djbdns
If after
reading or skimming my BIND hints you’re still
suspicious of BIND’s size, complexity, and history,
you may wish to try djbdns, Daniel J.
Bernstein’s lightweight but robust alternative. My
esteemed colleague and friend, Bill Lubanovic, a web consultant and designer of
note, is such a person. He’s written most of what
follows.
While this section makes particular note of
djbdns' security features, our
intent is to provide a general primer on djbdns
use. This is justified (we hope) for two reasons. First, the very act
of choosing djbdns rather than BIND has positive
security ramifications, if for no other reason than it
“diversifies the DNS gene pool.”
Second, while widely used, djbdns
hasn’t yet received much treatment in the print
media, so this primer is one of the first of its kind (if not
the first).
If neither of these assumptions seems compelling to you, you needn’t feel guilty for sticking with BIND (provided you run Version 9 and take the time to configure, secure, and maintain it carefully). For what it’s worth, I’m a BIND v9 user myself.
What Is djbdns?
BIND can be considered the nuclear-powered kitchen sink, blender, and floor polisher of DNS software. It gurgles busily in the corner and occasionally springs a leak or explodes. Despite its market share, it’s an old machine with spotty maintenance records.
djbdns, then, is the set of tools that you’d find at a DNS specialty store: simple, secure, fast, and safe when used as directed. Almost unnoticed, this package ...
Get Building Secure Servers with Linux now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
