NetResults and Scorecard

How we did it

BIND FAQ

DNS info

Spivak is president and owner of SBA Consulting, an information technology consultancy, and SBA.NET.WEB, an Internet consultancy. He can be reached via E-mail at WSpivak@ sbanetweb.com.

Copyright 1996 Network World, Inc.

The Domain Name System (DNS) is like the foundation of a house - nobody gives it much thought, but without it the Internet would be on shaky ground.

DNS servers, generally running on Unix plat-forms, translate alphabetic domain names into numeric IP addresses and vice versa. Without DNS and DNS server, the Internet would look like http://127.50.4.3/smile, instead of the familiar http://guide.sbanetweb.com.

We tested five DNS servers designed to run on the increasingly popular Windows NT Server. Four are commercial products; one is freeware. Most have their roots in Unix's Berkeley Internet Name Domain (BIND) software. However, they vary greatly in terms of implementation, and their statistical and debugging features.

The best product in terms of overall ease of installation, documentation, configuration options and features is MetaInfo, Inc.'s DNS Server 2.1 for NT. Although more expensive than most of the others, it's suitable for everyone from the corporate DNS neophyte to the sophisticated Internet service provider. MetaInfo's DNS is sturdy and stable, lacking only certain display features that we found exclusively in the WinBind for Win 32 freeware.

A close second was Francois Beauregard Logiciels, Inc.'s (FBLI) DNS Pro 2.00. If it handled NT's Windows Internet Naming Service (WINS) database, which permits computer lookups similar to DNS on NT networks, it would have slipped into first.

At the other end of the spectrum was NetManage, Inc.'s IntraNet Server 5.1. During testing, we were unable to maintain the server in an operational state for more than a few hours at a time. In fact, after a fair amount of correspondence with NetManage's technical support staff and installing an update file, NetManage actually suggested we use a DNS server from another manufacturer.

All other products operated fine under NT 3.51 and 4.0 as both primary and secondary servers.

Configuration

You can break a domain into subdomains, which reside on different IP networks. Each subdomain, or zone of the domain, is maintained by a different DNS server.

All DNS servers work with domains and zones. The information is kept in files called db.domain name>. Unix DNS servers utilize text files. On NT, with WinBind and NetManage IntraNet Server 5.1, your only choice is to use a text editor. MetaInfo lets you configure your system to use a text editor or a Web browser. (Microsoft Corp.'s Internet Explorer and Netscape Communications Corp.'s Navigator are the only browsers supported.) MetaInfo also provides the user with a graphical interface that has the ability to start, stop or pause the service. FBLI permits you to use a text editor or two graphical modes - one for beginners and one for advanced users. If you use Microsoft's DNS for NT 4.0 server, you must use the graphical window it provides, unless you're very skilled at DNS configuration.

The ability to create db domain files via text editors makes the creation of multiple zone files a breeze with WinBind, NetManage, FBLI (in the advanced mode) and MetaInfo (in the text editor mode). Multiple zone creation in the browser or graphical mode (with MetaInfo, FBLI and Microsoft) is slower but requires less familiarity with DNS internals. With FBLI's dual graphical modes, zone files can be created quite easily.

FBLI, Microsoft and MetaInfo all have the ability to create reverse mapping files. With these products, you don't have to continually go back to the in-addr.arpa file and add additional mappings each time you assign an IP address to a new host computer. This feature only works in the beginner mode if more than one mode exists.

We found creating zones with Microsoft's product to be a complex process. The online help was not of any assistance, nor was the interface intuitive.

Both Microsoft and MetaInfo permit you to specify the local WINS database - an important issue for corporate users that run NT servers and workstations connected directly to their Windows networks. With Microsoft's product, you specify the WINS database through the primary domain property dialog box. With MetaInfos product, the information is entered through the DNS Control Panel, where you can map all NT workstations to a particular DNS domain. The actual records for all the workstations would be in the selected DNS domain and the WINS server.

NetManage could not read the files we ported from our Unix system, requiring us to rekey all the files. NetManage's technical support staff told us we would have to change Unix line feeds to the DOS version. Both WinBind and MetaInfo had no trouble reading the files.

A DNS server that isn't running does no good. WinBind is the only program that doesn't run as an NT service and, therefore, can't start automatically at boot time. We had to place WinBind in our Startup group, which at least triggers WinBind to begin as soon as we logged on. To make this automatic, we turned on the Auto Logon feature of Windows NT. Thus, we had to sacrifice security for functionality.

Working out the bugs

All of these programs come with some type of debugging facility. WinBind had the best visual capabilities. With an option to log information to a file or send it to a display, you can watch virtually every datagram sent to your DNS server. WinBind also provides database and statistical dumps.

FBLI's DNS server provides some operational display in the DNS Control Panel, which can be used for debugging purposes. FBLI provides 10 levels of debugging, while MetaInfo has 12. The multiple debugging levels allow you to specify by degree the amount of information you are going to wade through to find errors. Most times, lower levels suffice. Both companies show debugging messages in incremental fashion. However, all information is sent to a file that you can't examine unless you turn off your DNS server. While this may be inconvenient, a typical network setup has both a primary DNS server and at least one secondary server, so DNS is not interrupted during the process.

Microsoft provides statistics in its products graphical window, plus other error messages in its cryptic event viewer. These messages were not specific enough to properly debug problems that might be created by errors in the zone file. Equally annoying was NetManage's approach, which also shows errors in cryptic language only in the event viewer. The ability to have a file dump all debug information would have enhanced our ability to fix errors. NetManage has no statistics facility.

Administration

To modify a zone with NetManage, you need to change the database file. To make a new zone, you create a new database file, and add an entry into the registry to signify that the new zone needs to be loaded (instead of the named.boot file). With Microsoft's DNS server, you have to access the computer with the administrator's account.

FBLI is unique in that you specify the database directory (the first line of the named.boot file), and it keeps track internally of primary and secondary domains. The named.boot file tells the DNS server what zones to load and whether it should be a primary or secondary server. This can be quite a time saver. Unfortunately, FBLI in its beginner mode does not permit forwarding, slave or caching servers.

Remote administration gives you the ability to make changes to a DNS server from another workstation. MetaInfo is the only product that provides a remote administration feature, but it only works when you have MetaInfo's DNS server configured for browser mode. With it, you access the correct URL and make additions, subtractions and corrections.

MetaInfo also gives you a level of security regarding who is able to make changes - not only by password-protecting the remote administration feature, but by locking in or out specific incoming IP addresses.

A unique feature permits MetaInfo's technical support staff, or any configured IP address, to access your DNS server across the Internet. We'd probably keep this feature turned off most of the time because hackers using IP spoofing to falsify their IP address could make the network think they were trusted parties.

Installation and documentation

Documentation is a different matter.

WinBind comes without documentation, save for some command-line arguments. Interpretation of error messages and database dumps is left as a challenge for the savvy DNS administrator.

NetManage comes with a poorly written manual only a few pages in length.

Microsoft's only manual is an online help file that, for the most part, refers the reader to DNS and BIND from O'Reilly & Associates, Inc., the de facto Bible for these products. It lacks details about its cryptic error messages.

Also online, MetaInfo's manual is comprehensive, providing information about DNS, configuration and troubleshooting.

FBLI has a unique graphical hyperlinked manual that answered most of our questions. It also provides all the requests for comment that relate to DNS, making the documentation all-encompassing.

Conclusions

Those with a limited budget and many zones should consider a hybrid system. Combine WinBind as a primary DNS with Microsoft as a secondary to get the right balance of easy con- figuration and service at no cost.

If you have larger requirements and budgets, consider FBLIs or MetaInfo's products. Both are stable, easy to work with, full of useful features and priced similarly.