Jake wrote:
Good morning:
We're about to start moving our public DNS to in-house managed servers. My first thought was "Linux + BIND" and we're done. Someone in another business unit's IT dept. has suggested tinydns be used.
From what I could find, it looks like this software hasn't really had
any community drive behind it in a while. The latest RPMs on rpmforge are for red hat 6 and red hat 7. I very much dislike the idea of compiling my own because of all the overhead associated with making sure the system stays up-to-date and so on so this really puts me off already. Does anyone have an opinion on this software? It seems to have some strong virtues but maybe not enough to justify using it over BIND just because any Linux admin we hire could be expected to know BIND.
tinydns supports large zone/record updates on the fly...in comparison with bind which will stop answering while it is loading up zones. The caveat however is that you need GOOD disk i/o if you have a lot of records because tinydns achieves that due to use a cdb database whereas BIND will stick them all in memory. So if you are constantly updating zones, I would suggest tinydns as the entire process can be automated and the source for the cdb database stored in a nice sql database with a nice frontend, script plugin/api for whatever you imagine.
If you don't have very dynamic stuff and you do not need to constantly rebuild zones, BIND should be better I suppose especially if you are in an environment where a lot of zones share the same data (ns, mx,...) thanks to INCLUDE.
As for making sure the system stays up-to-date, you do not have to worry about djbdns and daemontools...they are pretty much set in stone now excpet for maybe some patches that you might want (it's public domain so just roll your own if you do need them patches). All you have to worry about is installing on new systems. It is literally compile once and forget. Zero overhead.
Oh, may I point out that there are no security issues with djbdns whereas BIND has a history of problems even until recently. 'slaves' can be updated with by rsyncing the cdb database over so there is no room for human error with respects to dns server configuration whether it is leaving recursive on or whatever.
Interesting that any Linux admin you can hire will know BIND. I find that not to be the case over here in Hong Kong. I guess there is a reason why Linux is not very popular over here notwithstanding the lack of people who know Linux.