[79558] in North American Network Operators' Group
Re: djbdns: An alternative to BIND
daemon@ATHENA.MIT.EDU (Simon Waters)
Mon Apr 11 04:10:36 2005
To: nanog@merit.edu
Date: Mon, 11 Apr 2005 09:10:00 +0100
In-Reply-To: <80927.1113031776@bizet.nethelp.no>
From: Simon Waters <simonw@zynet.net>
Errors-To: owner-nanog@merit.edu
On Saturday 09 Apr 2005 8:29 am, sthaug@nethelp.no wrote:
>
At the risks of prolonging a thread that should have died Saturday.
> - dnscache used *more* CPU than BIND 9 in our environment, effectively
> ruling it out
dnscache opens a separate port for each request, thus making DNS spoofing
harder (unless you can sniff the packets, then you don't care), BIND doesn't
do this, relying solely on query id to prevent spoofing (till DNSSEC or
similar is deployed).
Overly paranoid, perhaps, but I think it is important to understand that
performance isn't everything. If you want the best performing DNS server last
time Rick looked Microsoft DNS was well ahead of BIND, good luck to anyone
trying to use it for a big recursive DNS.
> - Weird failures reported from users
I've used dnscache in operational, if not terribly busy role, found like most
of DJBs software it does what it says on the tin. It may do a lot less than
it's competitors but it does it and keeps doing it. Even if you have to patch
it to get it to compile <sigh>.
> - Annoying installation process with lots of small programs that we
> don't want or need
Agreed.
