reading or skimming my BIND hints you’re still
suspicious of BIND’s size, complexity, and history,
you may wish to try
djbdns, Daniel J.
Bernstein’s lightweight but robust alternative. My
esteemed colleague and friend, Bill Lubanovic, a web consultant and designer of
note, is such a person. He’s written most of what
While this section makes particular note of
djbdns' security features, our
intent is to provide a general primer on
use. This is justified (we hope) for two reasons. First, the very act
djbdns rather than BIND has positive
security ramifications, if for no other reason than it
“diversifies the DNS gene pool.”
Second, while widely used,
hasn’t yet received much treatment in the print
media, so this primer is one of the first of its kind (if not
If neither of these assumptions seems compelling to you, you needn’t feel guilty for sticking with BIND (provided you run Version 9 and take the time to configure, secure, and maintain it carefully). For what it’s worth, I’m a BIND v9 user myself.
BIND can be considered the nuclear-powered kitchen sink, blender, and floor polisher of DNS software. It gurgles busily in the corner and occasionally springs a leak or explodes. Despite its market share, it’s an old machine with spotty maintenance records.
djbdns, then, is the set of tools that you’d find at a DNS specialty store: simple, secure, fast, and safe when used as directed. Almost unnoticed, this package ...