| Author | Messages | |
dwells
Posts:39
 | | 05/02/2008 11:20 AM |
| I'm not responding to any particular context-point within this thread, just
tossing out something that sprung to mind -- the 'GlobalNames' zone in 2K8
goes someway (for our later clients at least and with an eye on future
releases) to simplifying the name resolution configuration issues of old but
does little (other than perhaps worsen) manual configuration requirements.
--
Dean Wells
MSEtechnology
* Email: dwells@msetechnology.com
http://msetechnology.com <http://msetechnology.com/>
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Tony Gordon
Sent: Friday, May 02, 2008 11:05 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] WINS? Ick. WAS [OT] introduction
I will stipulate that given knowledgeable management both of them will work
well. Does DNS requires a slightly higher level of skill set? Probably.
Technology comparison aside, practicality of life (at least for me) is that
while our enterprise is nowhere close to fortune 5 (or 10) our networks are
highly segmented and I do not control the firewalls.
Requesting port 53 UDP does not elicit any questions from the firewall guys
(53 TCP I still need to fight for). Asking them to open 137 and/or 138 (do
not recall which one is used by WINS) would definitely be an uphill battle.
In addition, WINS can cover all of my Windows hosts, DNS can cover that and
all other stuff (and that other stuff does need to resolve Windows)
So arguing pure technical advantages is a moot point (let's observe a minute
of silence for HDDVD).
Thank you, Tony.
Tony Gordon
Windows 2003 & 2000 MCSE, Windows 2003 MCSA, PMP
ITS Infrastructure Engineering
Hewitt Associates | 100 Half Day Road | Lincolnshire, IL 60069 | USA
Tel 847.295.5000 x50526 | Fax 847.554.1574
tony dot gordon at hewitt dot com | www.hewitt.com
From:
joe <listmail@joeware.net>
To:
ActiveDir@mail.activedir.org
Date:
05/01/2008 10:10 PM
Subject:
RE: [ActiveDir] WINS? Ick. WAS [OT] introduction
_____
Your comments don't reflect my experience with it; especially when compared
to DNS and I deal with many very large environments and have substantial
daily experience with them in everyone's favorite Fortune 5.... Err Fortune
10 company (they were Fortune 5 when I worked there, teaches them for
letting me go). I have dealth with far more mind numbing DNS issues over the
last 10 years than WINS issues.
My experience with WINS is you tend to set it up (i.e. Install and select
one or more replication partners) and off it goes. Occasionally you might
jetpack the DBs. The big issues seem to be around misconfigured client
machines (both servers and workstations). The biggest issues I have ever
really had with it were darn SAMBA boxes and admins who didn't know how to
configure resource servers (usually they installed WINS service).
As an aside, I have never seen a company with a dedicated WINS support
group... Just about every company I deal with has a dedicated DNS support
group.
Never really had issues with replication other than network problems, if
that occurred then you scheduled a pull as soon as the network issue was
cleared up (WINS doesn't really ever push, it is all pull replication).
I think one of the big issues most people had with WINS is that they didn't
monitor it. Likely because they couldn't figure out how to monitor it. Again
MSFT wasn't so kind there. So things that were little issues turned into
mountain issues and even if WINS went months without any problem the
resulting issue that occurred got to be so big it left a mark on people.
This isn't just me feeling it was better; we would do ticket reviews looking
back over periods of time and WINS was never even a blip on the radar for
issue to be dealt with in some comprehensive manner.
Agreed there was no CNAME functionality, had shorter names, the suffixes to
me are no different than the SRV records and I don't agree with the
generally speaking as I mentioned before I occasionally had to jetpack. It
was so infrequently my team mates didn't even know about the tool. Worse
comes to worse with the DB you delete the file and pull a new one from your
partner or even worse comes to worse you pop your servers with a netbios
name registration refresh request.
I don't care about the CNAME and shorter names for the WINS problem scope
because it really didn't much matter. It is an intranet tool, I am not
saying use it for internet use. Use it for internal resources for your
internal users - probably about 90% of the work done in most IT groups. I
know I know, not all environments are homogenious, in fact, I personally
have never worked on a homogeniuous network. The networks I have worked on
have had everything from every flavor of Windows to every flavor of Cray to
every flavor of just about every vendor's UNIX and most flavors of
mainframes and miniframes with giant teradata data mining systems and
engineering super computers that calculate car crash results and everything
else but in every case, every case, the number of non-windows machines was
barely a rounding error. DNS was available for them just the same.
The flat namespace... Well that is a fun one right? What is WINS used for?
Resolution of machine names. In general, and I say in general, in the
Windows world the design goal is a single domain forest. That would mean all
of the machines if done in a standard MSFT way were in a flat namespace as
well. Take it further and go with a multidomain forest environment and you
still can't properly reuse the same machine name in multiple domains in the
forest, so flat namespace still works fine. But even if you say wow we can
do the same machine name in different name spaces, I don't think it is a
very good idea within a company, it is a great way to confuse the heck out
of people because, just as it was 10 years ago, users still think in terms
of short host names within the confines of the intranet. Even admins do
it... Go into any company and ask one of the admins, what DC or what file
and print server is in site XYZ... I expect the most popular answer will be
a single host name response, not an FQDN.
"Some of the folks" seem to be thinking I am saying dump DNS for WINS... Or
WINS rocks, DNS is for losers. I am not, I am saying I like WINS over DNS
for intranet Windows purposes. I like WINS because it is a very simple
design and most companies do not need a complicated name resolution
infrastructure design for Windows. The one cool thing DNS, IMO, has over
WINS for Windows intranets is a hierarchy that would be cool for
administrative access delegation and they don't even have the tools set up
to take advantage of it.
joe
--
O'Reilly Active Directory Third Edition -
<http://www.joeware.net/win/ad3e.htm> http://www.joeware.net/win/ad3e.htm
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[ <mailto:ActiveDir-owner@mail.activedir.org>
mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-Elia
Sent: Thursday, May 01, 2008 11:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] WINS? Ick. WAS [OT] introduction
Actually, I don't really understand that. Is it because the WINS namespace
is flat and so somehow that is simpler to manage? Because my experience with
WINS management is that it was not easy (at least in a large environment)
and required quite a bit of expertise and baby-sitting to keep it healthy.
Things like replication that are handled for you today with AD-integrated
DNS had to be manually managed in WINS and were fraught with peril if not
designed well. Also, WINS was/is completely inflexible with respect to
functionality equivalent to CNAMES, had issues with name lengths, required
you to keep track of a myriad of ridiculous suffixes and generally speaking
was constantly requiring database maintenance.
Darren
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[ <mailto:ActiveDir-owner@mail.activedir.org>
mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Wells, James Arthur
Sent: Thursday, May 01, 2008 8:51 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] [OT] introduction
That might be the case - but I think the point is that WINS is less complex
to manage.
So it'll take fewer admins/lower TCO/fewer operational risks vs. DNS, given
the same quality admins.
--James
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[ <mailto:ActiveDir-owner@mail.activedir.org>
mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji
Sent: Thursday, May 01, 2008 9:22 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] [OT] introduction
You cleverly side-stepped the question, joe.
If you truly believe that the health of a WINS implementation is directly
proportional to the "quality" of its implementor/administrator, then is it
not logical to assume the same of DNS?
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.name - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon ________________________________________
From: ActiveDir-owner@mail.activedir.org
[ActiveDir-owner@mail.activedir.org] On Behalf Of joe [listmail@joeware.net]
Sent: Thursday, May 01, 2008 6:20 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] [OT] introduction
You know we didn't run Windows DNS at all. We needed functionality that MSFT
didn't put in because they thought they knew what we were doing...
--
O'Reilly Active Directory Third Edition -
<http://www.joeware.net/win/ad3e.htm> http://www.joeware.net/win/ad3e.htm
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[ <mailto:ActiveDir-owner@mail.activedir.org>
mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji
Sent: Thursday, May 01, 2008 1:17 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] [OT] introduction
Did I just hear you say "DNS worked very well for us on NT4 (and beyond).
Possibly it was simply the quality of the admins running it"?
Does that mean you are going to stop dumping on DNS now?
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.name - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon ________________________________________
From: ActiveDir-owner@mail.activedir.org
[ActiveDir-owner@mail.activedir.org] On Behalf Of joe [listmail@joeware.net]
Sent: Wednesday, April 30, 2008 10:09 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] [OT] introduction
Maybe because you are recalling this poorly Deji.
I wasn't always chasing errant 1C/1B records, I wasn't ever chasing errant
1B/1C records but then you weren't involved in the Enterprise domain stuff
where we worked, you worked on resource dp,aom servers. We occasionally has
Samba boxes hijacking 1C records and I had a script that monitored that so
when it happened we had it fixed in very short order. Outside of that the
biggest issue was "admins" miscofiguring servers to either not point at the
proper WINS servers or loading and running the WINS Service on them. Got to
the point where when someone would call with a WINS issue my team would
first check the member server in question to make sure it was configured
properly and it usually wasn't. Didn't matter how many times we tried to
explain you couldn't configure WINS on a server than then point it at
another WINS server for name res and have it work properly.
WINS worked very well for us on NT4. Possibly it was simply the quality of
the admins running it.
--
O'Reilly Active Directory Third Edition -
<http://www.joeware.net/win/ad3e.htm> http://www.joeware.net/win/ad3e.htm
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[ <mailto:ActiveDir-owner@mail.activedir.org>
mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji
Sent: Thursday, May 01, 2008 12:29 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] [OT] introduction
Even in NT 4.0. joe just wouldn't admit that it was a kludge, even for
someone with his expertise. He was always chasing after some errant 1C and
1B (or is it 3x) records that periodically go missing for no reason.
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.name - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon ________________________________________
From: ActiveDir-owner@mail.activedir.org
[ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-Elia
[darren@sdmsoftware.com]
Sent: Wednesday, April 30, 2008 9:23 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] [OT] introduction
Brandon-
Apparently you never used WINS in NT 3.50... :-)
Darren Mar-Elia
CTO & Founder
SDM Software, Inc.
"The Group Policy Experts"
www.sdmsoftware.com
-----Original Message-----
From: "Brandon Shell" <tshell@gmail.com>
To: ActiveDir@mail.activedir.org
Sent: 4/30/2008 6:53 PM
Subject: Re: [ActiveDir] [OT] introduction
The suffering point was that DNS is harder to configure, Manage, and
troubleshoot than WINS.
But I agree... lets move on 
On Wed, Apr 30, 2008 at 9:43 PM, Akomolafe, Deji <deji@readymaids.com>
wrote:
> You've completely lost me, and I still don't understand the "suffering"
> part of your original statement. And you still haven't explained how MS'
> decision to adopt Kerberos was the beginning of your woes, especially
since
> you just stated that other Kerberos implementations depend on DNS as
wellList info : <http://www.activedir.org/List.aspx>
http://www.activedir.org/List.aspx
List FAQ : <http://www.activedir.org/ListFAQ.aspx>
http://www.activedir.org/ListFAQ.aspx
List archive: <http://www.activedir.org/ma/default.aspx>
http://www.activedir.org/ma/default.aspx
List info : <http://www.activedir.org/List.aspx>
http://www.activedir.org/List.aspx
List FAQ : <http://www.activedir.org/ListFAQ.aspx>
http://www.activedir.org/ListFAQ.aspx
List archive: <http://www.activedir.org/ma/default.aspx>
http://www.activedir.org/ma/default.aspx
List info : <http://www.activedir.org/List.aspx>
http://www.activedir.org/List.aspx
List FAQ : <http://www.activedir.org/ListFAQ.aspx>
http://www.activedir.org/ListFAQ.aspx
List archive: <http://www.activedir.org/ma/default.aspx>
http://www.activedir.org/ma/default.aspx
List info : <http://www.activedir.org/List.aspx>
http://www.activedir.org/List.aspx
List FAQ : <http://www.activedir.org/ListFAQ.aspx>
http://www.activedir.org/ListFAQ.aspx
List archive: <http://www.activedir.org/ma/default.aspx>
http://www.activedir.org/ma/default.aspx
List info : <http://www.activedir.org/List.aspx>
http://www.activedir.org/List.aspx
List FAQ : <http://www.activedir.org/ListFAQ.aspx>
http://www.activedir.org/ListFAQ.aspx
List archive: <http://www.activedir.org/ma/default.aspx>
http://www.activedir.org/ma/default.aspx
List info : <http://www.activedir.org/List.aspx>
http://www.activedir.org/List.aspx
List FAQ : <http://www.activedir.org/ListFAQ.aspx>
http://www.activedir.org/ListFAQ.aspx
List archive: <http://www.activedir.org/ma/default.aspx>
http://www.activedir.org/ma/default.aspx
List info : <http://www.activedir.org/List.aspx>
http://www.activedir.org/List.aspx
List FAQ : <http://www.activedir.org/ListFAQ.aspx>
http://www.activedir.org/ListFAQ.aspx
List archive: <http://www.activedir.org/ma/default.aspx>
http://www.activedir.org/ma/default.aspx
List info : <http://www.activedir.org/List.aspx>
http://www.activedir.org/List.aspx
List FAQ : <http://www.activedir.org/ListFAQ.aspx>
http://www.activedir.org/ListFAQ.aspx
List archive: <http://www.activedir.org/ma/default.aspx>
http://www.activedir.org/ma/default.aspx
List info : <http://www.activedir.org/List.aspx>
http://www.activedir.org/List.aspx
List FAQ : <http://www.activedir.org/ListFAQ.aspx>
http://www.activedir.org/ListFAQ.aspx
List archive: <http://www.activedir.org/ma/default.aspx>
http://www.activedir.org/ma/default.aspx
_____
The information contained in this e-mail and any accompanying documents may
contain information that is confidential or otherwise protected from
disclosure. If you are not the intended recipient of this message, or if
this message has been addressed to you in error, please immediately alert
the sender by reply e-mail and then delete this message, including any
attachments. Any dissemination, distribution or other use of the contents of
this message by anyone other than the intended recipient is strictly
prohibited. All messages sent to and from this e-mail address may be
monitored as permitted by applicable law and regulations to ensure
compliance with our internal policies and to protect our business. E-mails
are not secure and cannot be guaranteed to be error free as they can be
intercepted, amended, lost or destroyed, or contain viruses. You are deemed
to have accepted these risks if you communicate with us by e-mail.
| | | |
|
|