home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam    


DNS & BINDSearch this book
Previous: 15.7 Additional Resource Records Chapter 15
Next: 15.9 DNS and WINS

15.8 DNS Versus X.500

X.500 is an ISO (International Standards Organization) standard distributed directory system that's sometimes seen as a "competitor" to DNS . X.500 does, indeed, include some of the same functionality DNS does. For example, you can use X.500 to retrieve address information for a particular host. And in some ways, the two are similar: X.500 directories store data in hierarchical name spaces, and use recursion and iteration (well, ISO calls them "chaining" and "referral"). While we can hardly claim to be experts on X.500, we can make some general comparisons between DNS and X.500:

  • X.500, as a directory service, supports many types of searching. Whereas DNS servers simply look up data attached to a given domain name, you can search the X.500 Directory Information Tree for soundalike matches, or specify incomplete information ("I know his last name is Buttle and he works in the Ministry of Information") and still turn up data.

  • X.500 is a full-blown distributed database meant to be used for a wide variety of applications. You can store the phone book in an X.500 database. You can store location data in an X.500 database. You can store information about all sorts of network devices and their attributes. DNS , on the other hand, is a relatively simple distributed database meant to solve a particular problem - an intractable HOSTS.TXT database.

  • X.500 has security features involving credentials and the support of multiple encryption types; DNS is not secure.[4]

    [4] Yet. The DNS Security Extensions described in RFC 2065 will allow cryptographic authentication of the source of zone data as well as data integrity checking, and more.

Anyway, you get the idea. X.500 is rich in capabilities and will be extremely useful when it is completely defined, implemented, and optimized. DNS provides a few, critical functions. It is, for the most part, fully implemented, and it will continue to evolve and improve.

Don't let this turn you off to DNS , though. The Domain Name System really is admirably good at its job, and it does it much faster than X.500 does. True, X.500 offers richer functionality, but it may never usurp DNS 's position as the Internet's directory system of choice.

Previous: 15.7 Additional Resource Records DNS & BIND Next: 15.9 DNS and WINS
15.7 Additional Resource Records Book Index 15.9 DNS and WINS