[79608] in North American Network Operators' Group
Re: djbdns: An alternative to BIND
daemon@ATHENA.MIT.EDU (Tobias Reckhard)
Tue Apr 12 01:51:49 2005
Date: Tue, 12 Apr 2005 07:51:12 +0200
From: Tobias Reckhard <jester71@gmx.net>
To: nanog@merit.edu
In-Reply-To: <80927.1113031776@bizet.nethelp.no>
Errors-To: owner-nanog@merit.edu
sthaug@nethelp.no wrote:
> A contrary view from the trenches:
>
> Around a year ago we tested DJB dnscache as the recursive DNS server
> in a high-volume ISP environment - mostly because we were not happy
> with BIND 9 performance at the time. Our conclusions were:
>
> - dnscache used *more* CPU than BIND 9 in our environment, effectively
> ruling it out
It'd be interesting to find the actual causes for this. Did you by
chance consult the djbdns mailing list for hints?
> - Not possible to get dnscache to listen to more than one IP address
> unless you introduce hacks/patches
It's easy enough to setup as many instances of dnscache as you have IP
addresses and point them all at one central dnscache (typically on a
loopback address). Assuming you've already setup the central dnscache,
you need to execute the following commands:
# dnscache-conf Gdnscache Ddnslog /etc/dnscacheX a.b.c.d
# echo 127.0.0.1 > /etc/dnscacheX/root/servers/\@
# echo 1 > /etc/dnscacheX/env/FORWARDONLY
# touch /etc/dnscacheX/root/ip/a.b.c
# ln -s /etc/dnscacheX /service
While I agree that it's more work than simply adding one line to a
config file, in effect you've got no more than two variables: IP adress,
netmask (which I happily assumed to be 255.255.255.0 above). It's
trivial to write a script to handle this situation in a one-liner.
Personally, I also like the added flexibility that this approach gives you.
> - Weird failures reported from users
Did you actually investigate any of these?
> - Annoying installation process with lots of small programs that we
> don't want or need
I found the installation process to be relatively straightforward, if a
little awkward (as some of DJB's habits are). As for the 'lots of small
programs' you don't want or need, I don't see the point. If you install
BIND, you get a monolithic binary whereas djbdns splits the
functionality into separate programs. Most people only use a fraction of
the code in BIND, would you argue that its binary is too large?
[snip]
> version that worked well for us (but still too low performance). We
> finally switched to Nominum CNS (two servers) and one BIND 9 server
> as backup. We really like Nominum CNS, and we're happy.
I've read that Nominum CNS provides good performance. Unfortunately (in
my book), it's not Open Source, though.
Cheers,
Tobias
