Honorable mention to Unbound/NSD combo (which is the intended approach in stock OpenBSD and together gets green all across that table), but the DNSSEC automation in recent BIND versions dramatically reduces complexity of cycling keys and probably makes it the best option.
Iāve never really done this. Like, weāve whiteboarded list of requirements and interactions, but never really sketched out the logic and flow control.
Thatās my current recursive combo but I think in getting ready to go purely bind understanding it so well.
Iām just horrendously lazy to change whatās working rn if you feel me. Yeah NSD is good too. Need a bit of work. I think it can do well.
Oh my god you gotta try it on something simple. It catches soooo many bugs ahead of time and letās you really think about how you are approaching the program. Often i find when I donāt do this it risks becoming very spaghetified
I kind of wish we had big mind mapping programs to help us optimize the process. that would be awesome but also exceptionally difficult to create
There are times I trully hate revising records in bind because its actual error output is the worst ive seen. No usefulness
Solid amazing consistent server. Just diagnosing it feels like looking at 90s code
DJB was right.
what?
DJB = Daniel J. Bernstein, the creator of DJB DNS. He was right about Bind sucking ass and that simple programs following the Unix philosophy are better.
Although I havenāt looked on how to get DJB DNS or Unbound to be authoritative and act as a non-recursive DNS.
Edit: I believe he was the inventor of DNSSEC, but I could be wrong.
No he wasnt but
unfortunately the problem is bind is the most modern lightweight implementation that has a complete implementation of standards. Other DNS servers only come close. The closest one I think is powerDNS?
I agree and simple doesnt need to mean it lacks features problem is these days that devs mix up the words simple and minimal
I tend to agree more than I disagree, but code must be kept minimal to some degree.
Also, do not confuse simple with easy (to use).
thats true and Im not. I dont need it to be easy to use if you can well document its simplicity which is another major problem these days
seems there is no winning
ive debated making a showcase of different DNS software and their configurations and documentation etc. I just dont know if thats something people would value.
I would, but it wouldnāt change me trying to avoid bind.
It would be more of a shopping catalogue. A know what im getting into thread
Biky he invented a curve
not the standard. Just found it
also what I mean by complete:
The chart shows it. Completeness is rare as much as BIND is hateable its the most complete solution
Lmao, what the heck even is āSimple DNS Plus?ā And why does that have more features than MS DNS?
Also, I believe given its minimalist nature, djbdns can be extended using other programs and piping stuff into one another. At least thatās what I remember reading.
Although my first choice would likely be Unbound, only because NSD doesnāt have recursive capabilities and those are my only options basically, because Iāll likely be running OpenBSD.
In my person opinion the projects need to be merged. However they do that is up to them but I would love to see the openbsd team do this
PowerDNS looks amazing though for what it is. Coded in C++ and you can choose the syntax you want for the zone filesā¦ as in BIND vs SQL
I thought about what you said about DJB
You know he was right about Bind8 but a BIND9 was a rewrite from scatch. Last I checked it does not suffer from the security issues he spoke of?
Can you get me more sauces?
Most of the hosted DNS systems Iāve seen in the wild are bind9 (small to medium enterprises). Often with web guis that generate the zone files for you, calling ānamed-checkzoneā and ārndc reload zoneā as needed. Though surprisingly many places just hand edit the zone files.
Iāve also seen PowerDNS a few times. Decently powerful, integration is easier (since its just mysql), but Iāve seen at least one integration that had issues due to bad programming.
Interesting side content, you can often see what version of bind someone is running, and the hostname of the server:
dig chaos txt version.bind @nameserver
dig chaos txt hostname.bind @nameserver