[buug] DNS on OpenBSD

f.johan.beisser jan at caustic.org
Thu Oct 31 17:37:25 PST 2002 

On Thu, 31 Oct 2002, N. Thomas wrote:

> I looked into it a bit, and whittled it down to these:
>
>     bind4  - comes with OpenBSD

native, well toured code. comes preconfigured for a chrooted environment.

>     bind9  - latest version from ISC

supports v6 natively (if you need it) good for some applications (views
being one of my fave concepts, even if implementing them is less than
easy)

>     djbdns - I've heard good things about it, and I don't care about the
>              licensing (my morals are lax)

it's broken. it doesn't follow most standards, and djb doesn't care to
make it conform. licensing aside, djb will gladly stake you to the ground,
and not commit any bugfixes (you didn't make any changes to his code, did
you?) you provide. "they're features, you shmuck" -- djb

> Normally I would just use the vendor supplied program, but I was looking
> through a DNS book the other day (Langfeldt, Que) and it put the fear of God
> into me about using bind4. Bind9 is what the book recommended, and
> everywhere I turn I hear about djbdns.

i would go with bind9, since i'm more familiar with bind8/9 syntax. chroot
it, and ignore it.

> I'm not looking to do anything difficult, just provide name resolution and
> possibly some caching.

cacheing is the best thing about having your own DNS.

> Would anyone like to share some information on the topic?

i think i summed it all up there.

the only real reason for not using bind4 is the old config files. the
OpenBSD team has toured it fairly well, and uses it in production
themselves. to the best of my knowledge, there's not been recent bind4
exploit that worked against OpenBSDs version.

i can't say the same for bind8 or bind9. since you're not looking for
anything heavy duty, or featureful, there's more than just those 3
versions out there.

there's also maradns <http://www.maradns.org>, amongst others.

-------/ f. johan beisser /--------------------------------------+
  http://caustic.org/~jan                      jan at caustic.org
	"Champagne for my real friends, real pain for
	  my sham friends." -- Tom Waits

More information about the buug mailing list