?
Solved

500pt: Linux DNS server, BIND vs TINYDNS. What are the diffrences, what are the advantages/disadvantages ?

Posted on 2006-04-21
10
Medium Priority
?
897 Views
Last Modified: 2012-05-05
500pt: Linux DNS server, BIND vs TINYDNS. What are the diffrences, what are the advantages/disadvantages ?
0
Comment
Question by:Octalys
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 19

Assisted Solution

by:Gabriel Orozco
Gabriel Orozco earned 800 total points
ID: 16512173
0
 
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 16512211
these points are for me the worst:

* Does not, and author's code will not, support - DNSSEC, TSIG, IXFR, NOTIFY, EDNS0, IPv6
* Design is focussed on "fixing" security issues in Bind-8 and earlier - Bind 9 fixes these anyway
* Seems to consistently drop a small percentage of queries (Knowles's report)
* No good conversion tools from Bind (might be now, needs checking)
* Slow. Anecdotal reports of high speed unproven. Testing by the author of this paper shows low performance (Knowle's report)

I use bind with dhcpd in order to have dynamic dns internally, and use dns-sec to have many dynamic dns domains out there.

I would never switch to tinydns.
0
 
LVL 3

Accepted Solution

by:
evangineerX earned 1200 total points
ID: 16512604
The key point for me as Redimido points out is that Bind is actively maintained whereas djbdns (the package that tinydns is part of) isn't.

There are lots of patches for djbdns available as mentioned at http://tinydns.org/

My advice, if you have a choice between the two use BIND 9 in a chroot.  If in an enterprise setting, do so on a Linux server that has a hardened kernel that specifically restricts chroot making it very hard to break.  Grsecurity supports this (see chroot restrictions on http://www.grsecurity.net/features.php ).
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 3

Expert Comment

by:evangineerX
ID: 16512648
You can read about configuring a chrooted BIND here:
http://www.isc.org/sw/bind/arm93/Bv9ARM.ch07.html#id2567366
0
 
LVL 19

Expert Comment

by:alextoft
ID: 16513868
If you're a novice you might be tempted by TinyDNS. It's easier to work with.

However, you'll probably find that once you're up to speed it won't do half the things you want it to. BIND isn't particularly difficult, but more so than TinyDNS.

Might aswell use the better, more powerful, proven product from the outset than have to change at a later date.
0
 

Author Comment

by:Octalys
ID: 16514588
Hi thanks for the answers,

Well I use BIND since day one, my opinion is basicly like DNS=BIND. But sometimes I bump into admins using TinyDNS at BIG ISP's, I just don't know how to convince them. And currently its a BIND vs TinyDNS situation!

So I want to hear more arguments, thank you.
0
 
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 16515106
0
 

Author Comment

by:Octalys
ID: 16516000
yeah Its a good comparison, but I have seen it before, its like the only article I can find about this subject.
0
 
LVL 3

Assisted Solution

by:evangineerX
evangineerX earned 1200 total points
ID: 16517050
Octalys,

Trying to convince someone they are wrong is often a losing proposition.  OTOH, if you can show them how to do things that they couldn't do before or how it can make their lives easier then you are on the right track.

It seems to me, that you are dealing with people who are experienced and comfortable with TinyDNS.  Also there maybe a certain amount of job protection going on.  Maintaining TinyDNS may often involve patching it by hand making it a bit more esoteric and specialized to look after than other options.
0
 
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 16522252
Octalys: so I guess your question is other than the one you asked already.

because that question was answered.

What is your real question here?

I wonder evangineerX is answering something you seemed to be looking for
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question