[AusNOG] What Caching DNS Resolver Are You (ISPs) Using?

Mark Delany g2x at juliet.emu.st
Mon Aug 31 12:04:25 EST 2015


> djbdns contains multiple tiny servers that do different things.  It???s culturally different to BIND, which is by contrast monolithic.

Though these days the recommendation is to run two instances of bind
if you want to auth and cache. The code might be monolithic, but the
services need not be.

> If you???re paranoid about security, it really is hard to go past djbdns, although do consider using dbndns instead which actually supports IPv6.  (Gosh, is it the 21st century _already_? My how time flies.)

I've long been a fan of djbdns but v6 (transport) support is a bit of
a weakness and if it's a very busy service you might run up against a
CPU wall as it's not multi-threaded.  Not as much of a problem 15
years ago when djbdns was written, but more so these days. Having said
that, I've rarely seen anyone hit these walls.

As far as a caching-only server is concerned, you could do worse than
unbound - quite flexible and well regarded though it's logging is more
aimed at human consumption rather than automated analysis as with
djbdns.


Mark.


More information about the AusNOG mailing list