On Fri, 25 Jul 2003, Brad Knowles wrote:
At 10:14 AM +0200 2003/07/25, Stephane Bortzmeyer wrote:
BIND is the Apache of DNS servers: it does a lot of things and it is heavily configurable. If you do not need all its features, the best choice (I only consider free software) is, IMHO, nsd <URL:http://www.nlnetlabs.nl/nsd/index.html>, which is much smaller (and therefore probably more secure) and much faster (although you may not see it on a lightly loaded name server).
Note that nsd is very, very fast, but it's a lot like a top fuel nitro-burning unlimited dragster -- if you want to run it, you had probably better be the equivalent of "Big Daddy" Don Garlits, or you may well find that you have backed yourselves into a corner that you can't get out of (without blowing up everything in a quarter-mile radius).
Contrariwise, BIND is a more general-purpose vehicle that is widely understood by most of the people in the business, and is by far the best-documented software in the field.
But complexity for software, tend to generate various issue... nsd is good but as you said, it concentrates on one task. Regarding nsd, the major lack is the logging... I was wondering of a 'dnstop' like that can handle a large volume of nameserver query/reply logging. Is there any user on this list of a "pcap" like capture logging method for a high volume nameserver ?
If you're willing to consider commercial alternatives, I can highly recommend the software from Nominum. Both ANS (Authoritative Name Service) and CNS (Caching Name Service) are ultra-high performance packages, with a broad array of supported back-ends, well documented, with good quality commercial support available from the vendor.
s/commercial/proprietary/g ;-) adulau -- -- Alexandre Dulaunoy (adulau) -- http://www.foo.be/ -- http://pgp.ael.be:11371/pks/lookup?op=get&search=0x44E6CBCD -- "Knowledge can create problems, it is not through ignorance -- that we can solve them" Isaac Asimov