At 10:14 AM +0200 2003/07/25, Stephane Bortzmeyer wrote:
BIND is the Apache of DNS servers: it does a lot of things and it is heavily configurable. If you do not need all its features, the best choice (I only consider free software) is, IMHO, nsd <URL:http://www.nlnetlabs.nl/nsd/index.html>, which is much smaller (and therefore probably more secure) and much faster (although you may not see it on a lightly loaded name server).
Keep in mind that nsd was written for the exclusive task of serving DNS for TLD nameservers, and leaves out a lot of features that are present in BIND. It's also not as user/admin-friendly as BIND -- the authors assume that you know what you're doing and can work with minimal documentation. This may or may not be an issue in this case, but you should at least be aware of these limitations. Also note that nsd pre-calculates all possible supported queries and all possible answers, and then builds the results into a hash table which is only updated when you re-run the parsing/compilation routines to rebuild the hash table. This means that the answers it provides may be formatted somewhat differently than others might expect from a nameserver. Note that nsd is very, very fast, but it's a lot like a top fuel nitro-burning unlimited dragster -- if you want to run it, you had probably better be the equivalent of "Big Daddy" Don Garlits, or you may well find that you have backed yourselves into a corner that you can't get out of (without blowing up everything in a quarter-mile radius). Contrariwise, BIND is a more general-purpose vehicle that is widely understood by most of the people in the business, and is by far the best-documented software in the field.
You may consider PowerDNS also: <URL:http://www.powerdns.com/>. It has an interesting feature, you can use various backends (and even write your own) to manage the actual data store.
BIND can also support SQL backends, and there are plenty of commercial high-end products based on it. See <http://www.isc.org/products/BIND/vendorware.html>. Contrariwise, PowerDNS has had more than a few problems with the caching/recursor and certain other parts of the system, and is very sensitive to the back-end database being used. The documentation is somewhat lacking in this regard -- if you want to use this software, you should subscribe to the mailing list to obtain the current best wisdom regarding system setup and configuration, etc.... If you're willing to consider commercial alternatives, I can highly recommend the software from Nominum. Both ANS (Authoritative Name Service) and CNS (Caching Name Service) are ultra-high performance packages, with a broad array of supported back-ends, well documented, with good quality commercial support available from the vendor. See <http://www.nominum.com/products_technology.php?id=85> for more info. If you want to see a comparison/contrast that I did regarding the various pieces of software, check out <http://www.shub-internet.org/brad/papers/dnscomparison/>, and especially the RIPE44 version of this presentation. Note that while I could get quite respectable performance on my test system from nsd and the Nominum software, I never got anything better than single-digit performance from PowerDNS. I remain convinced that this was a configuration problem which I could not get resolved in time, despite the help that I was soliciting from the mailing list. -- Brad Knowles, <brad.knowles@skynet.be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)