djbdns

If after reading or skimming my BIND hints you’re still suspicious of BIND’s size, complexity, and history, you may wish to try djbdns, Daniel J. Bernstein’s lightweight but robust alternative. My esteemed colleague and friend, Bill Lubanovic, a web consultant and designer of note, is such a person. He’s written most of what follows.

While this section makes particular note of djbdns' security features, our intent is to provide a general primer on djbdns use. This is justified (we hope) for two reasons. First, the very act of choosing djbdns rather than BIND has positive security ramifications, if for no other reason than it “diversifies the DNS gene pool.” Second, while widely used, djbdns hasn’t yet received much treatment in the print media, so this primer is one of the first of its kind (if not the first).

If neither of these assumptions seems compelling to you, you needn’t feel guilty for sticking with BIND (provided you run Version 9 and take the time to configure, secure, and maintain it carefully). For what it’s worth, I’m a BIND v9 user myself.

What Is djbdns?

BIND can be considered the nuclear-powered kitchen sink, blender, and floor polisher of DNS software. It gurgles busily in the corner and occasionally springs a leak or explodes. Despite its market share, it’s an old machine with spotty maintenance records.

djbdns, then, is the set of tools that you’d find at a DNS specialty store: simple, secure, fast, and safe when used as directed. Almost unnoticed, this package ...

Get Building Secure Servers with Linux now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.