[122809] in North American Network Operators' Group
Re: DNS server software
daemon@ATHENA.MIT.EDU (Phil Regnauld)
Mon Feb 22 09:39:51 2010
Date: Mon, 22 Feb 2010 22:39:12 +0800
From: Phil Regnauld <regnauld@nsrc.org>
To: Claudio Lapidus <clapidus@gmail.com>
In-Reply-To: <c3a174021002220616g76f0304bh84ae892dfc9280a6@mail.gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Claudio Lapidus (clapidus) writes:
> Hello all,
>
> We are a mid-sized carrier (1.2M broadband subscribers) and we are looking
> for an upgrade in our public DNS resolver infrastructure, so we are
> interested in getting to know what are you guys using in your networks.
> Mainly what kind/brand of software and which architecture did you use to
> deploy it, and how did you do the sizing, all of it would be most helpful
> information.
You'd probably want to start taking a look at unbound:
http://unbound.net/
It's open source, and actively maintained by NLNetLabs.
Setup properly on a decent OS and anycasted, it performs extremely
well - better than some commercial solutions.
PowerDNS also has an open source solution (www.powerdns.com). PowerDNS
is easily modified with custom backends (using a simple pipe interface).
Then there are solutions from Nominum if you want to pay yourself
out the question, as well as products from Infoblox (they are more
targeted towards corporate DNS, but have recently introduced what they
claim to be "ISP class" resolvers).
There's also Secure64, which I haven't tested but some people are very
happy with it.
All of the above support DNSSEC.
Sizing considerations will depend on your network topology, how many
customers / PoP, etc...
You may want to ask the dns operations list
(https://lists.dns-oarc.net/mailman/listinfo/dns-operations) for advice,
but please wait until you've collected a bit more data on which solution
you'd consider, and it's usually not very useful to ask "is vendor solution
X better than Y".
Cheers,
Phil
