At 11:23 PM +0200 2003/07/25, Alexandre Dulaunoy wrote:
But complexity for software, tend to generate various issue...
If you want a fully compliant nameserver, there's not much choice.
nsd is good but as you said, it concentrates on one task. Regarding nsd, the major lack is the logging...
Not true. It doesn't support UPDATE. IIRC, it doesn't support any of the DNSSEC stuff. It doesn't even support round-robin. It throws almost all of the protocol out the window. There are cases where the very limited feature set it provides are sufficient, but they are few and far between.
I was wondering of a 'dnstop' like that can handle a large volume of nameserver query/reply logging. Is there any user on this list of a "pcap" like capture logging method for a high volume nameserver ?
I've heard of some tools to do this sort of thing, yes. However, they are not well known, and certainly have not been publicly released. There might be one or two other people on the list I can think of who might have also heard of them.
... broad array of supported back-ends, well documented, with good quality commercial support available from the vendor.
s/commercial/proprietary/g ;-)
Proprietary implementation, yes. However, it does fully implement all of the protocols and features (as well as or better than BIND), and as far as people who are outside are concerned, the interfaces and the protocol support are all that matter. Of course, it's all based on good quality code, much of which is open source. For example, one of the primary database formats supported is Berkeley db. The folks at Nominum have made a point of not re-inventing any wheels that don't need to be re-invented. It's good quality code, supports a good variety of hardware and OS platforms, better than any of the commercial stuff based on BIND (and I believe quite a bit cheaper as well). The support staff are excellent, and the company is willing to work closely with folks to find a solution that works best for them. The thing that surprised me the most is not the individual products they have (each of which is best in its field, IMO), but the integration. When you tie all that together the way they have, you get an unstoppable combination. Of course, the person on this list who could argue for it the best is hamstrung by his position within this group. I'm sure he wouldn't want to be seen as abusing the trust placed in him. -- Brad Knowles, <brad.knowles@skynet.be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)