You might ask which is more secure, Microsoft DNS (which comes with Windows) or the more common BIND. Most organizations that have Windows-based networks rely on Microsoft DNS because it’s a core component of Active Directory, but many people claim that BIND is more secure.

Comparing the security of the two products is difficult. BIND allows for finer configuration and has full DNS Security Extensions support, but it has a longer history of security flaws than Microsoft’s DNS implementation. Microsoft DNS is easier to configure, so some argue that there’s a smaller chance for configuration errors. However, because it’s easy to configure, inexperienced administrators might use it and introduce errors. Ultimately, you can build a secure DNS server with either of the two products. Unlike most security vulnerabilities, DNS problems are more often a result of configuration errors rather than software flaws.