|
Windows Active Directory and BIND DNS Server
Active Directory and Kerberos version 5 Authentication sound complicated.
Can I upgrade to Windows 2003 without installing these features?
No, they handle logon and control access and are mandatory in a Windows 2003 Domain. But don't worry, Kerberos Authentication looks after itself and the design of Active Directory for networks with less than 500 users is trivial.
Active Directory allows Windows 2003 to operate in networks with 10,000+ users spanning multiple locations throughout the world. It's a database used by the operating system to store network information - such as usernames and passwords. Third party programs can be written to access Active Directory information as well as using it to store their own data. Changes to the Active Directory database are replicated between Domain Controllers making it resilient to the failure of any single server.
Active Directory has been enhanced and improved in Windows Server 2003 over the original Windows 2000 version and 3 years' of AD design experience has led to some some solid Best Practice design rules.
The BIND DNS Server is used on the vast majority of name serving machines on the Internet, providing a robust and stable architecture on top of which an organization's naming architecture can be built. The resolver library included in the BIND distribution provides the standard APIs for translation between domain names and Internet addresses and is intended to be linked with applications requiring name service.
If a nameserver -- any nameserver, whether BIND or otherwise -- is configured to use ``forwarders'', then none of the the target forwarders can be running BIND4 or BIND8. Upgrade all nameservers used as ``forwarders'' to BIND9 . There is a current, wide scale Kashpureff-style DNS cache corruption attack which depends on BIND4 and BIND8 as ``forwarders'' targets.
|
