support-spamassassin at oeko
Jul 5, 2011, 1:30 AM
Post #16 of 18
Re: SpamTips.org: Why run your own DNS server?
[In reply to]
On Tue, 05.07.2011 at 07:18:30 +0000, Jason Ede <J.Ede [at] birchenallhowden> wrote:
> Andreas Schulze [mailto:sca [at] andreasschulze] wrote:
> > - bind (off course)
although I'm sure that it was meant in a different way, "off course"
hits the nail right onto the head, imnsho.
> Are there any figures on the relative merits/speeds of these servers?
> Bind is the default on at least redhat based installations.
Bind has the following widely acknowledged properties:
* a plethora of security problems across all versions
* generates high system loads
* notoriously hard to configure
* (also partially) their own brand of DNS standards
* and an a**h*le style support ("pay through your nose, and you'll get
security fixes x months in advance")
Therefore, at least some people are striving to replace Bind with other
software. Although I'm far from intimate to the decision, OpenBSD has
imported NSD into their base quite some time ago, and ships it with
their current release 4.9 in the base system. Afaik, the plan is to
deprecate Bind some time down the road. NSD is by the same guys who
(later) wrote unbound, and it was, afair, partially funded by RIPE.
Subjectively, and without any kind of benchmarking, I can only say that
both dnscache and unbound perform at least five, but probably more like
ten times as fast as Bind does.