[nSLUG] Looking for a DNS secondary partner

Dan Peterson dpiddy at gmail.com
Mon May 4 10:02:22 ADT 2009


On Sat, May 2, 2009 at 6:40 AM, Michael Crawford <mdcrawford at gmail.com> wrote:
> For my own domains, for the next year or so I'm not at all concerned
> about performance.  I just don't expect to get a lot of traffic.
>
> What I'm the most concerned about is making some kind of mistake in
> the configuration or installation, so that either my service isn't
> reliable, or my servers get 0wnz0r3d.
>
> This because I've never operated my own DNS server before.
>
> In the hopeful event that a year from now I get so many visitors that
> performance *is* an issue, I expect to be experienced enough that I
> can easily get it right.
>
> Given all that, which DNS software do you all think I ought to run?

Here's my piece on this. :)

I've been using djbdns since 2000. It rules. People have their
problems with DJB, the license (which isn't valid anymore), this and
that. But it really is the simplest suite to use once you understand
how it works.

As for its performance, I know it seemed to "lose" the benchmarks in
the blog post but there are at least a couple possible reasons for
that:

* At least BIND will use all memory possible for cache data,
dnscache's default is 1M. I doubt that was changed for the test.
* dnscache's default logging is somewhat verbose; in a busy scenario
such as a benchmark like that it could end up blocking dnscache.

Also, it didn't even test tinydns which is probably more what you're
concerned with. tinydns is the content serving part of djbdns while
dnscache is the recursive resolver. The data tinydns serves is
basically precompiled into a small static database file which usually
ends up being cached in memory. You'll probably never worry about
performance with it.

I highly recommend you check out the pages at
http://cr.yp.to/djbdns.html to get a feel for how things work. If you
have any questions and/or decide to go the djbdns route I'd be happy
to help; find me in #nslug on OFTC as danp or via this email address.

-Dan



More information about the nSLUG mailing list