bind vs djbdns

D. J. Bernstein 75628121832146-bind at sublist.cr.yp.to
Wed Aug 30 18:21:32 UTC 2000 

Jim Reid writes:
> BTW BIND9's architecture allows for DNS data to be served from other
> things beside zone files: like an RDBMS or LDAP repository.

The djbdns server architecture has the same flexibility, with a much
cleaner internal interface. This is why it already supports a fast
on-disk database for tinydns. The package also includes three
special-purpose servers using different types of data:

   * pickdns, for load balancing and client differentiation;
   * walldns, for reverse DNS walls;
   * rbldns, for publishing RBL-type lists.

It's interesting that the BIND company recently stopped providing TXT
records for the RSS list because it was having trouble with the large
zone file. The same amount of data is trivial to handle with rbldns.

Supposedly you guys---the BIND company and its financial partners---
received tons of money for BIND 9 programming. So why are you having so
much trouble implementing something as basic as an on-disk hash table?
This isn't rocket science.

> Whether caching-only servers are more common or not is irrelevant.

On the contrary. The installation, configuration, and maintenance
advantages of djbdns are particularly obvious for pure caches. Some
sites run pure caches on practically every workstation. This is a large
part of the DNS market, and it's not an easy one to accurately survey.

But my question was a different one. Why exactly did you say ``roughly
90% of the world's name servers run BIND''? Did you look up an old
in-addr.arpa survey? Which one? Why didn't you look at the current one?
Did you simply make up a number that you thought would sound good?

> Why didn't you explicitly tell us whether djbdns supports
> DNSSEC, TSIG, IXFR and RRs for IPv6 or not?

IPv6 records: I'm not sure whether you mean the obsolete AAAA records or
the experimental A6 records. Anyway, as you already know, tinydns
supports all record types.

DNSSEC: I already pointed you to http://cr.yp.to/djbdns/forgery.html. My
top priority for djbdns is to implement an anti-forgery system that
actually works.

TSIG and IXFR: For replication, ssh and rsync do a much better job. For
client-to-cache communication, IPSEC does a better job. I don't think
I've had even one request for TSIG or IXFR from my users.

---Dan

More information about the bind-users mailing list