I’ve been setting up a new server lately, and in the process I’ve been reevaluating a lot of the software I use on my servers. One of the things I’ve been dreading more than anything else is moving over DNS services. My old server runs BIND, and has 40+ domain files,not counting reverse lookups.
So I started poking around and found djbdns. So far, I’ve been very impressed with it. It’s built from a number of small, lightweight programs (vs BIND’s monolithic ‘named’), the config file format is less verbose and (slightly) less arcane, it’s reportedly more scalable, and there’s apparently never been a known exploit. It can even automatically version new DNS records and maintain reverse lookups.
Am I missing something here? If djbdns is as great as it appears to be, why is most of the Internet’s DNS traffic still handled by BIND? UNIX admins have a pretty good history of snagging better tools when they come along (sendmail is an increasingly rarer bird, and telnet’s on the way out), so what’s the catch with DNS alternatives?
If you swear by djbdns or another BIND alternative, or have run screaming from one, I’d love to hear from you. Leave a comment.
(Incidentally, the Wikipedia article on DNS that I linked to is by far the clearest explanation of DNS that I’ve ever read. If you’ve always wondered how your PC finds its way around the Internet, have a read).