djbdns: An alternative to BIND

• Previous message (by thread): djbdns: An alternative to BIND
• Next message (by thread): djbdns: An alternative to BIND
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

sthaug at nethelp.no wrote:
> A contrary view from the trenches:
> 
> Around a year ago we tested DJB dnscache as the recursive DNS server
> in a high-volume ISP environment - mostly because we were not happy
> with BIND 9 performance at the time. Our conclusions were:
> 
> - dnscache used *more* CPU than BIND 9 in our environment, effectively
> ruling it out

It'd be interesting to find the actual causes for this. Did you by 
chance consult the djbdns mailing list for hints?

> - Not possible to get dnscache to listen to more than one IP address
> unless you introduce hacks/patches

It's easy enough to setup as many instances of dnscache as you have IP 
addresses and point them all at one central dnscache (typically on a 
loopback address). Assuming you've already setup the central dnscache, 
you need to execute the following commands:

   # dnscache-conf Gdnscache Ddnslog /etc/dnscacheX a.b.c.d
   # echo 127.0.0.1 > /etc/dnscacheX/root/servers/\@
   # echo 1 > /etc/dnscacheX/env/FORWARDONLY
   # touch /etc/dnscacheX/root/ip/a.b.c
   # ln -s /etc/dnscacheX /service

While I agree that it's more work than simply adding one line to a 
config file, in effect you've got no more than two variables: IP adress, 
netmask (which I happily assumed to be 255.255.255.0 above). It's 
trivial to write a script to handle this situation in a one-liner.

Personally, I also like the added flexibility that this approach gives you.

> - Weird failures reported from users

Did you actually investigate any of these?

> - Annoying installation process with lots of small programs that we
> don't want or need

I found the installation process to be relatively straightforward, if a 
little awkward (as some of DJB's habits are). As for the 'lots of small 
programs' you don't want or need, I don't see the point. If you install 
BIND, you get a monolithic binary whereas djbdns splits the 
functionality into separate programs. Most people only use a fraction of 
the code in BIND, would you argue that its binary is too large?

[snip]
> version that worked well for us (but still too low performance). We
> finally switched to Nominum CNS (two servers) and one BIND 9 server
> as backup. We really like Nominum CNS, and we're happy.

I've read that Nominum CNS provides good performance. Unfortunately (in 
my book), it's not Open Source, though.

Cheers,
Tobias

• Previous message (by thread): djbdns: An alternative to BIND
• Next message (by thread): djbdns: An alternative to BIND
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]