is testing this out (in the IT consulting firm who will be doing a great deal of this whem it spills out upon the world) is fooling themselves about what a GIANT political battle this could turn into. To avoid this, you will probably see Active Directory Domains handling their own DDNS, and forwarding to existing UNIX infrastructure for all other name resolution if those doing the implementation aren't up to the fight.

...how other systems in the network will resolve to systems in the DDNS zones is supposed to be worked out, (with the use of some crazy zone magic) but I've not seen it work yet.

Re:DHCP is lame, DDNS is lame

You are lame.

Re:Here I sit, typeing (sic) on my USB keyboard

[wirefarm]

My 2.5 lb Sony Vaio does firewire quite nicely - as we speak, it is pulling video off my Digital Video camera.
Snooty people annoy me.

Re:Oh Dear Lord (Oh, come on)

[Pinehill.net]

really now,
If I were a less secure person I would probably take offense to being called a 'Ignorant MS-using sysadmin'. As it is, I happen to be an MCSE who sysadmins roughly 300 NT servers in a network with over 20,000 nodes and almost 40,000 users. I use Linux for lots of network-odd-jobs, and NT and Unix /can/ integrate, with some work. Im sure once I start playing with Win2k, it'll integrate too. If anything, using DNS lookups for name resolution, intead of WINS should make cross-platform stuff a little easier.

Please Read the Article before Replying!

[JabberWokky]

Most people commenting on this are not reading the article... yes, BIND supports DDNS, but that is not the issue (to quote):

To use Windows 2000, a site also will likely have to use DDNS because it is extremely difficult to integrate the operating system and its Active Directory into a network using static DNS.

"I haven't seen anyone try to deploy Windows 2000 without DDNS because that would probably mean trying to deploy Windows 2000 without Active Directory," said John Kretz, a systems integrator at Enlightened Point Consulting Group, in Phoenix.

The problem is that *to use Active Directory*, you appear to have to use NT for DNS. Since Active Directory is a key selling point, and most admins think it is a Good Thing, they want to use it.

In theory, I agree - Novell's networking metaphor worked well for all size shops, large and small, and spread out to WANs respectably well. Now MS seems to be attempting to build some of those features into it's NOS. It's an improvment over their old, horrid system, where you had a nightmare with real world access and information issues.

(obHelp: if you're a person with *nix experience admining NT, get the O'Reilly book that covers the command line versions of their admin utilities, and combine with Perl. With early 4.0, it adds a great deal of flexibility to their point-and-cry interfaces.)

jackass... Re:hmm..

step up for your beating, you fucking troll

Win2k, Active Directory, and DDNS

[wildstar]

Here's a few pieces of information for you, that I got at a briefing by Microsoft's marketdroids a few months ago. Take the following with a grain of salt, since any technical data was filtered through a non-technical marketing person, and then my memory (which isn't the most reliable storage):

According to the briefing, ActiveDirectory uses DNS "like a database" to resolve the names of any Active Directory objects. Dynamic DNS is required, since any changes to the ActiveDirectory name space require updates to the DNS data. We were told that ActiveDirectory wouldn't work without it, and the implication was that Active Directory stored more than just machine names and IP addresses in there.

I asked why use DNS for this, when LDAP (for example) already exists specifically for managing directory information. I got an oblique answer that Active Directory can import information from an LDAP server, but can't update one. Probably the marketdroid didn't understand my question, or know the answer.

I also asked if a RFC-compliant non-Windows Dynamic DNS implementation would work with Win2k and Active Directory, and was told that it would, but that Microsoft very strongly recommended using only their DDNS (anything else is unsupported).

My overall impression is that they're following the RFC's for DDNS, but filling the DNS database up with a lot of records that don't have anything to do with machine-name to IP-address mapping.

How useful really is DDNS or DHCP facing ipv6?

[Cyclops]

Well, in face of the emerging IPv6, I can't stop wondering what the hell can DDNS or even DHCP useful for in the coming times.

Let's see, a common saying is that with IPv6 every one could have a network the size of the current internet withouth exausting the address range, so one can say that it is possible for even ppp conections (usually associated with a user/client) to have a fixed ip address, or even every student in an university.

From a superficial point of view, DDNS and DHCP seem like DOA to me, with the exception of free connections without a fixed login, but even that can be arranged by usage of the CID.

Does anyone agree with me?

Re:How useful really is DDNS or DHCP facing ipv6?

[debrain]

You can have an IP address for every street lamp in the world and there would still be ample IP's left under IPv6.

B.

Re:How useful really is DDNS or DHCP facing ipv6?

[Zigurd]

Yes, but, would you want to? Any need to? It sounds less robust to spread state all over creation. If you don't have to remember an IP address, you don't have to worry when a virus comes along and roaches your hard disk, and the static IP you long-ago forgot where it was written down.

Re:How useful really is DDNS or DHCP facing ipv6?

[PG13]

I believe both of these technologies may still be usefull. The problem with just giving each computer a unique IP is that this will play havoc with subnetting and routing.

Imagine you take your laptop to another university (or even across campus) and want to plug it in the library. As you are now on a differnt subnet you can't keep your same IP and hence you need DHCP and DDNS. To do otherwise would cause significat router probalems as the packets meant for machine X were sent halfway around the world in the wrong direction b/c that is where the machine was last.

Re:How useful really is DDNS or DHCP facing ipv6?

[Webmonger]

Well, for one thing, we wouldn't need central servers to do ICQ. Just ping the IP.

And how likely is it that your sysadmin doesn't know your IP? If you're coping with a fried HD, getting your IP back will be the least of your worries.

Re:How useful really is DDNS or DHCP facing ipv6?

None the less regardless of what protocol.. When i am setting up computers for many companies. i like running dhcp as opposed to static.. just becuase its a little simpler administration.. Not having to walk around and conifigure every computers network configurations.. then there's the nightmare of when new computers come in trying to remember which ip's are free and where if i use static. "Especially when ipv6 comes out i am not going to want to configure my toasters ethernet connection.. i'll just want to plug it in like all my other appliances and let my DHCP server do the rest.. ;)" and besides theres perl for configuring. BIND DNS with dynamic information from your dhcpcd...

Re:How useful really is DDNS or DHCP facing ipv6?

There are still a few benefits to DHCP. For one thing, I can plug N computers into the hub in my dorm room without first going through paperwork to get IP addresses every year. Another thing is with portable computers. If they're moved from one network to another, it's a good idea to get a different IP address, for efficient routing purposes. In this case, DDNS will allow the user to still maintain some form of consistency through the DNS id.

Mushing services

[CrackerX]

Some of the early articles I read suggested that MS DDNS was nothing more than Bill squishing WINS into their DNS services.

Wouldn't it be interesting....

...if the acceptance of their new product was noticably delayed due to this ploy? I can see the headlines now: Microsoft Win2000 shows slow acceptance with administrators due to lack of compatible implementation of new feature.... :-)

Re:Oh Dear (censored by Atheist Commision)

Give it a rest mate.

Anyone that makes the broad assumption that a Sys Admin that runs MS products is ignorant, is nothing more than tunnel-vision and narrow mindedness. You, my friend, are the sort of person that limits the expansion of technology by being so childish.

Boys, be ambitious -

[wirefarm]

"...This has been available in the fubar distro since 1978..." "I hacked together something that will do this for some time using a perl script and DR-Dos..." "...M$ is evil, Why doesn't the DoJ just shut them down?"
Quit whining. There is too much work to be done. Add the features while maintaining backward compatability and this will cease to be an issue.

Something like DDNS sounds like a good thing. I don't care who implements it. Now when I say 'Implement' - I mean that if you take the setup disks for your favorite OS, install the OS using the defaults, it's set up for you. MS has simply chosen to do this. If Redhat has a brain, they will do the same. It should work without a second thought.
When I dial my ISP, which is how most people encounter dynamic IP's, I have set my Win98 DNS settings to have my machine be sparky.gol.com.
As I see it, I have dialed in and told them my username, so they know that I am sitting on a particular IP address. That address should have my hostname appended to it for the duration of my session.
It is the fault of the software that my friends in the US can't find me by contacting sparky.gol.com. (I use ICQ so people can find my machine. It is the fault of the software that people can't do a simple "finger" command, unless I happen to be logged into a shell somewhere.
I am not a SysAdmin. I am a windows programmer. Like many people, I ran a linux system for fun when I had the space for a second machine.
People are looking at RedHat, because it is the most mainstream of the Linuces in the public's awareness. Now that RedHat is more of a commercial venture, they will need to address things like this, right out of the box. They are making strides because they are a usable server for windows clients. They will lose this market to Win2K if they are not as full-featured in this respect. Sorry, that's how it is. I would love to see linux on my computer at work. I wish I could just use StarOffice and forget about MSOffice. But it's not going to happen this year. I have work to do...
MS has made an unspoken promise to thousands of people around the country - Become a MSCE and you will have a pretty good job. They don't care if you were selling stereos last week. They don't care if you went to college and spent four years playing RPG's on a vax. They 'tell' you that if you get certified, you will be able to afford a couple of kids and a decent car. Every couple of months, you will get a couple of CD's in the mail and you install a service pack. You'll get beta's of new software. Take a day or two and play around with the new software instead of working. As I see it, they are keeping their promise. Are these people going to give that up because the software doesn't comply with some RFC sitting in an obscure URL in Switzerland somewhere? Do these guys know what an RFC is? No. Now picture this: Joe MSCE in Maryland gets a call from his boss who is on travel in Atlanta. The boss can't print from his hotel. Joe tells the boss to connect to the internet and open NetMeeting. Joe uses NetMeeting to call the boss at bigboss.company.com and they share the document. Joe shows the boss how to print. Joe looks like a genius. Joe does not lose is job for "not keeping the printers running," at least in the boss's mind... Get the picture? Now realize that perhaps neither of them know that DDNS made this do-able. (*You* try to get your non-techie boss to run WinIPCFG and tell you his IP. Ten minute phone call at least...) This is how it works in the real world. These guys don't have the luxury of being able to appreciate elegant code. MS has made it easy for people to get into the game late and do well. I applaud them for that. Linux now has an opportunity to come into those same offices and show its stuff, probably by way of a couple of borrowed RedHat CD's and a spare Wintel machine. What will it do? Again, I say to you, borroring Dr. Clark's phrase: Boys, Be ambitious. (http://www.hokudai.ac.jp/bureau/socho/message-e.h tm )
Jim O'Connell
Tokyo

I hate to rain on the parade...

[Cowards+Anonymous]

...but a form of this is an existing, shipping feature: An NT DNS server can refer to WINS for hostname resolution.

Adding the functionality to the NT DHCP server is a rather minimal, but helpful step: it just means that DHCP clients that aren't WINS clients can participate.

The real question is, who in their right mind would use NT as a DNS server in a production environment?

Re:I hate to rain on the parade...

[That+Bajan+Guy]

Well, from what I've seen, NT isn't too bad as a DNS. The one on campus has an uptime rivaling the Linux boxen, and definitely beats the Netware boxen. Add VNC, and its remotely administerable, even over a modem.

OS/2 Warp Server had DDNS a few years ago.

OS/2 Warp Server had DDNS a few years ago.

In a white paper I had about OS/2 Warp Server, it implemented DDNS and (according to it) was the first to have a dynamic DNS system.

As I understand it, the process basically:

1. Request IP address from DHCP server.
2. Register Interface in system.
3. Using a DDNS client, request the DDNS server to add an entry into the DNS using the hostname provided by the client.

Personally, I guess if you want to have extensive use of peer to peer (anarchy) networking spanning through multiple subnets, or if you always wanted the user-id information represented in the hostname (slut system), then it would be a good idea. I still think that if there are no server services running on the PC, it has no use of having a real host name.

Re:OS/2 Warp Server had DDNS a few years ago.

[Bigbutt]

Unfortunately, there are places that deny access if you're not registered in DNS. This was the main reason I pushed to get the office I controlled at the time, in the DNS.

[John]

No more credits - Insert coins

[alsta]

People may say that this is bullshit all the way, or they may just love anything that comes in a shrinkwrap saying Microsoft on it. Personally I don't think that anybody who has their sound mind intact will implement this until it is standardized and proved working on all platforms. I can't really see where this would be beneficiary at all. So Unix admins, be calm. And remember that Microsoft is scared. It must do these things. It will backfire upon them eventually though. Right now, I don't believe that anybody will implement anything until it is proven.

Re:No more credits - Insert coins

[witz]

I wish you people would learn wtf you're talking about before you spew. DDNS has been around for quite a while and is even implemented in Bind 8.x.

-witz

Re:No more credits - Insert coins

[Trygve]

I see no reason to believe this. SysAdmins may wish that nobody will implement it until it's standardized, but that's never happened in the past. MS is always throwing about its weight to try to muscle out competitors, and they almost always get what they want.

MS can change standards so easily because there is such a large percentage of computer using population (yes, even SysAdmins) who are dependent, in one way or another, on MS OSes. DDNS will be implemented as soon as people start to upgrade to the newest MS OS, regardless of Unix compatibility.

By MAC or Machine Name?

[Mojojojo]

The article said it resolved by machine name too. Is this an smb thing? if so then it's a real embrace/extend/shutouteveryonebutmicrocrap. Those stupid Machine names ala SMB are not the way to resolve this, but Microsoft has been known to do stupider stuff. They're trying to make everyone that doesn't know what they're doing switch to windows so they don't have to RTFM.

Re:By MAC or Machine Name?

[witz]

What you're talking about is NetBIOS name resolution versus TCP/IP hostname resolution. This was done with WINS or LMHOSTS in NT4. That's gone in Win2k. It's all straight DNS or DDNS. I'd think /.'ers would be happy about MS dropping the entire WINS architecture.

-witz

Re:NT already does this - no it doesn't.

[Ticker]

I'm not dumb here. Having put together Windows NT networks, I know that WINS resolves NetBIOS names to IP addresses. If you bothered to read the rest of the post, and the reply thereafter, you'd see that the MS DNS server can query the WINS server, so that DNS and WINS names of a machine are identical.

Abit BH6, Award BIOS, USB Keyboard, Hello Moron.

Keyboard support translation in BIOS. Can you say 'Don't matter WHAT fucking OS you run, it'll work' ? :) Guess not. BTW, NT+USB = nope, except for as above. Firewire? Please, don't use the crapple term. Its 1394. Have you tried connecting any devices to a windows pc (besides sony, which btw only works with *their* camcorders right now :) ? No, you haven't for sure. You wouldn't have even _mentioned_ the word if you had.

carnegie mellon u

[male]

maybe i'm completely off, but cmu uses dhcp, yet i have to give them my mac address first. that way when i ask for an ip cmu knows which ip to give me.

this has been in place since i have been connecting to cmu with an ethernet card. (4 years?)

is this what they are talking about?

Re:carnegie mellon u

[cdwiegand]

No, with this, there's a pool of IPs that the server can hand out - first come, first serve. Your setup is that for each machine, there is one IP, they're just too lazy to set it up entirely. With real DHCP, you can have 60 IPs and 30 machines, however, only 30 machines can be *on* at once... This just intergrates DNS into the equation, which kinda sounds nice... (we're primarily NT at my work w/ a little UNIX).

Re:Way to go, Microsoft!

[warmi]

It is your opinion and you are in minority. I like Windows interface, never used SGI but for example I found Mac to be very unfriendly.
When I moved from Amiga to Win 3.11 it was sort of let down but Windows 95 has very good interface (save for couple problems like unresizable file dialogs.)
Every Unix I used has shity GUI ( KDE is nice but due to X slowness is half the speed of Windows 95 GUI)

Re:Way to go, Microsoft!

[warmi]

That's bullshit. I just did install of NT server 4 and aplied SP5 and works perfectly. You are spreading FUD my friend...

How long to find security hole in DDNS

[robs]

We all know Microsoft's strategy. Take a standard, extend the functionality of it so that it becomes incompatible with other systems, then claim "Buy Windows, we've got better technology"...

I don't remember the last time they extended a standard technology and not have some bug of any kind (security, functionality, etc.)

Get with it, Microsoft. You'll never win by going this route. Save yourself the embarrassment of having a security hole large enough to fit a fleet of transport trucks in your extended and innovative technology.

Hey, MetaIP already doing it seamlessly...

[Igotnolife]

MetaIP UAM is doing the dynamic name to IP for a year or so, and this product is available for Solaris. LINUX and winnt.... No need to wait for DDNS from M$...

Re:DHCP is lame, DDNS is lame

[QuantumG]

and you truely are an "Anonymous Coward".. create an account you lazy freak.

MS is doing the right thing

Essentially what is happening here (if I understand this right) is that Microsoft is taking a feature (auto registration of an IP to hostname binding) that used to require a WINS server to work and changing it so it can now work with only a DNS server. And they're doing so via an IETF approved open standard protocol.

So why the big uproar? Has the anti-MS crowd read so much of their own FUD that they believe everything MS does is evil? Sheesh. Sounds like someone at PCWeek is trying to stir up a controversy (sells magazines you know), and you folks fell for it.

What a shame

[Bhagera]

Its a shame thats all you could comprehend

Way to go, Microsoft!

This is in fact the way to beat Linux and the Open Source charlatans. Concentrate on what you do best, namely setting new standards and quickly innovating new products and services. Open source development is incredibly slow, it usually takes months or years to come up with an acceptable implementation of a new standard. Case in point: USB and Firewire drivers for Linux haven't even reached beta quality yet.

Re:Way to go, Microsoft!

You are one blind M$ lover!!!

Re:Way to go, Microsoft!

I like you. You're stilly.

Re:Way to go, Microsoft!

Renaming something that already exists doesn't make it new.

Re:Way to go, Microsoft!

No more pathological than hating any other tyrannical organization whose main strategy for success is based on coercion.

That's the thing MS lovers (lovers of Microsoft, not necessarily lovers of MS products) don't get about the loyalty the Linux community has for their platform. There's no coercion in using Linux. "World Domination" jokes aside, no one is attempting to force anyone to use a Linux solution.

Can MS loyalists honestly say the same thing about their lords?

R. Warren
aleris@iag.net

Re:Way to go, Microsoft!

The examples you give don't really make sence. Those are hardware drivers not standards. I still can't use USB devices on my NT box either. This DDNS stuff isn't really a Linux thing or a Unix thing at all either. It's a bind thing or what ever DNS server you chose to use. If Microsoft is useing there own version of DDNS it wont catch on.

Re:Way to go, Microsoft!

You are one blind M$ lover!!!

So what if he loves Microsoft's products? Is there a Commandment saying that thou shalt have no other gods before Linus? Hating Microsoft is pathological.

Re:Way to go, Microsoft!

Here Here... Some questions asked in this part of the thread: a) "show me a Windows box that supports FireWire) OK... How about any Windows 98 or Windows 2000 system? Got a Sony VAIO laptop? Obviously not. b) My NT box still doesn't support USB... well, NT 4 is getting pretty old, isn't it? It is not subject to tens of new kernel updates which severly effect the stability of the system. Windows 2000 supports USB immensley well... c) Here I am sitting typing on my USB keyboard on a G3... like most modern systems, G3 supports the USB keyboard throught the BIOS. All USB PC's later than about 1997 have support for USB keyboards throught the bios... I have an NT 4 box with USB a natural USB keyboard. Final point: if you want support for the most up to date multimedia and storage technologies then get a MS operating system. If you want to act like a script kiddie or pseudo hacker, then use a UNIX deiverative. Windows is certainly the best operating system for desktop and workstation use (albeit with the OCASIONAL crash, I am using Windows 2000 on a laptop and it hasn't crashed or needed to be rebooted since installation nearly 3 months ago. All software works, no probs) and maybe the best server OS, although in this area there are a number of good alternatives, Linux one of them - of all the *NIX deivatives, FreeBSD is the best IMHO.

Re:Way to go, Microsoft!

[Axe]

not subject to tens of new kernel updates which severly effect the stability of the system

Absolute bullshit. Every Service Pack, every HotFix we had to apply, was breaking something.

I just did a plain istallation of NT. I consequently applied SP4, IE 4, VStudio 6.0,
SP2 for VStudio 6.0, then SP5, then IE5.0,
then Office 2000, then SP5 again. If I do it in
any other order - it dies and BS on reboot.
This system is a piece of crap.

You are full of shit, do not know what you are
talking about, and probably only use computer to write PP presentations. Clueless idiot. Go back
to your hole.

/. - ignore Scott Berinato/PCWeek: FUD again!

[scarlatti]

This is the guy who complained in his last "article" that Linus doesn't answer his phonecalls anymore. (surprise!)

I guess Scott has no idea about DDNS whatsoever,
PLEASE Slashdot, stop posting his FUD

Blame the right people

A lot of the M$ bashing is because of two points. The article claims Linux has no support for dynamic DNS (as do you). This is incorrect, see above. M$ has a history of taking something that works and changing it enough that their client/server only works with their server/client. Especially since they're claiming this is something new and something that won't work with Linux, there's reason to believe they will do so again.

Some PCWeek reporter wrote the article, not MS. MS didn't claim Unix/Linux couldn't do DDNS, PCWeek did (or at least implied it). Other assertions made in this article look fishy as well. If anyone deserves bashing here, it is PCWeek and/or this particular reporter, not MS.

Re:Oh Dear Lord [off topic]

(anyone know how to get fetchmail working over ppp with Debian slink?)

Yes. RTFM.

Then dictate a fetchmailrc into your box using voice-recognition software, because the file format is practically plain English. Don't forget to chmod 600 it.

PPP shouldn't have anything to do with it.

If you're trying to do multi-drop, then I apologize. That can be a bit more complicated. Single-drop fetchmail, however, should not be.

It means the reporter was a moron

Basically, the reporter is just trying to stir up trouble.

Re:UNFAIR MODERATION!

You have to consider the source. :)

maybe it's not so bad...?

Being the eternal optimist I have to say something nice again. Maybe this thing is actually a GOOD thing provided: a) Microsoft sticks to the RFC's (i haven't heard anything that says they don't - except maybe their track record) b) Linux/*BSD/... gets this functionality too - i'm sure they're already working on it. As to whether thit is useful: I definately think so. It would be nice to have a fixed DN even though we're ip-hopping. Most of the people without a T1 line (including cable/adsl/isdn) get their ip by DHCP (if i'm not mistaken DHCP was also an extension by MS of BootP, no? not sure - but everyone uses it) It irks me a bit sometimes that ppl never give MS the benefit of the doubt. It's true that they may have a crappy policy and/or OS, but it's not by bashing MS that linux becomes a better OS. (cfr linux-advocacy howto) I'm just a user that wants to get some work done. obs

New and improved IP spoofing?

[theonetruekeebler]

What's to keep me from telling a DDNS that www.secure.nationsbank.com now belongs to--coincidentally enough--www.stealamericanmoney.ru? I have a feeling that using MAC addresses for the initial issue will protect against this, but it seems like somewhere along the propagation chain I could forge a change-of-address message without too much difficulty.

I suppose I should just read the RFCs and see what they say...

--

Re:New and improved IP spoofing?

Not to mention the fact that I can think of at least 1 popular (Netgear) card that allows you to easily change the MAC address. (The NT driver has it as one of the first dialog boxes with a very poorly stated question so that unknowing users are always screwing with it. typically put in IP address. aarrgghh) Never use MAC address as anything but a poor 1st step towards validation.

Re:New and improved IP spoofing?

[evenflow]

MAC address spoofing is easily done in software
for all cards. A little greping in the kernel
sources will find you the place where the kernel
inserts the MAC address into the ethernet-frame.

Re:New and improved IP spoofing?

[Jobe_br]

With the DHCP updating the DNS entries, it is no easier to spoof than w/ static DNS - the DHCP server that updates the DNS entry must be "allowed" by Bind to do this, and the Bind server must be authoratative for the domain you're wanting to update.

Thankfully, the folks at ISC know what they're doing.

Brice

Re:New and improved IP spoofing?

[MbM]

ifconfig eth0 down
ifconfig eth0 hw ether 01234567890A
ifconfig eth0 up

mac addresses are asy to change in linux since the network drivers only read them off the card durring the initalization of the card, after that it's just a value in memory chat can be changed through ioctls.
- MbM

NT already does this

[Ticker]

Okay, I'm both a Unix/Linux sysadmin and a Windows NT sysadmin, and I can tell you this. Win NT 4.0 already does this in an ad-hoc sort of way. The Win NT DHCP server can "bind" to the MS WINS server so that when leases renew/expire, the WINS server will be properly updated to reflect changes. And, you can also "bind" the MS DNS server to the WINS server. So, in essence, you have a workaround way of getting dynamic DNS.

So, this is nothing new really. In fact, most corporations that I know of (including the one I work at), already use Win NT-based DNS servers on the LAN so that it can be "linked" into DHCP. This is essentially a requirement already, unless you want non-NETBIOS (normal old socket-based) TCP/IP to not work at all for your clients.

Essentially, MS is already forcing you into using their DNS server on your LAN if you're using DHCP. The other option, is to use static IP addresses, have no WINS server, and use DNS for NETBIOS lookups. I suspect, however, that that is changing as an option in Win2k.

This doesn't mean that BIND is going to lose any market share. As far as I know, most corps use Win NT DNS internally and BIND externally on the Internet. That's what we do at my work. And it's what we did at the place I worked at before, and the one before that too. No one in their right mind would use the Windows NT DNS server on the Internet, although some people probably do.

Re:NT already does this

[olmy]

As I point out in another post, WINS support in
DNS is only a partial hack. The NT DNS server only queries for WINS values from the
WINS server. It does NOT load that value into the
zone itself. Therefore, if you had a secondary
DNS server that wasn't NT DNS, it would not be
capable of knowing about that hostname because
its not in the zone and because it can't query
directly to the WINS server.

As it stands, there are other products that do
REAL DDNS injections during the DHCP process which
do REALLY update the zone file with the new
assignment (ISC DHCP + a script + BIND 8; MetaIP;
Cisco IP Registrar).

Your point about NT DNS not being a good option
for external DNS is a valid point. I agree.

A minor nitpick: MS DHCP Server doesn't really
bind to MS WINS Server. What actually happens is
that MS DHCP Server feeds WINS Server values to
the DHCP client. It is up to the DHCP client to
register/update with the WINS server. (sorry,
that was just me being overly correct and
nitpicky).

Re:DHCP is lame, DDNS is lame

>and you truely are an "Anonymous Coward".. create an account you lazy freak

Don't be stupid. Some people do not wish to have a fucking account to do with /., like myself.

We do not support stupid thinking, rumor passing, kiddie programers, tastelessness embracing, or morons.

We use /. for spacy humor and occasional insights.

Xah
xah@best.com
http://www.best.com/~xah/PageTwo_dir/more.html

Umm?

Please explain? At work I use bind 8 w/ ISC DHCP and hostnames follow the IP addresses. Is this not dynamic dns? If it is, then bind 8 does it great!

Re:Umm?

[Flammon]

With DDNS, the hostname is bound to a device and the IP changes. With static DNS, the IP is bound to a device and the name changes.

BIND 8 DOES THIS

WTF are you talking about? If this is dynamic DNS then BIND 8 does dynamic dns.. Check out it's webpage.

Unlike MS

Bind follows the RFCs and doesn't create push propritary BS before the standards are complete.

Network TeleSystems already does this

[Jacco+de+Leeuw]

Their Shadow IP Server has been doing this for ages. They are also one of the few who actually follow the RFCs closely. For instance, their NetBIOS Nameserver (or "WINS" server, as Microsoft like to call it) was the only one to provide integrated support both Windows and OS/2 clients, cf. RFC 1001/1002.

It runs on dedicated hardware and it doesn't come cheap, unfortunately...

MS DDNS

The problem with Win 2000 DDNS is that when each workstation and server when it boots up, it enters it's name into DNS through a dynamic Update. The problem is that there is no checking to see what other machine may already have that name. So if some user decides to name his computer "Server1" and that just happens to be the name of your UNIX server, the workstation gets that name when it boots up.

Re:MS DDNS

[DNSDave]

This is a crock! The first thing the Win2K workstation must do is check for an existing name same as it used to do with a NETBIOS claim-name call.

I can only guess that you have overlapping zones of authority in your namespace.

With a proper implementation of BIND (or Win2K DDNS) the conflict is detected, the registration is refused, and the client system will note the conflict in its errorlog.

MS supporting DDNS is a Good Thing

[dripton]

I have a laptop (usually running Linux, occasionally running Win98) that gets its IP address via DHCP (from a Linux server at home, an NT server at work).

At home, because it's almost always the only DHCP client, my laptop always gets 192.168.0.10 (the beginning of my assigned DHCP range), so I can pretend it has a fixed IP address for local DNS purposes. At work, it gets a different IP address almost every day. WINS can resolve its name anyway; DNS can't because we don't have DDNS yet. MS supporting DDNS is good; my Solaris and Linux machines (which have clients for DNS but not WINS) would be able to look up my laptop by name, just like my Windows box (which has clients for both DNS and WINS).

Yes, MS might screw up DDNS, through malice or incompetence, and provide something only 99% compatible with the RFC. Recall the pump DHCP client included with Red Hat 6.0, which worked great with most Unix DHCP servers but not with NT's. But note that it was quickly patched to work with NT. Open-sourced clients can quickly deal with a bit of incompatibility, whether malicious or accidental.

The fact that MS supports a new open standard like DDNS before your favorite OS does is a reason to start working on an open DDNS client, not an excuse to bash MS. DDNS is good. NT becoming more standards-compliant is good. If at some point in the future MS starts changing their DDNS server around to deliberately cause problems with other people's clients, *then* bash MS, and suggest to your local sysadmin that he run DHCP and DNS from a cheap Linux/*BSD/whatever box instead of an NT server to maintain maximum compatibility with existing clients. But bashing MS in advance just for announcing the intent to support a good, new, open standard is counterproductive. Would you really prefer WINS?

Re:MS supporting DDNS is a Good Thing

[witz]

Exactly. People should be embracing this move as it's a move away from NetBIOS name resoultion being reliant upon WINS or LMHOSTS. They're just too ignorant to know this.

-witz

Re:MS supporting DDNS is a Good Thing

Yes WINS has been a pain, I'll be glad to see it replaced by DDNS. A lot of folks have missed the idea that you would want to create a new zone for DDNS anyway. No one wants to see a desktop assigned the name firewall.xxx.xxx when you already have a perfectly functional server by that name.

Security

[Knightmare]

I could be totally wrong about this but couldn't this be a security risk? Just allowing computers on yout network to set their own name? I know my
logs have a few entries already where people on the campus where I work have tried to enter stuff into my DNS server. If somebody wanted too they could just make up a name that is close to that of another one
Example:
a server has bubba.admin.whatever.int
a devious person sets his name to bubba.worker.whatever.int and somebody telnets/ftps/etc... to bubba and gets bubba.worker instead of bubba.admin because of a search path issue..

I could be overly paranoid which is very possible, so somebody set me straight on this...

"MS'll never win"?

[Trygve]

>> Get with it, Microsoft. You'll never win by going this route.

That's just the problem. They *will* win by going that route (or at least they can, it depends on competitor's response). The problem is that they cut so many corners, and throw their weight around the market so much that they can muscle out the competition, and have a "newer, better" [read: embraced, extended] product.

MS has been so successful because they're practicing business, whereas most others are just trying to improve on current technologies. Only MS "improves" their own technologies because they cut so many corners in creating it that nobody else (at least nobody else knowledgable enough to be improving on current technologies) would want to work with what MS has created.

Get a clue Warren

and read man ls. ls -al shows you the modification time. This is the last time the file was modified. With -c you get access (the time of last access) and c (the last time the file status was changed) In Linux (UN!X) there is no creation time (time when the file was created for the first time). Frank

Re:Get a clue Warren

Whoops.

My apologies. :)

R. Warren

Like anyone is going to go over to Win2K at once

It should be pretty obvious that Microsoft is rushing Windows2000 to market, since if they delay it any later, corporate admins might be too busy fixing things that broke when Y2K hit. Also, UNIX (Particularly Linux) is nipping at Microsoft's heels and they don't want the UNIX market to expand any further which (some industry analysts say) would happen if MS Delays Win2K into 2000.

Given this, Win2K is going to be a bugfest and we all know it. I doubt any large corporation is going to install this before the first service pack comes out around the second quarter of the year 2000.

hahaha.

You know, that was either sarcasm or a troll. The previous poster even mentioned "ctime" (creation time, not ctime()). Well, maybe you were too.

Uh, Why Is This An Issue?

[Bryant]

Even if UNIX couldn't do dynamic DNS (which it can), why should this cause any UNIX admins to get all stressed about NT admins taking over the DNS?

I mean, isn't this sort of thing what subdomains are for? "Here, NT doods, you're authoritative for windows.corp.foo.com." (Edit subdomain name to taste, of course.)

No stress, no power struggles, no problems.

Re:Uh, Why Is This An Issue?

[tweek]

Because only Windows DNS lets you use underbars in domainnames ;) Well Novell does too but thats a whole separate issue. Our Parent company is having a bitch of a time right now because the dumbass who came in back in the day said "Well I can't use spaces but we should call this machine foo_bar."

Re:Uh, Why Is This An Issue?

[olmy]

Partially correct:

As you're aware BIND 8, according to the RFCs, will NOT recognize the unserscore in a record in
any zone it is primary for. In other words, if BIND is primary server for foo.com, it will choke
and refuse to load the entire foo.com zone if
you put foo_bar.foo.com in that zone (there's a way to get around that with creative CNAMEs, but
that's another story).

However, if BIND 8 is secondary to a primary that
does allow underscores (ie, BIND 4.8.x or NT DNS),
it will go ahead and accept the transfer of both
the entire zone and the offending record. It will
just complain in the log file.

Re:hmm..

RTFM! (man ls) that's modification time!! Are You stupid?

Here I sit, typeing on my USB keyboard

USB works quite nicely on my Blue & White G3. As for firewire, *please* show me a windows machine that even knows what it is.

Re:Here I sit, typeing on my USB keyboard

[Dan+Guisinger]

FireWire is dead anyways.
Compaq was the only PC manufacturer besides Sony that was pushing it, and Compaq is behind USB 2.0 which boasts 200 - 300mbps, which is far more than enough for most perhiphrals.

Really, if Apple wants their stuff to take off, get rid of the greedy bastard who thinks high licensing fees and countless lawsuits are needed to prove his stuff is best.

DDNS and UNUX

I have been doing DDNS for almost a year on Linux and Solaris. It works great and it worked out of the box with redhat 6.0 (with a config file change). One cool thing is the perl module works great. So it is also versitle. We all know how Miskeysoft invents technology. Oh and the USB Firewire crap please that isnt the same ballpark. The war is comming to the end. I think Mickeysoft knows it. Matt Fuqua mfuqua@fiftysix.org

Names for Microsoft/MS Software

Micro$oft
M$
Microsloth
Microcrap
Microshit
Micro$hit
Micros~1
Macrostupid
Win2krap
Win1900
Windoze
Wincrap
Windumb

Those are all the ones I can remember off the top of my head. I'd really like some unix/linux doofus to justify those names to me. That's all I hear around here, but rarely with any basis in truth.

Regards,
--

Re:DHCP vs DDNS

[belrick]

The DHCP server communicates with the DDNS, advising it of necessary updates. You set up your DDNS server so that it only accepts DNS change requests from the DHCP servers in your network.

DHCP vs DDNS

[Booker]

How is DDNS related to DHCP? I would think that the DHCP server implements DDNS... and I thought that clients and servers for DHCP were already available (for Linux). But I am not wise in the ways of Bind. Am I missing something?

Someone's smoking the good stuff.

Care to qualify that with a particular Unix implementation?

A single "ls -al" (or "ll" in HP-UX) will happily provide the file creation dates of any file in your current directory. ("ls" is like "DIR" in DOS.. in case you didn't know.) This stands true both on my Red Hat 5.2 at home and HP-UX; I don't have a Solaris box in front of me but I suspect the same is true there as well.

Care to talk facts? Show me where I'm wrong, and I'll happily give you a public apology.

Tip: Violence is the last refuge of the incompetent. Online, baseless insult counts as violence. If you have a gripe, talk facts. Otherwise, shut up.. you're embarrassing yourself.


R. Warren
http://www.iag.net/~aleris

A little research might help you immensely

[Anomie-ous+Cow-ard]

The fact that MS supports a new open standard like DDNS before your favorite OS does is a reason to start working on an open DDNS client, not an excuse to bash MS.

i don't think a client has anything to do with this, in the standard terminology. Instead, the DHCP server just lets the (D)DNS server know that the machine with MAC number xx-xx-xx-xx-xx-xx was just given ip address zzz.zzz.zzz.zzz. The DNS server then updates the DNS record corresponding to machine xx-xx-xx-xx-xx-xx. All the client needs is a plain, olf-fashioned dhcp client. Of course, i could be off on this. micros~1 probably did it differently anyway, to break compatibility. Don't flame, just correct.

i am sure, however, that the bind version 8 name server does allow dynamic DNS updates. bind 8 has been out for Linux for quite a while. Also, several dhcp servers have the ability to automatically use this feature of bind 8. So you can't exactly say that "Linux/*BSD/whatever" doesn't have this ability, since it is already available and has been proven (which micros~1's hasn't yet).

A lot of the M$ bashing is because of two points.

• The article claims Linux has no support for dynamic DNS (as do you). This is incorrect, see above.
• M$ has a history of taking something that works and changing it enough that their client/server only works with their server/client. Especially since they're claiming this is something new and something that won't work with Linux, there's reason to believe they will do so again.

Admins are also worried that there will be problems when micros~1 tries to tie WINS computer names into the dns database. Especially since many don't even know how to change their computer name, so you'll end up with 20 computers named "workstation"...

-----

It's ok ;-) and

there's a typo: -u for access time
:-) Frank

Ironic - no; Good journalism - yes.

[mikemcc]

HeUnique prints an excerpt from a separate work to provide context, and provides a reference to the original source.

Short and to the point, and follows the standards for good journalism.

the article got it all wrong

[olmy]

Look, DDNS has had basic support in BIND 8.x for
a couple of years now (with increasing quality in
each update). BIND administrators could do DDNS
injections with the nsupdate tool provided with
the BIND distribution, they could roll their own
scripts with the DNS module for perl, or they
could incorporate DDNS into ISC DHCP with Irina Goble's scripts or with the new beta code in ISC
DHCP 3.0. Cisco's IP Registrar and MetaIP are
commercial products that perform similar functions.

In point of fact, the article got its history wrong. The examples cited above, along with
the relevant RFCs, were help up to Microsoft as
examples of why the WINS lookup feature in NT DNS
was so inadequate. The incorporation of DDNS updates into the actual zones via IXFR allows for
propagation of the DDNS injections to heterogenous
secondary DNS servers unlike the WINS lookup "feature" in NT DNS.

so, don't fret about MS getting the upperhand on
DDNS, in and of itself. BIND 8 (and the forthcoming BIND 9) has got MS beat. What this
article was trying to allude to is this:

Although the Win2k implementation of DDNS might
actually be RFC compliant, it is quite probable
that the Active Directory tie-ins to DDNS will only work with the Win2k DDNS server. This is
crucial: even if Active Directory sucks, it has
huge appeal for Corporate America. It will be
implemented far and wide. This is what the article
alludes to: you'll have Win2k Active Directory
admins trying to require the DNS hostmasters to
convert to Win2K DDNS to support their Active Directory application.

Re:MSFT is full of really nice people

DR-DOS

DR-DOS was only a good and stable product from version 6. I'm not going to try and defend any of the actions surrounding this issue as I wasn't here for that.


HTML

I assume here you're talking about 'extension' tags to the HTML specification? Both Netscape and Microsoft were busy building extensions to add new features. The W3 was not really moving fast enough and our customers needed things like tables on their pages. When our customers said that they needed standards compliance, we gave it to them.


DDNS

We have been working on this type of feature for a while and even have it available on NT4. While we will eventually support a standard, the IETF is having problems coming up with final draft. Why is that. Well, all I know is that we have a product that needs to ship this year. Certain other parties would prefer us to drop any support in NT2K. That way they can position their products as supporting this feature where, out of the retail box, NT does not. You're seeing standard corporate position here and you really should take it all with a grain of salt. Frankly a well written standard will benefit everybody. With cheap bandwidth able to support small networks, a standard is needed now.


Java

This is partly a philosophical issue. Is Java a language or a platform? We see the benefit of Java as a language and at one point we were toying with the idea of using it to take on many of the enterprise tasks along with VB. We did add some extensions to allow it to have better access to the system. If you like the idea of Java as a platform, consider that you're running an emulator. While JIT compilation and the current processors can be tweeked to make emulation much faster than in the days of the '386 and '486, it still is not as fast as well-written native code. To look at a different example, if you're a Mac user who needs to run some DOS or Windows applications, Virtual PC or SoftWindows will allow you to get by (they are both excellent products). At some point, though, it simply makes more sense to buy a cheap wintel box which can get the job done faster.

Re:DHCP is lame, DDNS is lame

[QuantumG]

So why can't you do that and attach some sort of responsibility to your postings.. personally I say, no register, no post. At least be accountable for your own opinions.

Ain't the kernel's fault. Just replace software.

[cynicthe]

The kernel talks to hardware about services not features. That's user space software's responsibility.

C'mon get with the program. The radiator in your car is not part of the engine. Neither is [D,S]DNS part of the kernel.

Not New

[Manuka]

DDNS has been a part of the OS/2 tcp/ip suite for quite some time.

Khttpd is not in the kernel. We have uhttpd.

[cynicthe]

Kernel = services.

User software = features.

Should we have sendmail in the kernel too? "Ok... now to reconfigure sendmail, recompile your kernel."

I don't think so.

And no I don't like the kernel fractals idea either.

uhhh... no

[Anomie-ous+Cow-ard]

With static DNS, the IP is bound to a device and the name changes.

With static DNS, the IP is bound to the device, but the name doesn't change. Since the device always has the same IP, the name can be tied to device or IP with the same effect. Because it's easier, the name is bound to the IP.

With dynamic IP assignment, the name is bound to the IP as above, because that's how the database was written. But since the IP is not bound to any particular device, both the device's name and IP change. If you manage to get the same IP assigned, you'll have the same name.

As a side note, in DDNS the name is still bound to the IP in the name server database. The difference is that this binding is changed when the device is assigned a new ip, so that the name is effectively 'bound' to the device.

-----

Informative, could rebooting also be a reason?

[just+someone]

At present, every time you change the network configuration, you REBOOT. Big [bleep] pain if you have a PC laptop.

If your machines are configured to dynamic addresses, then you don't need to reboot.

DDNS is the Right Thing(tm)

[Chris+Tyler]

If you're going to use DHCP, then the Right Thing(tm) is to use DDNS for both forward and reverse mapping.

DHCP provides for automatic, dynamic assignment of IP addresses. As others have pointed out, you don't have to use that feature, and you can centrally assign static IPs based on ethernet hardware (MAC) addresses, but that is a feature provided by BOOTP, the ancestor of DHCP. If you're really using DHCP then you're dynamically assigning IPs.

If you're going to dynamically assign IPs, you should have a mechanism for tracking the name-to-IP mapping. DDNS is that mechanism. Using DHCP without DDNS is Broken and The Wrong Thing.

It is only logical that systems that use DHCP should also support DNS. The fact that many of us (including the distro packagers) are too lazy (self-incrimination, not flaim bait) to set up DDNS does *not* mean that it is a bad idea. The fact that MS is doing The Right Thing (in this rare case) also does not mean that it is a bad idea.

So all Unix sysadmins in mixed shops: if you want to continue to have responsibility for IP assignment and DNS, then hear and heed the warning... get DDNS working with DNS on your machines *now*. When Win2000 is deployed in your company (a year from now?) you'll be ready.

Corporate environment, infomercials

[mikemcc]

"in a coperate envoiornment, this isn't an issue"

I agree with you completely, because this strengthens my theory about MS's server strategy.

DDNS may not be a compelling solution for a global, public network, but it sounds as though it's a very nice option for a local net, and that's where Microsoft is concentrating their efforts.

It is important to remember that the Winxx platform is not the logical center of Microsoft's empire. MS Office is. MS Office is the "killer app" which makes most businesses buy Wintel boxes on the desktop, and Windows on the desktop is why those same businesses buy NT servers. The presence of MS Office for the Mac was a significant factor in Apple's resurgence in sales.

Microsoft is leveraging this advantage very effectively, integrating Office with IIS, and with DDNS they are now making it even easier for any salesperson to connect their Windows laptop to connect to any open ethernet port in the office and start working immediately.

That, all by itself, is a good thing. What is not a good thing is for MS to specifcially design their ActiveDirectory so that it requires DDNS. Novell's NDS doesn't require DDNS, and from what I've seen ActiveDirectory does less than Novell's solution. I'm sure that the programmers behind W2K are very good at their jobs, so I must assume that the decision to make W2K DDNS dependant was a conscious choice. If MS publishes a white paper stating the reasons for this, I will read it, (and the soon-to-follow slashdot commentary) and make my mind up then.

PC Week deserves criticism for not doing their homework on this (no surprise there). To state that Unix does not offer this service, when it does, is terrible journanlism.

But then, any "news" article about Windows 2000 which is followed by a link titled
"Check prices: Windows 2000" isn't actually journalism at all, it's an infomercial.

Re:Corporate environment, infomercials

The point about being able to modify DNS dynamically (DDNS) is that it makes it easier to run networks. You can write programs that update DNS remotely, and you don't need to hack your own Java/KSH/Perl/Tcl/whatever. So.... Let me get this straight.... With M$ you can write programs, but with *nix you hack programs. Wow what a huge difference! Merely symantics...Bah!

Re:Corporate environment, infomercials

[Big+Jojo]

The point about being able to modify DNS dynamically (DDNS) is that it makes it easier to run networks. You can write programs that update DNS remotely, and you don't need to hack your own Java/KSH/Perl/Tcl/whatever.

With Dynamic updates to DNS, you can easily have Graphical DNS Administration Tools that run anywhere on the network... versus ones that only run on your DNS primary and use some custom (and likely fragile) setup of BIND config files. When it comes to networking, Microsoft's strength is making tools that "the rest of us" can use. (Apologies to Apple; and how do I say I'm not one of that particular "us"? ;-) That is, people who don't have serious training in Internet operations can get things done.

So that article is missing the point: What M$FT is trying to do is reduce the costs of administering an IP network. The political battle will the old one between "expert" UNIX-savvy admins, who cost, and the Win2K admins who won't need to know much (the tool can be smart enough to solve many problems) and hence won't cost much at all. Heck, the Win2K client tools should work with the BIND servers, right?

Keep an eye out for network admin salaries going down ...

- Jojo

hmm..

[prodeje]

toing@deus:~ $ date
Sat Aug 28 07:40:03 PDT 1999
toing@deus:~ $ touch duh
toing@deus:~ $ ls -l duh
-rw-rw-r-- 1 toing toing 0 Aug 28 07:40 duh

care to explain?
...

Re:hmm..

Those who have actually understood a bit of unix and it's history, hates it like a plaque.

Xah
xah@best.com
http://www.best.com/~xah/PageTwo_dir/more.html
"Windoz: a monstrous hack of greed;
unix: a monstrous hack of stupidity;
GNU: stamps out greed, stamps out stupidity."

BIND already supports it for God's sake!

Before you people start mouthing off and demonizing Microsoft yet again, check your facts. BIND supports Dynamic DNS, in fact, Microsoft has been working with the BIND folks to ensure compliance, and even offer some advice.

Agreed

[Fastolfe]

I mean really -- most everyone uses some other form of comment sorting. Yet I still keep seeing some AC comments right smack in the middle (well, usually towards the bottom) of the comment list that still insist on being the first post.

Are these people just stupid or what?

This is as described in "Hallowen"

[ZioPino]

As we all know this is exactly what MS described in the Halloween doc. As someone else said the DHCP/DDNS via WINS resolution has been around for a while and that created already enough damage. Let me explain. Since the majority of machines our there use Windows and they have name resolution working, the Linux users are seen has "trouble" by the IS people. It's just a fact. Even worse if only few people complain about lack of name resolution. It seems incredible but there are actually people working in a IS department that, when facing the problem to buy Networking solutions, buy Windows-based packages. Windows never played nicely with Unix and it never will. If youi find yourself in the situation where you are denied some network services I suggest to gather together with all the people that have the same problem and talk nicely to you IS people. They will probably buy better software than try to manage 50/100 IP addresses manually. After all they switched to dhcp exactly to avoid that kind of mess. I speak from experience, it takes some time and a lot of diplomacy but it can work.

Re:This is as described in "Hallowen"

[olmy]

Your point is well-taken. Windows doesn't play
nice with UNIX. However, in the spirit of ingenuity, UNIX will play with Windows. ;-)

Samba 2.x clients can both register with and query
from WINS servers. Therefore, linux and UNIX users with samba properly configured can play the
NetBIOS/WINS resolution game just like everybody
else. You'll even show up in Network Neighborhood
(since that seems to be so important to windows
users).

Your sig

Not a flame, just pointing something out. That quote was by Thomas Jefferson. Long before Heinlein's birth.

MCSE's aren't all a$$holes

[invenustus]

My mom deals with a lot of students getting coops and internships at Drexel University. She has students who are becoming MCSE's who hate Microsoft and Windows, and love Linux. It's just like all the other bullshat you learn as a means to an end.

We have a static IP

[Doodhwala]

We have static IP + DHCP...so its great!

New Acronym

[heroine]

Remember in 1998 when Microsoft invented the acronym OSS to stand for Open Source, but thanks to Microsoft we all started calling it OSS for Open Source Software. Now we're starting to go back to just Open Source. Now DynDNS has been around for several years but now that Microsoft has called it DDNS we can expect everyone to start throwing around the DDNS acronym. Where would we be without the innovation of Microsoft?

Re: FUD request job for you programmers...

Do you have any idea at all how this works? I doubt it.

The DDNS services are RFC* spec clean. They are not 'propriatry' hacks designed to mimic the RFC, like Bind currently is.

Did you know that you can swap any clean implimintation of the DDNS spec for the MS one. You don't have to use it you don't want to.

*last I looked the RFC wasn't final yet, MS has been updating the W2K code to follow the RFC. drafts.

DDNS "Security"

A few months back, I read ALL of the RFCs related to DDNS, and DHCP, and there was absolutely _NO_ security in there. i.e. there was no way to ensure that DNS names of servers, (for example), are not grabbed by clients. In snooping our network, we find that MS DHCP clients routinely send DDNS instructions to DNS servers to remove all pre-existing entries for a name, and then follow up with an instruction to add their name and IP of choice. Our DNS servers COULD act on these instructions if we enabled them to do so, but only a fool would would allow any client on the network make any change to DNS it desires.

Don't smoke crack at the keyboard

Are you lying or just clueless. DHCP/DDNS works fine in B3 and RC1. I haven't tried RC2 yet but I don't expect any problems in that area.

You formated the HD to 'fix' this? Does your employer know how badly your ripping them off?

MS vs Linux

I've seen plenty of comments about how Linux can do DDNS too. What I *HAVEN'T* seen is anything addressing the original article, which states "the Windows 2000 implementation of DDNS... all but requires Windows administrators to take control of naming services." What exactly does this mean? That Win2K is *NOT* following the RFCs?