LinuxQuestions.org - Which DNS server is better?

- Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)

- - Which DNS server is better? (https://www.linuxquestions.org/questions/linux-server-73/which-dns-server-is-better-537708/)

Which DNS server is better?

Hi,

I want to install a new DNS server. I would like to discuss about which is best DNS server. BIND, PowerDNS or any other one?

Considerations are manageability, security and stability.

Please put forward your suggestions and opinions.

:)
With Regards,
Minto Joseph

"better" is always subjective.

BIND is the one nearly everyone uses in UNIX/Linux (it comes with most distributions).

I've seen folks mention TinyDNS here which I gather is good for small home networks.

I've never seen mention of PowerDNS before.

The community for BIND is quite large so you're apt to find answers to your questions more easily in Google just because of its prevalence.

Thankyou very much for your opinion :)

I'll second BIND being the way to go. It is far and away the best DNS server on the planet.

Manageability is handled with the rndc utility, which allows you to reload specific domains while otherwise leaving the DNS as a whole running. When you have 2000 domains on a server, you don't want to stop and restart all of them because you added a MX record to one of them. The rndc tool allows you to reload just that zone.

Security isn't much of a factor to be honest with you. BIND hasn't had a security flaw in BIND itself in years. There have been issues with openssl, but that is a problem with openssl, not BIND. Those problems have been corrected in any case by the openssl team. To harden the install, some people use a chroot for BIND, which is fine if you want to go that way. A properly configured BIND server has no need for a chroot, but it doesn't hurt anything either.

Stability is a given with BIND. It is a very simple program that has had the best minds in computing working on it for years and years. Nearly any problem you could encounter has already been discussed at length in the newsgroup for BIND, and generally solved. There will also be many discussions on the newsgroup of the DNS "bible", which is absolutely the essential piece of reading for anyone running DNS. Here is a link to the amazon page for it, or you can find it at nearly any bookstore, even the generic mall ones and not the computer store ones, though they may have it as well.

http://www.amazon.com/DNS-BIND-5th-C...4432427&sr=1-2

Peace,
JimBass

While BIND may be the de facto standard it is susceptible to reflected UDP attacks that will overwhelm the server. There are a number of noted attack articles on the web.

Meaning that other DNS servers aren't susceptible to attack? Or that BIND can not be hardened? Which version(s) of BIND? How much research have you done on it?

If you're trying to say something else is better then say what it is and why you think it is.

Yes, only $9,995.

It is an intriguing idea, to have effectively "no" underlying OS that is vulnerable to exploits. Still, I'll take free BIND any day of the week.

Peace,
JimBass

Nice. The newbie is just here to shill a product. Apparently he missed that is a Linux (e.g. Open Source Software) site.

I have no intention to move on to any commercial software when some beautifully written softwares are available with open source..

I am thinking about bind.. I am planning to write a web based and command based control panel for managing DNS.

I searched for webbased control panels currently available.. But I would like to get expert suggestions of most commonly used ones.. If some good proven ones are available, why bother to write a new one?

Happy Computing
Mintos

webmin is one option

djbdns should be mentioned - it is supposed to be good for that security stuff. However, last I checked, it did not do what I needed (ddns), and so I use bind - it works great for me.

Hi all,

Thank you for all your inputs.

We have have finished the implementation of DNS.

From the start, I preferred the idea of mysql engine for storing and accessing records. I thought that it will be faster than text based processing. I even checked the options for adding mysql backend to BIND.

PowerDNS (PDNS) supports a default MYSQL backend. So I finalized on that. It also provides a web based front end called Power Admin.

I know that BIND is vastly used and have massive support groups but I was ready to take a risk for a good change.

Seconday DNS server is updated via MYSQL replication.

We used djbdns (dnscache ) as a recurser.

Everything works fine..

:)
Happy Computing.

Minto Joseph

hi....i can suggest you to use BIND.

Quote:

Originally Posted by mintojoseph

Apparently you missed the latest post where he said he'd chosen PowerDNS and gave his reasons.