faqts : Computers : Internet : Domain Names : djbdns

+ Search
 Add Entry AlertManage Folder Edit Entry Add page to http://del.icio.us/
Did You Find This Entry Useful?

263 of 269 people (98%) answered Yes
Recently 10 of 10 people (100%) answered Yes

Entry

What is djbdns?
What is djbdns?

Aug 25th, 2001 00:57
Brian Coogan, 


djbdns is a DNS server which replaces BIND (aka named). It is secure, 
significantly easier to manage, reliable, small, and fast.
It was developed by Dan Bernstein who is the author of a number of 
other widely used and robust tools, the most notable of which is 
probably qmail (see http://qmail.faqts.org).  Dan has many years of 
experience in developing high quality software and qmail has developed 
an enormous following due to its simplicity, stability, and superior 
security.
djbdns is the first real competition for Bind.  It is used by many 
large sites including ISPs and well-known corporations, and garnered 
increasing interest around the time a number of serious security flaws 
were exposed in Bind.  Unlike Bind, djbdns comes with a financial 
security guarantee from the author!  The guarantee is made possible by 
the fact that djbdns runs in a chroot jail with a non-root userid and 
is designed for security from the ground up.
As with qmail, djbdns implements a number of paradigm shifts which make 
understanding and managing DNS a lot simpler -- once you have 
understood the shifts!
Probably the major shift is that djbdns separates the DNS content 
server (tinydns) from the DNS caching resolver (dnscache).  Although 
this presents a different model to that of Bind, it actually clarifies 
what is going on and makes administration simpler in the long term.  
Other differences include automatic replication to secondaries of new 
subdomains/zones, simpler (easily parseable) data file format, auto 
reverse record generation, auto serial number maintenance, syntax 
errors at time of edit rather than in logfiles, ability to update data 
without restarting, auto-restart, beautifully simple forwarding proxy 
cache setup (ie "split-horizon"), and a secure chroot environment as 
mentioned.
To find out more benefits, check out the following URL from the author:
   http://cr.yp.to/djbdns/blurb.html
To get started, see the next FAQ entry in this FAQ.  As Dan Bernstein 
says, "It works for citysearch.com. It works for pobox.com. It works 
for the third-largest and fourth-largest domain hosting companies on 
the Internet, which together handle more than 500000 .com's and .net's 
and .org's. It'll work for you too."
[By the way - please rate useful answers in this FAQ by clicking on the 
YES button at the right, and please click on NO if you find a 
particular answer confusing (email me why if you can), for the sake of 
my personal encouragement!  If nobody looks at this I'll stop doing 
it!! :)]