[CentOS] tinydns/djbdns opinion poll

Tue Feb 10 00:38:36 UTC 2009
Christopher Chan <christopher.chan at bradbury.edu.hk>

Jake wrote:
> Good morning:
> 
> We're about to start moving our public DNS to in-house managed
> servers. My first thought was "Linux + BIND" and we're done. Someone
> in another business unit's IT dept. has suggested tinydns be used.
>>From what I could find, it looks like this software hasn't really had
> any community drive behind it in a while. The latest RPMs on rpmforge
> are for red hat 6 and red hat 7. I very much dislike the idea of
> compiling my own because of all the overhead associated with making
> sure the system stays up-to-date and so on so this really puts me off
> already. Does anyone have an opinion on this software? It seems to
> have some strong virtues but maybe not enough to justify using it over
> BIND just because any Linux admin we hire could be expected to know
> BIND.

tinydns supports large zone/record updates on the fly...in comparison 
with bind which will stop answering while it is loading up zones. The 
caveat however is that you need GOOD disk i/o if you have a lot of 
records because tinydns achieves that due to use a cdb database whereas 
BIND will stick them all in memory. So if you are constantly updating 
zones, I would suggest tinydns as the entire process can be automated 
and the source for the cdb database stored in a nice sql database with a 
nice frontend, script plugin/api for whatever you imagine.

If you don't have very dynamic stuff and you do not need to constantly 
rebuild zones, BIND should be better I suppose especially if you are in 
an environment where a lot of zones share the same data (ns, mx,...) 
thanks to INCLUDE.

As for making sure the system stays up-to-date, you do not have to worry 
about djbdns and daemontools...they are pretty much set in stone now 
excpet for maybe some patches that you might want (it's public domain so 
just roll your own if you do need them patches). All you have to worry 
about is installing on new systems. It is literally compile once and 
forget. Zero overhead.

Oh, may I point out that there are no security issues with djbdns 
whereas BIND has a history of problems even until recently. 'slaves' can 
be updated with by rsyncing the cdb database over so there is no room 
for human error with respects to dns server configuration whether it is 
leaving recursive on or whatever.

Interesting that any Linux admin you can hire will know BIND. I find 
that not to be the case over here in Hong Kong. I guess there is a 
reason why Linux is not very popular over here notwithstanding the lack 
of people who know Linux.