[olug] DNS recommendation?
Phil Brutsche
phil at brutsche.us
Fri Nov 5 17:48:32 UTC 2004
thelarsons3 at cox.net wrote:
> I've been thinking of running a DNS at home so that I don't have to
> remember the IPs of all my machines. Any suggestions on what to use
> or avoid? I've heard that BIND is big, slow, and a security risk.
Most people who say that haven't tried a recent release.
> Is this true?
Big? Depends on your standards, and how you make the comparison. Is
4MB big? (That's about how much memory BIND 9.2.4 takes up on my home
file server)
Slow? According to one paper I found, the highest performing
authoritative DNS servers were (from fastest to slowest):
NSD
Nominum ANS
BIND 8
BIND 9
djbdns
The results for a caching server:
Nominum CNS
BIND 8
BIND 9
djbdns
I'll have to try to find that paper, I can't seem to locate it at the
moment. And no, the paper wasn't written by Nominum :)
Realistically, though, for a home user with a handfull of computers,
will it really make that much of a difference?
Security risk? Only if you're running an early BIND v8.
In the 4 years BIND v9 has been out (BIND 9.0.0 was released Sep 2000)
there have been a total of 3 security advisories (2 were actual bugs,
one was for the version of the OpenSSL library they bundled at the time).
In the same time period there have been at least a half dozen on BIND
v8, and that doesn't even BEGIN to cover the advisories from 1996 -> 2000...
> What about djbdns?
It's fine, as long as you don't care that it's unmaintained and doesn't
even try to comply with the appropriate standards documents and... kinda
like qmail ;)
--
Phil Brutsche
phil at brutsche.us
More information about the OLUG
mailing list