On Tue, 19 Nov 2002 15:34, Russell Coker wrote: > So this leaves DNS caching as the only reason for BIND. Is there a DNS > server that does caching better than BIND?
Many people recommended DJBDNS (both on and off list). I have read the following paper which leads me to believe that DJBDNS is slow and has other deficiencies. Brad is someone I have a lot of faith in, so I am not even going to bother reading DJB's response to this paper. http://www.shub-internet.org/brad/papers/dnscomparison/ Different views don't interest me, so nsd has no deficiency that matters to me. dnsmasq sounds interesting, however it's described as being "lightweight" and for "small networks", I'm concerned that it may be too small for my needs. pdnsd sounds interesting too, but it also sounds too lightweight and it writes cached data to disk (which is not desirable for a bigger machine). dnrd sounds too small and has the following issue: SECURITY NOTE: dnrd is susceptible to buffer overflow attacks. However, by default dnrd changes to the "nobody" user. It also does a chroot to the /etc/dnrd directory, after checking that /etc/dnrd exists and contains no subdirectories and no executables and is only writable by root. So it seems that the only two options are dnsmasq and pdnsd. Does anyone have any experience with them that they would like to share? -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page