| Author | Messages | |
gabriel/tfi
Posts:94
 | | 05/02/2008 9:34 PM |
| I do agree that DNS is more complex than NBNS (nobody would argue on that)
and it is also true that host name uniqueness is a must-have whether DNS or
WINS is in place, so ideally I agree with Joe that WINS is able to address
name resolution needs in a Windows intranet environment...
....BUT I see a great value in adopting DNS that is using a
_unique_standard_ name resolution mechanism that works anywhere-anyway,
whether the hosts run Windows, *nix, "anyOS" or they stay on the Intranet,
Internet, DMZ, "anynet"....
Standardization sometimes has a price and sometimes it is complexity!
I recently read that MS removed all WINS dependencies in Exchange 2007 and
Windows Server 2008 (clustering service), so it's clearly moving to a "pure"
DNS world, so we must accept the inevitable, WINS will be (is?) "dead meat".
Gabriele.
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-
> owner@mail.activedir.org] On Behalf Of joe
> Sent: sabato 3 maggio 2008 1.37
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] WINS? Ick. WAS [OT] introduction
>
> I won't argue whether or not WINS in NT3.5 days was difficult or not;
> no
> experience with it. My experience that I am willing to quote from began
> with
> NT4 SP3 at which point was substantial and solid. Anything else prior
> to
> that was playing around and not true enterprise use experience.
>
> Agreed on the dedicated DNS teams point, there are other reasons for it
> but
> arguably the complexity that is inherent in a hierarchical model over
> the
> flat model plays into it as well. Something that maybe helps DNS now
> though
> is the dynamic updates you mention which in a properly designed WINS
> architecture was pretty much the whole picture, static entries were a
> bane.
> Anyway, no one I ever spoke with thought to stick WINS into its own
> support
> group even though by far the largest number of machines in most any org
> were
> dependent on that versus DNS. Again, *nix and everything else tends to
> be a
> rounding error in terms of sheer numbers though there was a different
> operating model.
>
> The DNS issues, primarily configuration, did not surprise me as most
> places
> (tm) I think were very homogenious and WINS was the big name res system
> and
> DNS might have sort of have been there for internet stuff if the
> company
> didn't rely on external DNS. In larger orgs, DNS was old hat and once
> they
> figured out the zones and capabilities needed, likely didn't have many
> issues but then again they likely weren't Windows DNS shops either.
> Then you
> have a hodgepodge mixture of places that started mixing and matching
> either
> because the Windows guys didn't want their name resolution in the hands
> of
> those Unix guys and/or the Unix guys didn't want to get stuck dealing
> with
> the Windows guys so you started doing various forums of zone delegation
> etc
> which presented its own complications and showed how much most Windows
> people don't understand DNS. Config issues weren't the only issues
> though,
> any one of us if we look around can find DNS issues other than config
> such
> as the island issues and more than once I have been involved in
> environments
> where all of the DNS entries "disappeared" because something got
> confused
> and DNS didn't know where to read the data from in an ADI environment.
> The
> fun in troubleshooting those is great because, again, of the added
> complexity that is there over WINS.
>
> WINS was very simple. That again is what I liked about it. Tiny code
> base,
> even someone who couldn't read code normally could follow it, not so
> with
> the DNS code base. Fewer lines of code, fewer the likely issues and
> caveats,
> etc. Lots of features and functionality and complexity. DNS can be
> deployed
> very simply or very complex using this that or those features, WINS
> will be
> likely deployed very simply as there aren't a lot of features. The most
> complex thing will be how you set up the replication or static entries.
> I
> never said it was robust, never thought that, just don't think that
> internal
> Windows implementations need lots of complexity and robustness. Start
> talking internet and DMZ and things like that, WINS falls down fast.
>
>
> joe
>
>
> --
> O'Reilly Active Directory Third Edition -
> http://www.joeware.net/win/ad3e.htm
>
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-
> Elia
> Sent: Friday, May 02, 2008 1:03 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] WINS? Ick. WAS [OT] introduction
>
> Joe-
> The combination of the length of your response, and the fact that your
> Pistons slaughtered my Sixers, has put me in a bad mood. But I will
> rise
> above it and say that I value your experiences with DNS more than mine,
> so I
> respect your points. Much of my experience with WINS came from its
> early,
> early days (and since I'm older than you, those were *early* days) and
> it
> has definitely improved. My early experience with WINS was anything but
> "set
> it and forget it". Mind numbing is a good word to describe WINS then
> and my
> experiences were also across multiple large environments. One thing I
> will
> say is that many large companies have dedicated DNS teams because DNS
> has
> traditionally played a MUCH larger role in those environments (long
> before
> Windows arrived) where mission critical apps running on Unix and the
> mainframe relied on it, so I don't count that as an indicator of the
> difficulty of DNS. In fact, in one large environment I worked in, DNS
> ran
> like clockwork (pre-AD days) and was managed by one guy for an
> organization
> with thousands of servers.
>
> I will say that I heard in the not-too-distant past that DNS was MS'
> number
> 1 support issue, which surprised me, but then again, AD being as
> critical as
> it is in most companies, I can understand it.
>
> As for hierarchical vs. flat, for me it has less to do machine name
> uniqueness than organizational (as in ability to organize) benefits
> and, as
> you mention, delegation. But this discussion didn't start as a feature
> comparison, so I won't dwell too much on that. Bottom line is that both
> WINS
> and MS-DNS as they are often used today are multi-master replicated,
> distributed databases that (typically) rely on client machines
> self-registering (and un-registering) with them dynamically and are
> responsible for their own grooming. That set of technologies is just a
> recipe for complexity and the only thing that will save either
> technology is
> good tight management and monitoring.
>
>
> Darren "Wait til next year Chauncy" Mar-Elia
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of joe
> Sent: Thursday, May 01, 2008 8:09 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] WINS? Ick. WAS [OT] introduction
>
> Your comments don't reflect my experience with it; especially when
> compared
> to DNS and I deal with many very large environments and have
> substantial
> daily experience with them in everyone's favorite Fortune 5.... Err
> Fortune
> 10 company (they were Fortune 5 when I worked there, teaches them for
> letting me go). I have dealth with far more mind numbing DNS issues
> over the
> last 10 years than WINS issues.
>
> My experience with WINS is you tend to set it up (i.e. Install and
> select
> one or more replication partners) and off it goes. Occasionally you
> might
> jetpack the DBs. The big issues seem to be around misconfigured client
> machines (both servers and workstations). The biggest issues I have
> ever
> really had with it were darn SAMBA boxes and admins who didn't know how
> to
> configure resource servers (usually they installed WINS service).
>
> As an aside, I have never seen a company with a dedicated WINS support
> group... Just about every company I deal with has a dedicated DNS
> support
> group.
>
> Never really had issues with replication other than network problems,
> if
> that occurred then you scheduled a pull as soon as the network issue
> was
> cleared up (WINS doesn't really ever push, it is all pull replication).
>
> I think one of the big issues most people had with WINS is that they
> didn't
> monitor it. Likely because they couldn't figure out how to monitor it.
> Again
> MSFT wasn't so kind there. So things that were little issues turned
> into
> mountain issues and even if WINS went months without any problem the
> resulting issue that occurred got to be so big it left a mark on
> people.
>
> This isn't just me feeling it was better; we would do ticket reviews
> looking
> back over periods of time and WINS was never even a blip on the radar
> for
> issue to be dealt with in some comprehensive manner.
>
> Agreed there was no CNAME functionality, had shorter names, the
> suffixes to
> me are no different than the SRV records and I don't agree with the
> generally speaking as I mentioned before I occasionally had to jetpack.
> It
> was so infrequently my team mates didn't even know about the tool.
> Worse
> comes to worse with the DB you delete the file and pull a new one from
> your
> partner or even worse comes to worse you pop your servers with a
> netbios
> name registration refresh request.
>
> I don't care about the CNAME and shorter names for the WINS problem
> scope
> because it really didn't much matter. It is an intranet tool, I am not
> saying use it for internet use. Use it for internal resources for your
> internal users - probably about 90% of the work done in most IT groups.
> I
> know I know, not all environments are homogenious, in fact, I
> personally
> have never worked on a homogeniuous network. The networks I have worked
> on
> have had everything from every flavor of Windows to every flavor of
> Cray to
> every flavor of just about every vendor's UNIX and most flavors of
> mainframes and miniframes with giant teradata data mining systems and
> engineering super computers that calculate car crash results and
> everything
> else but in every case, every case, the number of non-windows machines
> was
> barely a rounding error. DNS was available for them just the same.
>
> The flat namespace... Well that is a fun one right? What is WINS used
> for?
> Resolution of machine names. In general, and I say in general, in the
> Windows world the design goal is a single domain forest. That would
> mean all
> of the machines if done in a standard MSFT way were in a flat namespace
> as
> well. Take it further and go with a multidomain forest environment and
> you
> still can't properly reuse the same machine name in multiple domains in
> the
> forest, so flat namespace still works fine. But even if you say wow we
> can
> do the same machine name in different name spaces, I don't think it is
> a
> very good idea within a company, it is a great way to confuse the heck
> out
> of people because, just as it was 10 years ago, users still think in
> terms
> of short host names within the confines of the intranet. Even admins do
> it... Go into any company and ask one of the admins, what DC or what
> file
> and print server is in site XYZ... I expect the most popular answer
> will be
> a single host name response, not an FQDN.
>
>
> "Some of the folks" seem to be thinking I am saying dump DNS for
> WINS... Or
> WINS rocks, DNS is for losers. I am not, I am saying I like WINS over
> DNS
> for intranet Windows purposes. I like WINS because it is a very simple
> design and most companies do not need a complicated name resolution
> infrastructure design for Windows. The one cool thing DNS, IMO, has
> over
> WINS for Windows intranets is a hierarchy that would be cool for
> administrative access delegation and they don't even have the tools set
> up
> to take advantage of it.
>
>
> joe
>
>
> --
> O'Reilly Active Directory Third Edition -
> http://www.joeware.net/win/ad3e.htm
>
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-
> Elia
> Sent: Thursday, May 01, 2008 11:58 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] WINS? Ick. WAS [OT] introduction
>
> Actually, I don't really understand that. Is it because the WINS
> namespace
> is flat and so somehow that is simpler to manage? Because my experience
> with
> WINS management is that it was not easy (at least in a large
> environment)
> and required quite a bit of expertise and baby-sitting to keep it
> healthy.
> Things like replication that are handled for you today with AD-
> integrated
> DNS had to be manually managed in WINS and were fraught with peril if
> not
> designed well. Also, WINS was/is completely inflexible with respect to
> functionality equivalent to CNAMES, had issues with name lengths,
> required
> you to keep track of a myriad of ridiculous suffixes and generally
> speaking
> was constantly requiring database maintenance.
>
> Darren
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Wells, James
> Arthur
> Sent: Thursday, May 01, 2008 8:51 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] [OT] introduction
>
> That might be the case - but I think the point is that WINS is less
> complex
> to manage.
>
> So it'll take fewer admins/lower TCO/fewer operational risks vs. DNS,
> given
> the same quality admins.
>
>
>
> --James
>
>
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe,
> Deji
> Sent: Thursday, May 01, 2008 9:22 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] [OT] introduction
>
> You cleverly side-stepped the question, joe.
>
> If you truly believe that the health of a WINS implementation is
> directly
> proportional to the "quality" of its implementor/administrator, then is
> it
> not logical to assume the same of DNS?
>
> Sincerely,
> _____
> (, / | /) /) /)
> /---| (/_ ______ ___// _ // _
> ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
> (_/ /)
> (/
> Microsoft MVP - Directory Services
> www.akomolafe.name - we know IT
> -5.75, -3.23
> Do you now realize that Today is the Tomorrow you were worried about
> Yesterday? -anon ________________________________________
> From: ActiveDir-owner@mail.activedir.org
> [ActiveDir-owner@mail.activedir.org] On Behalf Of joe
> [listmail@joeware.net]
> Sent: Thursday, May 01, 2008 6:20 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] [OT] introduction
>
> You know we didn't run Windows DNS at all. We needed functionality that
> MSFT
> didn't put in because they thought they knew what we were doing...
>
>
> --
> O'Reilly Active Directory Third Edition -
> http://www.joeware.net/win/ad3e.htm
>
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe,
> Deji
> Sent: Thursday, May 01, 2008 1:17 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] [OT] introduction
>
> Did I just hear you say "DNS worked very well for us on NT4 (and
> beyond).
> Possibly it was simply the quality of the admins running it"?
>
> Does that mean you are going to stop dumping on DNS now?
>
>
> Sincerely,
> _____
> (, / | /) /) /)
> /---| (/_ ______ ___// _ // _
> ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
> (_/ /)
> (/
> Microsoft MVP - Directory Services
> www.akomolafe.name - we know IT
> -5.75, -3.23
> Do you now realize that Today is the Tomorrow you were worried about
> Yesterday? -anon ________________________________________
> From: ActiveDir-owner@mail.activedir.org
> [ActiveDir-owner@mail.activedir.org] On Behalf Of joe
> [listmail@joeware.net]
> Sent: Wednesday, April 30, 2008 10:09 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] [OT] introduction
>
> Maybe because you are recalling this poorly Deji.
>
> I wasn't always chasing errant 1C/1B records, I wasn't ever chasing
> errant
> 1B/1C records but then you weren't involved in the Enterprise domain
> stuff
> where we worked, you worked on resource dp,aom servers. We occasionally
> has
> Samba boxes hijacking 1C records and I had a script that monitored that
> so
> when it happened we had it fixed in very short order. Outside of that
> the
> biggest issue was "admins" miscofiguring servers to either not point at
> the
> proper WINS servers or loading and running the WINS Service on them.
> Got to
> the point where when someone would call with a WINS issue my team would
> first check the member server in question to make sure it was
> configured
> properly and it usually wasn't. Didn't matter how many times we tried
> to
> explain you couldn't configure WINS on a server than then point it at
> another WINS server for name res and have it work properly.
>
> WINS worked very well for us on NT4. Possibly it was simply the quality
> of
> the admins running it.
>
>
>
> --
> O'Reilly Active Directory Third Edition -
> http://www.joeware.net/win/ad3e.htm
>
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe,
> Deji
> Sent: Thursday, May 01, 2008 12:29 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] [OT] introduction
>
> Even in NT 4.0. joe just wouldn't admit that it was a kludge, even for
> someone with his expertise. He was always chasing after some errant 1C
> and
> 1B (or is it 3x) records that periodically go missing for no reason.
>
> Sincerely,
> _____
> (, / | /) /) /)
> /---| (/_ ______ ___// _ // _
> ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
> (_/ /)
> (/
> Microsoft MVP - Directory Services
> www.akomolafe.name - we know IT
> -5.75, -3.23
> Do you now realize that Today is the Tomorrow you were worried about
> Yesterday? -anon ________________________________________
> From: ActiveDir-owner@mail.activedir.org
> [ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-Elia
> [darren@sdmsoftware.com]
> Sent: Wednesday, April 30, 2008 9:23 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] [OT] introduction
>
> Brandon-
>
> Apparently you never used WINS in NT 3.50... :-)
>
> Darren Mar-Elia
> CTO & Founder
> SDM Software, Inc.
> "The Group Policy Experts"
> www.sdmsoftware.com
>
> -----Original Message-----
> From: "Brandon Shell" <tshell@gmail.com>
> To: ActiveDir@mail.activedir.org
> Sent: 4/30/2008 6:53 PM
> Subject: Re: [ActiveDir] [OT] introduction
>
> The suffering point was that DNS is harder to configure, Manage, and
> troubleshoot than WINS.
>
> But I agree... lets move on 
>
> On Wed, Apr 30, 2008 at 9:43 PM, Akomolafe, Deji <deji@readymaids.com>
> wrote:
>
> > You've completely lost me, and I still don't understand the
> "suffering"
> > part of your original statement. And you still haven't explained how
> MS'
> > decision to adopt Kerberos was the beginning of your woes, especially
> since
> > you just stated that other Kerberos implementations depend on DNS as
> wellList info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
|
|