Re: DNS servers
On Tue, 19 Nov 2002 15:34, Russell Coker wrote:
> So this leaves DNS caching as the only reason for BIND. Is there a DNS
> server that does caching better than BIND?
Many people recommended DJBDNS (both on and off list). I have read the
following paper which leads me to believe that DJBDNS is slow and has other
deficiencies. Brad is someone I have a lot of faith in, so I am not even
going to bother reading DJB's response to this paper.
http://www.shub-internet.org/brad/papers/dnscomparison/
Different views don't interest me, so nsd has no deficiency that matters to
me.
dnsmasq sounds interesting, however it's described as being "lightweight" and
for "small networks", I'm concerned that it may be too small for my needs.
pdnsd sounds interesting too, but it also sounds too lightweight and it writes
cached data to disk (which is not desirable for a bigger machine).
dnrd sounds too small and has the following issue:
SECURITY NOTE: dnrd is susceptible to buffer overflow attacks. However, by
default dnrd changes to the "nobody" user. It also does a chroot to the
/etc/dnrd directory, after checking that /etc/dnrd exists and contains no
subdirectories and no executables and is only writable by root.
So it seems that the only two options are dnsmasq and pdnsd. Does anyone have
any experience with them that they would like to share?
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: