Re: bind9 vs tinydns vs others
Wednesday 03 December 2003 15:36, Marcel Hicking > > To throw into something different: > PowerDNS works fine with MySQL as a backend http://isp-lists.isp-planet.com/isp-dns/0310/msg00048.html short version :) i use nsd for authoritive dns servers and bind9 for recursive. --
Re: bind9 vs tinydns vs others
Wednesday 03 December 2003 15:36, Marcel Hicking > > To throw into something different: > PowerDNS works fine with MySQL as a backend http://isp-lists.isp-planet.com/isp-dns/0310/msg00048.html short version :) i use nsd for authoritive dns servers and bind9 for recursive. -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: bind9 vs tinydns vs others
On Wed, Dec 03, 2003 at 10:04:26PM +0100, David Zejda <[EMAIL PROTECTED]> wrote a message of 29 lines which said: > flat files can't be "down". wouldn't be better to generate flat > files from the backend db to avoid such risks? I agree.
Re: bind9 vs tinydns vs others
On Wed, Dec 03, 2003 at 10:04:26PM +0100, David Zejda <[EMAIL PROTECTED]> wrote a message of 29 lines which said: > flat files can't be "down". wouldn't be better to generate flat > files from the backend db to avoid such risks? I agree. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: bind9 vs tinydns vs others
On December 3, 2003 04:04 pm, David Zejda wrote: > thanks for reply! > i only guess, as well as your dns depends on some database (RDBMS or LDAP > or something else), it increases the danger of attacks, especially DoS (db > is down -> dns respectively). flat files can't be "down". wouldn't be > better to generate flat files from the backend db to avoid such risks? > have you ever had such problems? I would agree with you, others may not. It's trivial to generate appropriate zone files from a database so (assuming you want your zones in a database) I'd still go with generating the files periodically rather than having DNS constantly polling the db. > > David Zejda wrote: > > > what do you prefer for authoritative dns? > > > experiences/stability...? > > > i have no verbose bind knowledge yet. > > > > > > thanks > > > David > > > > We are running mydns on our auth name servers, feeding them data from a > > self made PHP-based web interface. Works like a charm. Only drawback is > > it's only available in testing and unstable (but most of our servers un > > testing and are rock stable) > > > > Thomas -- Fraser Campbell <[EMAIL PROTECTED]> http://www.wehave.net/ Georgetown, Ontario, Canada Debian GNU/Linux
Re: bind9 vs tinydns vs others
On December 3, 2003 04:04 pm, David Zejda wrote: > thanks for reply! > i only guess, as well as your dns depends on some database (RDBMS or LDAP > or something else), it increases the danger of attacks, especially DoS (db > is down -> dns respectively). flat files can't be "down". wouldn't be > better to generate flat files from the backend db to avoid such risks? > have you ever had such problems? I would agree with you, others may not. It's trivial to generate appropriate zone files from a database so (assuming you want your zones in a database) I'd still go with generating the files periodically rather than having DNS constantly polling the db. > > David Zejda wrote: > > > what do you prefer for authoritative dns? > > > experiences/stability...? > > > i have no verbose bind knowledge yet. > > > > > > thanks > > > David > > > > We are running mydns on our auth name servers, feeding them data from a > > self made PHP-based web interface. Works like a charm. Only drawback is > > it's only available in testing and unstable (but most of our servers un > > testing and are rock stable) > > > > Thomas -- Fraser Campbell <[EMAIL PROTECTED]> http://www.wehave.net/ Georgetown, Ontario, Canada Debian GNU/Linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: bind9 vs tinydns vs others
thanks for reply! i only guess, as well as your dns depends on some database (RDBMS or LDAP or something else), it increases the danger of attacks, especially DoS (db is down -> dns respectively). flat files can't be "down". wouldn't be better to generate flat files from the backend db to avoid such risks? have you ever had such problems? David > David Zejda wrote: > > > what do you prefer for authoritative dns? > > experiences/stability...? > > i have no verbose bind knowledge yet. > > > > thanks > > David > > > > > We are running mydns on our auth name servers, feeding them data from a > self made PHP-based web interface. Works like a charm. Only drawback is > it's only available in testing and unstable (but most of our servers un > testing and are rock stable) > > Thomas
Re: bind9 vs tinydns vs others
thanks for reply! i only guess, as well as your dns depends on some database (RDBMS or LDAP or something else), it increases the danger of attacks, especially DoS (db is down -> dns respectively). flat files can't be "down". wouldn't be better to generate flat files from the backend db to avoid such risks? have you ever had such problems? David > David Zejda wrote: > > > what do you prefer for authoritative dns? > > experiences/stability...? > > i have no verbose bind knowledge yet. > > > > thanks > > David > > > > > We are running mydns on our auth name servers, feeding them data from a > self made PHP-based web interface. Works like a charm. Only drawback is > it's only available in testing and unstable (but most of our servers un > testing and are rock stable) > > Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: bind9 vs tinydns vs others
--Tuesday, December 02, 2003 17:18:05 -0500 Fraser Campbell <[EMAIL PROTECTED]>: > On December 2, 2003 10:46 am, David Zejda wrote: > >> what do you prefer for authoritative dns? >> experiences/stability...? >> i have no verbose bind knowledge yet. To throw into something different: PowerDNS works fine with MySQL as a backend (there are other backends for PostgreSQL, LDAP etc available). Packaged as "pdns" See also http://www.powerdns.com/ Cheers, Marcel
Re: bind9 vs tinydns vs others
--Tuesday, December 02, 2003 17:18:05 -0500 Fraser Campbell <[EMAIL PROTECTED]>: > On December 2, 2003 10:46 am, David Zejda wrote: > >> what do you prefer for authoritative dns? >> experiences/stability...? >> i have no verbose bind knowledge yet. To throw into something different: PowerDNS works fine with MySQL as a backend (there are other backends for PostgreSQL, LDAP etc available). Packaged as "pdns" See also http://www.powerdns.com/ Cheers, Marcel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: bind9 vs tinydns vs others
On Tue, Dec 02, 2003 at 04:46:55PM +0100, David Zejda <[EMAIL PROTECTED]> wrote a message of 11 lines which said: > what do you prefer for authoritative dns? nsd. See http://www.nic-generique.prd.fr/sheets/practical/nameserver-en> for a good reason.
Re: bind9 vs tinydns vs others
On December 2, 2003 10:46 am, David Zejda wrote: > what do you prefer for authoritative dns? > experiences/stability...? > i have no verbose bind knowledge yet. For an authoritative only server there is nsd. It's only available in unstable but it should be easy enough to backport. I've only used it on my home network so far but I do plan to eventually use it in my hosting business, I rather like the idea of diversity (bind being the defacto standard for dns it is subject to much more attacks). -- Fraser Campbell <[EMAIL PROTECTED]> http://www.wehave.net/ Georgetown, Ontario, Canada Debian GNU/Linux
Re: bind9 vs tinydns vs others
On Tue, Dec 02, 2003 at 04:46:55PM +0100, David Zejda <[EMAIL PROTECTED]> wrote a message of 11 lines which said: > what do you prefer for authoritative dns? nsd. See http://www.nic-generique.prd.fr/sheets/practical/nameserver-en> for a good reason. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: bind9 vs tinydns vs others
On December 2, 2003 10:46 am, David Zejda wrote: > what do you prefer for authoritative dns? > experiences/stability...? > i have no verbose bind knowledge yet. For an authoritative only server there is nsd. It's only available in unstable but it should be easy enough to backport. I've only used it on my home network so far but I do plan to eventually use it in my hosting business, I rather like the idea of diversity (bind being the defacto standard for dns it is subject to much more attacks). -- Fraser Campbell <[EMAIL PROTECTED]> http://www.wehave.net/ Georgetown, Ontario, Canada Debian GNU/Linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: bind9 vs tinydns vs others
On Tue, 2003-12-02 at 06:46, David Zejda wrote: > what do you prefer for authoritative dns? > experiences/stability...? > i have no verbose bind knowledge yet. > > thanks > David > Have to start somewhere so dive in after you feel you enough info. :-) We run djbdns,rbldns,etc., right now. All under Woody and one FreeBSD box. We have used Bind9 also and both have advantages. I like djbdns for the ease of editing which is personal taste. Bind9 has more available for GUI front-ends and hooks with other applications. So usually I recommend people start with Bind so as to prove the saying, 'Only the experienced walk with a limp.' That said, you may very well be happy with either as they both power the Net. Dee -- Alaska Wireless Systems http://www.akwireless.net -=- "Take Control of Your E-Mail!" (907)349-4308 Office - AIM = awswired
Re: bind9 vs tinydns vs others
On Tue, 2003-12-02 at 06:46, David Zejda wrote: > what do you prefer for authoritative dns? > experiences/stability...? > i have no verbose bind knowledge yet. > > thanks > David > Have to start somewhere so dive in after you feel you enough info. :-) We run djbdns,rbldns,etc., right now. All under Woody and one FreeBSD box. We have used Bind9 also and both have advantages. I like djbdns for the ease of editing which is personal taste. Bind9 has more available for GUI front-ends and hooks with other applications. So usually I recommend people start with Bind so as to prove the saying, 'Only the experienced walk with a limp.' That said, you may very well be happy with either as they both power the Net. Dee -- Alaska Wireless Systems http://www.akwireless.net -=- "Take Control of Your E-Mail!" (907)349-4308 Office - AIM = awswired -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: bind9 vs tinydns vs others
On Tue, 2003-12-02 at 09:46, David Zejda wrote: > what do you prefer for authoritative dns? > experiences/stability...? > i have no verbose bind knowledge yet. Please explore the list for a three month very fun discussion about it (i still remember it). > > thanks > David > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: bind9 vs tinydns vs others
On Tue, 2003-12-02 at 09:46, David Zejda wrote: > what do you prefer for authoritative dns? > experiences/stability...? > i have no verbose bind knowledge yet. Please explore the list for a three month very fun discussion about it (i still remember it). > > thanks > David >
Re: bind9 vs tinydns vs others
Bind 9 is a total revamp of Bind 8. Bind8 had a bunch of security holes in it, so tinyDNS and the others came about. Bind9 was a rewrite from scratch with security as a goal. Bind9 is good for all types of general DNS stuff. Tiny-DNS is probably good for some applications, however you are going to find more documentation on Bind than anything else. http://www.nominum.com/getOpenSourceResource.php?id=6 On 02/12/03 16:46 +0100, David Zejda wrote: > what do you prefer for authoritative dns? > experiences/stability...? > i have no verbose bind knowledge yet. > > thanks > David > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- --- *Theodore Knab *Washington College *Systems Engineer/ Systems Security Officer *Maryland, USA --- The nameless root " " @washcoll.edu -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: bind9 vs tinydns vs others
Bind 9 is a total revamp of Bind 8. Bind8 had a bunch of security holes in it, so tinyDNS and the others came about. Bind9 was a rewrite from scratch with security as a goal. Bind9 is good for all types of general DNS stuff. Tiny-DNS is probably good for some applications, however you are going to find more documentation on Bind than anything else. http://www.nominum.com/getOpenSourceResource.php?id=6 On 02/12/03 16:46 +0100, David Zejda wrote: > what do you prefer for authoritative dns? > experiences/stability...? > i have no verbose bind knowledge yet. > > thanks > David > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- --- *Theodore Knab *Washington College *Systems Engineer/ Systems Security Officer *Maryland, USA --- The nameless root " " @washcoll.edu
Re: bind9 vs tinydns vs others
For speed maradns.org. Somwhat more secure djbdns. Regards. At 17:46 02.12.2003, David Zejda wrote: what do you prefer for authoritative dns? experiences/stability...? i have no verbose bind knowledge yet. thanks David -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] --- Acasa.ro vine cu albumele, tu vino doar cu pozele ;) http://poze.acasa.ro/ --- Acasa.ro vine cu albumele, tu vino doar cu pozele ;) http://poze.acasa.ro/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: bind9 vs tinydns vs others
For speed maradns.org. Somwhat more secure djbdns. Regards. At 17:46 02.12.2003, David Zejda wrote: what do you prefer for authoritative dns? experiences/stability...? i have no verbose bind knowledge yet. thanks David -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] --- Acasa.ro vine cu albumele, tu vino doar cu pozele ;) http://poze.acasa.ro/ --- Acasa.ro vine cu albumele, tu vino doar cu pozele ;) http://poze.acasa.ro/
bind9 vs tinydns vs others
what do you prefer for authoritative dns? experiences/stability...? i have no verbose bind knowledge yet. thanks David -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
bind9 vs tinydns vs others
what do you prefer for authoritative dns? experiences/stability...? i have no verbose bind knowledge yet. thanks David
