500pt: Linux DNS server, BIND vs TINYDNS. What are the diffrences, what are the advantages/disadvantages ?

500pt: Linux DNS server, BIND vs TINYDNS. What are the diffrences, what are the advantages/disadvantages ?
OctalysAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Gabriel OrozcoSolution ArchitectCommented:
0
Gabriel OrozcoSolution ArchitectCommented:
these points are for me the worst:

* Does not, and author's code will not, support - DNSSEC, TSIG, IXFR, NOTIFY, EDNS0, IPv6
* Design is focussed on "fixing" security issues in Bind-8 and earlier - Bind 9 fixes these anyway
* Seems to consistently drop a small percentage of queries (Knowles's report)
* No good conversion tools from Bind (might be now, needs checking)
* Slow. Anecdotal reports of high speed unproven. Testing by the author of this paper shows low performance (Knowle's report)

I use bind with dhcpd in order to have dynamic dns internally, and use dns-sec to have many dynamic dns domains out there.

I would never switch to tinydns.
0
evangineerXCommented:
The key point for me as Redimido points out is that Bind is actively maintained whereas djbdns (the package that tinydns is part of) isn't.

There are lots of patches for djbdns available as mentioned at http://tinydns.org/

My advice, if you have a choice between the two use BIND 9 in a chroot.  If in an enterprise setting, do so on a Linux server that has a hardened kernel that specifically restricts chroot making it very hard to break.  Grsecurity supports this (see chroot restrictions on http://www.grsecurity.net/features.php ).
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

evangineerXCommented:
You can read about configuring a chrooted BIND here:
http://www.isc.org/sw/bind/arm93/Bv9ARM.ch07.html#id2567366
0
alextoftCommented:
If you're a novice you might be tempted by TinyDNS. It's easier to work with.

However, you'll probably find that once you're up to speed it won't do half the things you want it to. BIND isn't particularly difficult, but more so than TinyDNS.

Might aswell use the better, more powerful, proven product from the outset than have to change at a later date.
0
OctalysAuthor Commented:
Hi thanks for the answers,

Well I use BIND since day one, my opinion is basicly like DNS=BIND. But sometimes I bump into admins using TinyDNS at BIG ISP's, I just don't know how to convince them. And currently its a BIND vs TinyDNS situation!

So I want to hear more arguments, thank you.
0
Gabriel OrozcoSolution ArchitectCommented:
0
OctalysAuthor Commented:
yeah Its a good comparison, but I have seen it before, its like the only article I can find about this subject.
0
evangineerXCommented:
Octalys,

Trying to convince someone they are wrong is often a losing proposition.  OTOH, if you can show them how to do things that they couldn't do before or how it can make their lives easier then you are on the right track.

It seems to me, that you are dealing with people who are experienced and comfortable with TinyDNS.  Also there maybe a certain amount of job protection going on.  Maintaining TinyDNS may often involve patching it by hand making it a bit more esoteric and specialized to look after than other options.
0
Gabriel OrozcoSolution ArchitectCommented:
Octalys: so I guess your question is other than the one you asked already.

because that question was answered.

What is your real question here?

I wonder evangineerX is answering something you seemed to be looking for
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.