OpenBSD Journal

Replacement for BIND?

Contributed by jose on from the better-dns-servers dept.

Alejandro Belluscio writes:
"I know today I'm supposed to write "special" news. But in Latinamerica that date is Dec 28, so off I go with some interesting tidbit. After much discussion on the reliability and standards adherence of BIND (like stating that A6 records should be used and AAAA deprecated even thouth the former have been reintated as "experimental") I found a nice, relatively secure DNS server with a BSD license: MaraDNS http://www.maradns.org/ It still doesn't supports IPv6. And supposedly was developed on Linux. But it seems to have been tested on OpenBSD. I think it's worth a look."
I've heard good things about MaraDNS, but I don't know if it's seen enough action. How well has it been performing? I know I'm not terribly pleased with BIND, even after OpenBSD's changes. Has anyone tested the version in ports who wants to give us a review?

(Comments are closed)

Comments

  1. By Joe Abley () jabley@isc.org on http://www.isc.org/

    So where did you get the idea that A6 records are promoted in favour of AAAA records in BIND?

    While A6 was the standards-track proposal for IPv6, that's what BIND promoted. Now that IPv6 has moved to experimental, and AAAA is the standards-track proposal, that's what BIND promotes.

    There are several good alternatives to BIND, and diversity of implementation is always good, but criticising BIND for following internet standards seems strange and wrong.

    Comments

    1. By Alejandro Belluscio () baldusi@hotmail.com on mailto:baldusi@hotmail.com

      A6 record and DNAME have been demoted to experimental two years ago. So for a while the _only_ offical way to express IPv6 addresses through DNS has been the AAAA record. Th funny thing is that the BIND 9.2.2 still says that AAAA are to be deprecated and A6 should be used instead. Just guess who proposed them ;-)

      Comments

      1. By mirabile () on http://MirBSD.BSDadvocacy.org/

        bah, my DNS server only does AAAA and ip6.int;
        I've to manually create the ip6.arpa PTRs.

  2. By W () on

    djbdns is definitely worth a look. I've been using it for years, and I've never had a single problem with this baby. But there's always something that gets in the way, and in this particular case it's its licensing. But the license has never gotten in the way fir my, so no worries for me! :-)

    Comments

    1. By Anonymous Coward () on

      djbdns breaks HIER(7).

      Comments

      1. By W () on

        So?

        Comments

        1. By Anonymous Coward () on

          This is an old can of worms for several reasons:

          djb has placed a restrictive license on the software saying it can only be distributed and packaged/installed the way he specifies. This breaks openbsd's clean directory structure.

          developers personalities aside, djbdns is a good tool to use, and is fairly easy to use (as long as things don't go wrong). I recommend it even if i think the author is a bit foolish when choosing the battles he wants to fight.

      2. By mirabile () on http://MirBSD.BSDadvocacy.org/

        So?

        $ cvs -qz9 -d mirbsd-cvs@bsdadvocacy.org:/cvs co -PA ports/net/djbdns

        Password is "anoncvs"

  3. By floh () floh@blafasel.org on mailto:floh@blafasel.org

    maradns seems to be on hold for a while so don't hold your breath for just that one feature. You might want to read the author's email explaining the slowdown and upcoming events.

    Comments

    1. By Alejandro Belluscio () baldusi@hotmail.com on mailto:baldusi@hotmail.com

      Yep. But I sent the piece of news an April 1st. Hence the introduction. At least he clarified the situation. I want to test ldapdns (in http://nimh.org/code/ldapdns/). I like the idea of having and easy to manage database where I can store users and dns data regardless of how many computers I have. But I still don't understand it well enough to feel it's safe. May be I should try Kerberos + LDAP.

    2. By RC () on

      Yeah, Sam is going to lay off future feature development, but there's no reason someone couldn't write a patch for IPv6 themselves, and see if Sam would be willing to merge it.

      In replies to those e-mails, there were several talking about setting MaraDNS up on sourceforge (or another CVS server), and hence allowing other people to keep developing MaraDNS.

      A lot of people, including myself, like MaraDNS quite a bit. I wouldn't be surprised if more than one person stepped up and offered to maintain the (currently) unstable branch. Here's hoping.

      Comments

      1. By Jeroen Ruigrok van der Werven () asmodai@tendra.org on http://www.tendra.org/

        Actually,

        a colleague and myself have been looking at helping develop it. I need to get in touch with Sam. :)

  4. By Anonymous Coward () on

    There is *NO* reason not to run this.

    Fast, secure, excellent in every way.

    -OSCAR

    Comments

    1. By Dave () on

      here here,
      I personaly couldn't give a toss what the licence says. It's free as in beer and it's works a treat. I'm not on some moral crusade I just want my DNS to work and djbdns does the trick.
      ta-ra
      Dave.

      Comments

      1. By Anonymous Coward () on

        Well, I happen to be on a moral crusade, so djb's license is a problem for me.

    2. By Anonymous Coward () on

      "There is *NO* reason not to run this."

      be wary of what Anonymous Cowardon states as absolute. djbdns forces you to break HIER(7) on your openbsd system.

      Comments

      1. By kremlyn () on

        This may be so, but DNS being the important "glue" that it is, deserves special treatment so as to ensure it is monitored properly as facilitated by daemontools.

      2. By AC () idont@checkit.com on mailto:idont@checkit.com

        Probably it does, but I've been able to make it fit into my notion of where things ought to go on the system pretty well using symlinks to the files and dirs. I haven't read HIER(7), so I don't know if compliance is absolutely achievable, but I bet you can get pretty close.

      3. By Anonymous Coward () on

        OpenBSD breaks HIER as well by putting web data in /var/www

        Comments

        1. By Anonymous Coward () on

          RTFM. hier(7) does not specify the location of web documents.

      4. By mirabile () on http://MirBSD.BSDadvocacy.org/

        So?

        See my other post. That's a port of djbdns with
        and without IPv6 support.

        I have daemontools 0.76 (not 0.70 ;) as well,
        in ports/sysutils/daemontools.

        And everything installs where it belongs to.

  5. By Jedi/Sector One () j@pureftpd.org on http://www.pureftpd.org/

    I like the concept of djbDNS : data is directly server from an indexed file. No need to restart the server or to ask him to reparse a configuration file every time something changes.

    For those who have something against the license, have a look at SheerDNS :

    http://threading.2038bug.com/sheerdns/

  6. By Anonymous Coward () on

    Does it run on OpenBSD?

    Comments

    1. By Troll Hunter D () on

      What is TinyDNS? Oh, it's a subset of djbdns. Haven't we already been talking about djbdns?

      http://cr.yp.to/djbdns/tinydns.html

      To answer the question you should have thought about for a moment before asking: yes.

  7. By Anonymous Coward () on

    How about PowerDNS?
    www.powerdns.com
    they went GPL about a half a year ago.

    GPL, IPv6, MySQL/PGSQL/LDAP.

    Comments

    1. By RC () on

      I hear it's GPLed, and development has stopped (second-hand info).

    2. By Nick () on

      I too am wondering if anyone has tried out PowerDNS. I see that in the email from the MaraDNS author (linked to in a comment above), he mentions PowerDNS as an alternative. Has anyone tried running this on OpenBSD? I see that a port for OpenBSD is at http://www.codeninja.nl/openbsd/powerdns/ but I haven't had a chance to try it out yet. Oh, and it looks like there is still development going on, at least judging by the most recent message in the pdns-dev mailing list (archived at http://www.powerdns.org/ ).

  8. By RC () on

    I know I'm late to the thread, but here's hoping a few people will read this...

    One of the features that has been added to the development version, is very impressive, and I hope to see it in a stable version (and other DNS servers as well).

    Expired DNS records ARE NOT purged! That's right, older records are removed only when they are not popular, and the cache needs more room to store new records.

    If a request is made after the record has expired, it tries to get an update from the upstream DNS server, and uses that. If it cannot get an update after the timeout period, it will continue to use the expired record. What this means is that, even if all the DNS servers are knocked off the internet, as many records as could fit in your DNS cache, will still be available to users of your DNS server.

    This is obviously a very simple, but very good solution to the problem of Root/TLD server unavailability. Customers of large ISPs, which use MaraDNS, will still be able to access a huge number of sites (and definately will have access to the most popular sites) even if no DNS servers are available.

    In addition, sites with incredibly short expirations, will not experience this change. This should prevent any problems with those unusual sites which need such a behavior.

    In other words, everyone should use MaraDNS.

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]