[dns-operations] Database backed DNS Management Solutions

Shane Kerr shane at ca.afilias.info
Wed Feb 4 10:41:02 UTC 2009 

Ross,

On Tue, 2009-02-03 at 21:15 -0800, Ross Dmochowski wrote:
> If anyone has any success/horror stories about PowerDNS, BIND-DLZ, or 
> a system like ProBind2 or NetDB (from Stanford) to manage BIND and its configurations
> in a DB, I would be very interested in hearing them. :-)

We use BIND and NSD for our current DNS needs, but we were recently
motivated by the need for a DNS server that does not store zones in RAM,
because we were told that we would be hosting hundreds of thousands if
not millions of zones (perhaps over-optimistic sales folks, but better
safe than sorry).

BIND started to have long load times after we tested with about 100k
*empty* zones. When we tried putting simulated data in there, the load
took more than an hour and used more than 16 gibibyte of RAM.

There do not appear to be too many options in this space. We could
basically choose from tinydns, BIND-DLZ, and PowerDNS. tinydns is not an
option from my point of view. BIND-DLZ seems to suffer from a lot of
bit-rot - it is basically a contributed piece of code that seems unloved
by anyone. PowerDNS on the other hand, is actively maintained, has
documentation that even I can understand, and has a paid support option.

Having said that... PowerDNS is missing a lot of features that an
experienced BIND user will find hard to live without:

      * IXFR
      * TSIG
      * EDNS0

It was also missing such niceties as slave support for non-standard
ports, also-notify, ID.SERVER, but there are (now) patches for these.
Your personal favorite BIND feature is probably also not there, whatever
that happens to be.

DNSSEC is totally missing, if you care about such things.

Query rate on the version that I tested was about 10% of BIND on the
same box (BIND did 59k queries/sec, NSD 77k queries/sec, and PowerDNS
5840 queries/sec). In a fit of stupidity, I did not note which versions
were tested, but it is probably BIND 9.5, NSD 3.2, and PowerDNS 2.9.21.
Not a rigorous benchmark, but I think this should give you an idea about
the kind of performance you can expect. Disks are slower than memory, it
turns out. :)

--
Shane

More information about the dns-operations mailing list