| Author | Messages | |
bsonposh
Posts:149
 | | 05/02/2008 8:17 AM |
| While am just a lowly Powershell person, in a past life I was a Directory
Services SP at MS. I can tell you we did have a very large number of DNS
misconfiguration calls... not many had anything to do with DNS actually
being broke.
On Fri, May 2, 2008 at 1:29 AM, Akomolafe, Deji <deji@readymaids.com> wrote:
> Darren,
>
> I heard the same report, but with a different slant. I heard that DNS
> MISCONFIGURATION was the number 1 support issue. Slight difference.
>
> A properly configured and managed DNS facility just runs, and runs ad
> infinitum.
>
>
> Sincerely,
> _____
> (, / | /) /) /)
> /---| (/_ ______ ___// _ // _
> ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
> (_/ /)
> (/
> Microsoft MVP - Directory Services
> www.akomolafe.name - we know IT
> -5.75, -3.23
> Do you now realize that Today is the Tomorrow you were worried about
> Yesterday? -anon
> ________________________________________
> From: ActiveDir-owner@mail.activedir.org [
> ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-Elia [
> darren@sdmsoftware.com]
> Sent: Thursday, May 01, 2008 10:03 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] WINS? Ick. WAS [OT] introduction
>
> Joe-
> The combination of the length of your response, and the fact that your
> Pistons slaughtered my Sixers, has put me in a bad mood. But I will rise
> above it and say that I value your experiences with DNS more than mine, so
> I
> respect your points. Much of my experience with WINS came from its early,
> early days (and since I'm older than you, those were *early* days) and it
> has definitely improved. My early experience with WINS was anything but
> "set
> it and forget it". Mind numbing is a good word to describe WINS then and
> my
> experiences were also across multiple large environments. One thing I will
> say is that many large companies have dedicated DNS teams because DNS has
> traditionally played a MUCH larger role in those environments (long before
> Windows arrived) where mission critical apps running on Unix and the
> mainframe relied on it, so I don't count that as an indicator of the
> difficulty of DNS. In fact, in one large environment I worked in, DNS ran
> like clockwork (pre-AD days) and was managed by one guy for an
> organization
> with thousands of servers.
>
> I will say that I heard in the not-too-distant past that DNS was MS'
> number
> 1 support issue, which surprised me, but then again, AD being as critical
> as
> it is in most companies, I can understand it.
>
> As for hierarchical vs. flat, for me it has less to do machine name
> uniqueness than organizational (as in ability to organize) benefits and,
> as
> you mention, delegation. But this discussion didn't start as a feature
> comparison, so I won't dwell too much on that. Bottom line is that both
> WINS
> and MS-DNS as they are often used today are multi-master replicated,
> distributed databases that (typically) rely on client machines
> self-registering (and un-registering) with them dynamically and are
> responsible for their own grooming. That set of technologies is just a
> recipe for complexity and the only thing that will save either technology
> is
> good tight management and monitoring.
>
>
> Darren "Wait til next year Chauncy" Mar-Elia
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of joe
> Sent: Thursday, May 01, 2008 8:09 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] WINS? Ick. WAS [OT] introduction
>
> Your comments don't reflect my experience with it; especially when
> compared
> to DNS and I deal with many very large environments and have substantial
> daily experience with them in everyone's favorite Fortune 5.... Err
> Fortune
> 10 company (they were Fortune 5 when I worked there, teaches them for
> letting me go). I have dealth with far more mind numbing DNS issues over
> the
> last 10 years than WINS issues.
>
> My experience with WINS is you tend to set it up (i.e. Install and select
> one or more replication partners) and off it goes. Occasionally you might
> jetpack the DBs. The big issues seem to be around misconfigured client
> machines (both servers and workstations). The biggest issues I have ever
> really had with it were darn SAMBA boxes and admins who didn't know how to
> configure resource servers (usually they installed WINS service).
>
> As an aside, I have never seen a company with a dedicated WINS support
> group... Just about every company I deal with has a dedicated DNS support
> group.
>
> Never really had issues with replication other than network problems, if
> that occurred then you scheduled a pull as soon as the network issue was
> cleared up (WINS doesn't really ever push, it is all pull replication).
>
> I think one of the big issues most people had with WINS is that they
> didn't
> monitor it. Likely because they couldn't figure out how to monitor it.
> Again
> MSFT wasn't so kind there. So things that were little issues turned into
> mountain issues and even if WINS went months without any problem the
> resulting issue that occurred got to be so big it left a mark on people.
>
> This isn't just me feeling it was better; we would do ticket reviews
> looking
> back over periods of time and WINS was never even a blip on the radar for
> issue to be dealt with in some comprehensive manner.
>
> Agreed there was no CNAME functionality, had shorter names, the suffixes
> to
> me are no different than the SRV records and I don't agree with the
> generally speaking as I mentioned before I occasionally had to jetpack. It
> was so infrequently my team mates didn't even know about the tool. Worse
> comes to worse with the DB you delete the file and pull a new one from
> your
> partner or even worse comes to worse you pop your servers with a netbios
> name registration refresh request.
>
> I don't care about the CNAME and shorter names for the WINS problem scope
> because it really didn't much matter. It is an intranet tool, I am not
> saying use it for internet use. Use it for internal resources for your
> internal users - probably about 90% of the work done in most IT groups. I
> know I know, not all environments are homogenious, in fact, I personally
> have never worked on a homogeniuous network. The networks I have worked on
> have had everything from every flavor of Windows to every flavor of Cray
> to
> every flavor of just about every vendor's UNIX and most flavors of
> mainframes and miniframes with giant teradata data mining systems and
> engineering super computers that calculate car crash results and
> everything
> else but in every case, every case, the number of non-windows machines was
> barely a rounding error. DNS was available for them just the same.
>
> The flat namespace... Well that is a fun one right? What is WINS used for?
> Resolution of machine names. In general, and I say in general, in the
> Windows world the design goal is a single domain forest. That would mean
> all
> of the machines if done in a standard MSFT way were in a flat namespace as
> well. Take it further and go with a multidomain forest environment and you
> still can't properly reuse the same machine name in multiple domains in
> the
> forest, so flat namespace still works fine. But even if you say wow we can
> do the same machine name in different name spaces, I don't think it is a
> very good idea within a company, it is a great way to confuse the heck out
> of people because, just as it was 10 years ago, users still think in terms
> of short host names within the confines of the intranet. Even admins do
> it... Go into any company and ask one of the admins, what DC or what file
> and print server is in site XYZ... I expect the most popular answer will
> be
> a single host name response, not an FQDN.
>
>
> "Some of the folks" seem to be thinking I am saying dump DNS for WINS...
> Or
> WINS rocks, DNS is for losers. I am not, I am saying I like WINS over DNS
> for intranet Windows purposes. I like WINS because it is a very simple
> design and most companies do not need a complicated name resolution
> infrastructure design for Windows. The one cool thing DNS, IMO, has over
> WINS for Windows intranets is a hierarchy that would be cool for
> administrative access delegation and they don't even have the tools set up
> to take advantage of it.
>
>
> joe
>
>
> --
> O'Reilly Active Directory Third Edition -
> http://www.joeware.net/win/ad3e.htm
>
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-Elia
> Sent: Thursday, May 01, 2008 11:58 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] WINS? Ick. WAS [OT] introduction
>
> Actually, I don't really understand that. Is it because the WINS namespace
> is flat and so somehow that is simpler to manage? Because my experience
> with
> WINS management is that it was not easy (at least in a large environment)
> and required quite a bit of expertise and baby-sitting to keep it healthy.
> Things like replication that are handled for you today with AD-integrated
> DNS had to be manually managed in WINS and were fraught with peril if not
> designed well. Also, WINS was/is completely inflexible with respect to
> functionality equivalent to CNAMES, had issues with name lengths, required
> you to keep track of a myriad of ridiculous suffixes and generally
> speaking
> was constantly requiring database maintenance.
>
> Darren
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Wells, James
> Arthur
> Sent: Thursday, May 01, 2008 8:51 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] [OT] introduction
>
> That might be the case - but I think the point is that WINS is less
> complex
> to manage.
>
> So it'll take fewer admins/lower TCO/fewer operational risks vs. DNS,
> given
> the same quality admins.
>
>
>
> --James
>
>
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji
> Sent: Thursday, May 01, 2008 9:22 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] [OT] introduction
>
> You cleverly side-stepped the question, joe.
>
> If you truly believe that the health of a WINS implementation is directly
> proportional to the "quality" of its implementor/administrator, then is it
> not logical to assume the same of DNS?
>
> Sincerely,
> _____
> (, / | /) /) /)
> /---| (/_ ______ ___// _ // _
> ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
> (_/ /)
> (/
> Microsoft MVP - Directory Services
> www.akomolafe.name - we know IT
> -5.75, -3.23
> Do you now realize that Today is the Tomorrow you were worried about
> Yesterday? -anon ________________________________________
> From: ActiveDir-owner@mail.activedir.org
> [ActiveDir-owner@mail.activedir.org] On Behalf Of joe [
> listmail@joeware.net]
> Sent: Thursday, May 01, 2008 6:20 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] [OT] introduction
>
> You know we didn't run Windows DNS at all. We needed functionality that
> MSFT
> didn't put in because they thought they knew what we were doing...
>
>
> --
> O'Reilly Active Directory Third Edition -
> http://www.joeware.net/win/ad3e.htm
>
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji
> Sent: Thursday, May 01, 2008 1:17 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] [OT] introduction
>
> Did I just hear you say "DNS worked very well for us on NT4 (and beyond).
> Possibly it was simply the quality of the admins running it"?
>
> Does that mean you are going to stop dumping on DNS now?
>
>
> Sincerely,
> _____
> (, / | /) /) /)
> /---| (/_ ______ ___// _ // _
> ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
> (_/ /)
> (/
> Microsoft MVP - Directory Services
> www.akomolafe.name - we know IT
> -5.75, -3.23
> Do you now realize that Today is the Tomorrow you were worried about
> Yesterday? -anon ________________________________________
> From: ActiveDir-owner@mail.activedir.org
> [ActiveDir-owner@mail.activedir.org] On Behalf Of joe [
> listmail@joeware.net]
> Sent: Wednesday, April 30, 2008 10:09 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] [OT] introduction
>
> Maybe because you are recalling this poorly Deji.
>
> I wasn't always chasing errant 1C/1B records, I wasn't ever chasing errant
> 1B/1C records but then you weren't involved in the Enterprise domain stuff
> where we worked, you worked on resource dp,aom servers. We occasionally
> has
> Samba boxes hijacking 1C records and I had a script that monitored that so
> when it happened we had it fixed in very short order. Outside of that the
> biggest issue was "admins" miscofiguring servers to either not point at
> the
> proper WINS servers or loading and running the WINS Service on them. Got
> to
> the point where when someone would call with a WINS issue my team would
> first check the member server in question to make sure it was configured
> properly and it usually wasn't. Didn't matter how many times we tried to
> explain you couldn't configure WINS on a server than then point it at
> another WINS server for name res and have it work properly.
>
> WINS worked very well for us on NT4. Possibly it was simply the quality of
> the admins running it.
>
>
>
> --
> O'Reilly Active Directory Third Edition -
> http://www.joeware.net/win/ad3e.htm
>
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji
> Sent: Thursday, May 01, 2008 12:29 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] [OT] introduction
>
> Even in NT 4.0. joe just wouldn't admit that it was a kludge, even for
> someone with his expertise. He was always chasing after some errant 1C and
> 1B (or is it 3x) records that periodically go missing for no reason.
>
> Sincerely,
> _____
> (, / | /) /) /)
> /---| (/_ ______ ___// _ // _
> ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
> (_/ /)
> (/
> Microsoft MVP - Directory Services
> www.akomolafe.name - we know IT
> -5.75, -3.23
> Do you now realize that Today is the Tomorrow you were worried about
> Yesterday? -anon ________________________________________
> From: ActiveDir-owner@mail.activedir.org
> [ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-Elia
> [darren@sdmsoftware.com]
> Sent: Wednesday, April 30, 2008 9:23 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] [OT] introduction
>
> Brandon-
>
> Apparently you never used WINS in NT 3.50... :-)
>
> Darren Mar-Elia
> CTO & Founder
> SDM Software, Inc.
> "The Group Policy Experts"
> www.sdmsoftware.com
>
> -----Original Message-----
> From: "Brandon Shell" <tshell@gmail.com>
> To: ActiveDir@mail.activedir.org
> Sent: 4/30/2008 6:53 PM
> Subject: Re: [ActiveDir] [OT] introduction
>
> The suffering point was that DNS is harder to configure, Manage, and
> troubleshoot than WINS.
>
> But I agree... lets move on 
>
> On Wed, Apr 30, 2008 at 9:43 PM, Akomolafe, Deji <deji@readymaids.com>
> wrote:
>
> > You've completely lost me, and I still don't understand the "suffering"
> > part of your original statement. And you still haven't explained how MS'
> > decision to adopt Kerberos was the beginning of your woes, especially
> since
> > you just stated that other Kerberos implementations depend on DNS as
> wellList info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
| | | |
|
|