[CentOS] new CentOS 5 as DNS server

Fri Aug 3 13:51:30 UTC 2007
Ray Leventhal <centos at swhi.net>

<snip>
> I'm coming in late to this thread.  We too are a hosting provider
> (small time), hosting approximately 1600 live domains.
>
> Not to say tinydns is a bad alternative, as it has it's strengths, but
> we moved away from [outgrew] it 2 years ago.
>
> If you were already running Bind, CentOS 5 is a great platform.  I run
> a few multi-domain (3-10) slaves using a chrooted Bind for a couple
> offsite clients.  Fine for small number of domains.  Short term, I'd
> recommend just getting another Bind install up and running to fix your
> issue, THEN look at alternatives.
>
> I've personally used PowerDNS, TinyDNS, MyDNS, nsd, Bind 8/9, and MS
> DNS.  PowerDNS is phenomenal.  Look into the proprietary
> "supermaster/superslave" functionality.  To manage the 1600+ domains,
> we have our primary server setup using a MySQL backend.  This allows
> simple integration of our accounting and support systems.  The slaves
> are using sqlite3 backends.  One word of caution, while a "superslave"
> may automatically add a new domain, it will not remove domains deleted
> at the master.  I've solved this by removing all non NS/SOA records
> from that domain and updating the serial on the master - so changes
> propagate to slaves.  Then have a cronjob running that purges empty
> domains from the databases on the master and slaves.
>
> Also, I've found the PowerDNS RPM's located at the EPEL repo to be
> completely stable.  They even have the backends broken out separately.
>
> Lastly, I don't know about you, but I hate giving shell access where
> it's not needed ... especially to support staff under a Tier3 level. 
> So I use Pure-FTPD  running virtual users and an FTPS (not SFTP)
> client like lftp or filezilla for transfers.  If I need a higher level
> of security then I use rsync over SSH.
>
> Forgive me for being so verbose. :-)
>
> -ken
Overly Verbose?  Not at all, Ken.  I am thrilled to hear of your
experiences and was, actually, intending to do a straight BIND install
first as it's what I'm most familiar with at this time.

I certainly have a lot of material to review before making the leap away
from BIND proper, but that I now know what that material is, at least in
part, is a blessing.

Please be verbose as you'd like.  I, for one, truly appreciate it.

Thanks again,
~Ray