djbdns: An alternative to BIND
Simon Waters
simonw at zynet.net
Mon Apr 11 08:10:00 UTC 2005
On Saturday 09 Apr 2005 8:29 am, sthaug at nethelp.no wrote:
>
At the risks of prolonging a thread that should have died Saturday.
> - dnscache used *more* CPU than BIND 9 in our environment, effectively
> ruling it out
dnscache opens a separate port for each request, thus making DNS spoofing
harder (unless you can sniff the packets, then you don't care), BIND doesn't
do this, relying solely on query id to prevent spoofing (till DNSSEC or
similar is deployed).
Overly paranoid, perhaps, but I think it is important to understand that
performance isn't everything. If you want the best performing DNS server last
time Rick looked Microsoft DNS was well ahead of BIND, good luck to anyone
trying to use it for a big recursive DNS.
> - Weird failures reported from users
I've used dnscache in operational, if not terribly busy role, found like most
of DJBs software it does what it says on the tin. It may do a lot less than
it's competitors but it does it and keeps doing it. Even if you have to patch
it to get it to compile <sigh>.
> - Annoying installation process with lots of small programs that we
> don't want or need
Agreed.
More information about the NANOG
mailing list