Which DNS server software?

subnetspider

subnetspider

Hello everyone,

I want to migrate my current DNS server from a Windows Server to FreeBSD.
The DNS server should have the following features:
  • Authorative DNS (for my Internal network only)
  • Resolving DNS
  • High Availability
So far I have found named(8) (aka. BIND9) and nsd(8) + local-unbound(8) as possibilities, are there any (better) alternatives or recommendations?

I'm also considering using ansible for my DNS zone management, would there be any downsides to manually syncing the zone and config files between two identical DNS Servers instead of using HA?

Thanks in advance :)
 
Well BIND9 is the granddaddy of name servers. It works, but it's also quite old. But then again since it's old there's lot of documentation around.

Unbound and NSD you've already found, note also that Unbound is the default DNS resolver of FreeBSD.

Another implementation, also from the Netherlands, is PowerDNS which also has its own resolver.

And then there's also KnotDNS from CZ.NIC, which also has a resolver as well.

If you want it smaller, there's dnsmasq. Personally I would not use that one.
 
There is also Djbdns. The author also has a dated list of DNS software implementations:

I use BIND. I tried unbound on my Openbsd secondary server back when it became the default on that platform, and switched back to BIND after that secondary crashed silently multiple times. I would find this out at the worst possible time i.e., when taking the primary down for maintenance and discovering that "the Internet is down"* because there was no name resolution on my network.

I use the built-in AXFR zone transfer mechanism, though it has many critics.

* Early in my career, I got so tired of hearing that "the Internet is down", that I started replying with "Really? The whole Internet? This is huge! We've got to alert the media!" It's a wonder I didn't get fired. Anyway, the average user experiences name server problems as an Internet-wide outage.
 
0xfe said:
...
  • Authorative DNS (for my Internal network only)
  • Resolving DNS
  • High Availability
Click to expand...
You can do all that with local-unbound(8) alone. As long as you need the authoritative name service only locally, nsd(8) is not really needed. Some years ago, I wrote a BLog post on how to set up a recursive caching name server in my LAN, employing local-unbound only:

Netzwerkdienste DNS und DHCP auf dem FreeBSD-Home-Server

obsigna.com obsigna.com

Authoritative DNS is absolutely easy to setup. You want to read the chapter about local-zone and related directives in unbound.conf(5).

I know you did not asked for it, however, once you got employed said name services for your LAN using local-unbound, it would be a snap to set up DNS based ad-blocking for your LAN by using my dns/void-zones-tools. For this see:
github.com

GitHub - cyclaero/void-zones-tools: Prepare a list of void zones that can be readily feed into Unbound on FreeBSD

Prepare a list of void zones that can be readily feed into Unbound on FreeBSD - cyclaero/void-zones-tools
github.com github.com

Spam-Sperrzonen im DNS des FreeBSD-Home-Servers

obsigna.com obsigna.com
 
Thanks for all the responses :)

I think I will try to run unbound only, if that does't work, unbound and nsd, if even that fails, bind.
 
You must log in or register to reply here.
Back
Top