[NBLUG/talk] Best DNS server for home server/vanity domain(s)?

E Frank Ball III frankb at frankb.us
Mon Dec 17 22:24:08 PST 2012


On Mon, Dec 17, 2012 at 08:06:34PM -0800, Robert P. Thille wrote:
 > 
 > I've been running djbdns for years, and have shied away from BIND
 > due to security issues in the past, but I'm wondering if now BIND
 > is safe (enough) or if MaraDNS or PowerDNS or something else might
 > be better then djbdns...
 > 
 > Anyone have strong opinions one way or another?

For authoritative dns I use nsd.  For recursive dns I use unbound.

nsd was created to add some "genetic diversity" to the internet's root
servers.  The rest are using bind.  If a security hole was found (again)
in bind there would be some root servers that remained intact.  It is
designed to be very small and secure.  The zone files are bind
compatable, and the main config file is way the hell simpler.

unbound is written by the same group and nsd.  It seems to work fine.

maradns is another small dns server, but it uses a unique format for the
zone files.   It's a one man project, unlike nsd/unbound.  

I hear good things about powerdns, but it's an enterprise type server
using sql databases.  The exact opposite of what I was looking for.

djbdns had it's day, it was the only alternative to bind - which has a
rich history of root exploits, but it's been stagnent for a long time.
It doesn't support dnssec for one thing.  It's time is past.

-- 

  Frank Ball  frankb at frankb.us



More information about the talk mailing list