One of the large customers I worked with in the past used QIP and it worked tolerably well and I wouldn't have a problem working in an environment using it again. We did not have all zones set up for dynamic, it was only the underscore zones and the AD domains. Note though that only domain controller "domain-type" records went into the domain zones since a disjoint name space was used. All normal host records went into other non-Dynamic zones. That helped with the next item I will mention below.
I did miss the scavenging for machines that did not properly deregister (crashed machines) or ran into an issue I will talk about in the next paragraph. I ended up writing up scripts utilizing nslookup/dig and nsupdate to regularly scan DNS and yank out old records and any non-Domain Controller records to clean things up, basically I implemented my own *special* scavenging. Mostly it wasn't an issue but after a while enough garbage built up that I started getting irked by how much garbage was there and some clients would occasionally notice slow functionality so I had to clean it up and once I did, I wrote a tool to do it the N+1 times after my 1 time. We had a funky issue that I think was more a result of the specific deployment where records could be revved back if the changes occurred at the wrong time. For instance if a record was removed at the wrong time, it could get slammed back into place when the zone was reloaded. This could also happen when registering a new record but this wasn't such a major issue as it would get registered again rather soon. I never got the details on what was happening, I just mentioned it and they were going to look into correcting it. It was that little of an issue, especially once I had my own scavenging script in place. The big win that the company liked about QIP was its management capabilities for a very decentrally managed (literally thousands of zones and zone admins) deployment of DNS but with centralized group of maybe 5-10 "overlords". I didn't work with that aspect at all but can say that I did not mind not having to worry about DNS management (it ran on Solaris boxes by people that were only doing DNS) on a daily basis as I had enough other things to deal with. Occasionally there would be an issue we would have to chase down but we got along with the DNS group well so it wasn't a hardship. It was always nice to have serious heavy duty DHCP/DNS expertise on tap as needed versus working with someone who has DNS/DHCP as only *one* of the things they do. Obviously that isn't a benefit of QIP so much as a benefit of using some other group to manage DNS/DHCP and only DNS/DHCP. However the MS world doesn't tend to be handled that way, especially if you stick DNS on a DC to get the secure updates and integration that they are so proud of. The more services you jam on a DC that have to be actively managed the more likely your Domain Admins will become a jack of all trades and master of none [1] which is probably fine on a daily basis and save a company money for the normal mill stuff but will tend to really bite you in the ass when making changes to your environment or when something goes horribly wrong or you have security issues due to the lack of deep core understanding of technologies involved. I have been known to say that 90%-95% of the Windows Admins do great when everything runs well, they are perfect for clicking on the checkboxs, buttons, and dialogs and go on to be consultants who can easily tell others what checkboxs, buttons, and dialogs to look for to click on. When something breaks though, these folks tend to stand around waiting for the other 5%-10% to tell them what to click next. The odds are pretty good that that 5%-10% have managed environments[2] other than Windows and know the value of really understanding the environment plus they tend to be people who have some personal interest in the technology on their own. They would be running a domain full of computers whether or not that was what they did at their job or not. joe [1] SBS is a concern to me here. Obviously there are stellar examples where this isn't the case and the admins are pretty amazing but I have no problem saying they are the exception versus the rule. I, myself, would be a horrible SBS admin. [2] Or are developers, developers for some reason can become really good admins if they have the admin mentality and aren't stuck in the developer mentality. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ruston, Neil Sent: Thursday, April 28, 2005 6:15 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] Windows Server 2003 DNS Vs. LUCENT QIP DNS Those that spring to mind: W2k3 offers scavenging - QIP does not [but then you could argue, it is not needed by design] W2k3 offers secure DDNS - QIP can, but requires Kerberos integration [again, QIP may be designed such that this is moot] QIP is a full IP management solution and not just a DNS product. Both (QIP and w2k3 DNS) have their pros and cons - it really depends upon your requirements and whether you need/want a full IP management solution of just a DNS product. neil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Green Sent: 28 April 2005 11:02 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Windows Server 2003 DNS Vs. LUCENT QIP DNS Hi all I was wondering if what (if any) benefits/advantages are over using Microsoft (2003) DNS Vs. QIP in Active Directory? Any comments or thoughts welcome :) James _________________________________________________________________ Want to block unwanted pop-ups? Download the free MSN Toolbar now! http://toolbar.msn.co.uk/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ============================================================================ == This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. ============================================================================ == List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
