Upgrade to Pro — share decks privately, control downloads, hide ads and more …

FLOSS DNS servers

FLOSS DNS servers

Jan-Piet Mens

March 17, 2016
Tweet

More Decks by Jan-Piet Mens

Other Decks in Technology

Transcript

  1. Multiple Choice
    Open Source DNS Servers
    Jan-Piet Mens
    March 2016
    @jpmens

    View full-size slide

  2. @jpmens: consultant,
    author, architect, part-time
    admin, small-scale fiddler,
    loves DNS, MQTT,
    plain text, and things
    that work. Thought up
    OwnTracks, and made jo.

    View full-size slide

  3. a selection of open
    source DNS servers
    authoritative or
    recursive (or both)

    View full-size slide

  4. dnsmasq
    recursive, authoritative for /etc/hosts, DHCP (v4, v6),
    DNSSEC validation

    View full-size slide

  5. Unbound
    local-data, DNSSEC, dnssec-trigger, +win32, embeddable,
    fast, rate-limiting, extensible with Python, qname minimization

    View full-size slide

  6. NSD 4
    very fast, TSIG + DNSSEC, zone compiler, root,

    addzone/delzone, and RRL

    View full-size slide

  7. BIND
    full reference implementation, TSIG, DNSSEC, +win32, SDB,
    DLZ, RFC 2136, ram-hungry, RPZ, views, RRL

    View full-size slide

  8. BIND 10
    completely different. Python, C++, REST, DHCP

    View full-size slide

  9. PowerDNS
    authoritative
    lots of back-ends (SQL, LDAP, pipe), DNSSEC, master/slave/
    native, supermaster, pdnsutil

    View full-size slide

  10. PowerDNS Recursor
    local zones, serves /etc/hosts, DNSSEC validation, fast,
    monitoring, Lua

    View full-size slide

  11. Knot
    master/slave, AXFR/IXFR, RFC 2136, addzone,
    reconfiguration, DNSSEC signing, RRL

    View full-size slide

  12. Knot DNS Resolver
    DNSSEC, NTA, Lua, RFC 5011, {memcached|Redis}-backed
    cache, Graphite, etcd

    View full-size slide

  13. Yadifa
    authoritative, DNSSEC, RFC 2136

    View full-size slide

  14. "I had ___, now ___,
    and it doesn't work"
    why did you break it?

    View full-size slide

  15. mens.de/:/book

    View full-size slide

  16. It's not always a fscking
    DNS problem.

    View full-size slide

  17. dnssexy.net
    dig it!

    View full-size slide