Differences between version 25 and predecessor to the previous major change of BindVsTinyDNS.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 25 | Last edited on Tuesday, June 21, 2005 3:16:15 am | by ChristopherChan | Revert |
| Older page: | version 24 | Last edited on Friday, May 20, 2005 10:07:41 am | by DanielLawson | Revert |
@@ -48,36 +48,32 @@
Cons:
* Violates RFCs
* Doesn't provide referrals by default
-* TinyDNS Doesn't support TCP by default (available with included axfrdns) (still doesn't support normal
queries over [TCP], just [AXFR]s
). DNSCache does.
+* TinyDNS Doesn't support TCP by default (available with included axfrdns which supports both authoritative
queries and zone transfers
). DNSCache does.
* Truncates responses illegally
* Provides strange responses to query types it doesn't support (Violates the "Be liberal in what you accept, conservative in what you generate" principle)
* Without a third-party patch, cant listen on more than one IP address
* Cannot put both TinyDns and DnsCache on the same IP as they both listen on port 53 UDP. See [DNSBestPractices]
* Does not, and author's code will not, support - DNSSEC, TSIG, IXFR, NOTIFY, EDNS0, IPv6
* Design is focussed on "fixing" security issues in Bind-8 and earlier - Bind 9 fixes these anyway
-* Seems to consistently drop a small percentage of queries (Knowles's report, probably outdated)
-* No good conversion tools from Bind (might be now, needs checking)
-* limited hardware/OS support (compared with Bind)
-* Slow. Anecdotal reports of high speed unproven. Testing by the author of this paper shows low performance
-* Slow - Bind 8, Bind 9 ~30 - 40 times faster, Nominium CNS ~ 150 times faster (Knowles's report, probably outdated)
-* DJB has censored negative opinion of his software.
Pros:
The author of this paper didn't have any positive points about djb's DNS suite, although they are widly publicised elsewhere. Some of the more salient, positive points regarding TinyDNS include:
* Single data file manages all zones. This makes management of zones very easy.
* Zone file format is claimed to be more streamlined than bind.
-* Some reports of better speed than BIND under certain configurations. (see notes below).
* Adheres to 'The Unix Way' - lots of small processes doing small tasks, rather than a large monolithic approach
-* Attempts to
use a
quicker, push mechanism for zone transfer - rsync over ssh. Not easily compatable with bind
.
+* Use of cdb format data file allows
use of
quicker, push mechanism for zone transfer - rsync over ssh.
* Written with security in mind from the outset.
* Very easy split-horizon dns setup for dnscache
+* Written to pre ANSI-C specifications and therefore compiles on most if not any Unix platform.
+* cdb data file is non-platform specific and thus the binary cdb file can be copied across to any OS platform and be used without any problems.
Comparison:
-* There are mixed reports on performance
. Knowles's report
is quite old
, it's entirely likely any performance metrics
are long since outdated
. Software
can improve
.
+* As a caching dns, bind is inefficient compared to dnscache and thus drops query requests far more than dnscache although bind maintains by default a 1000 entry deep query queue whereas dnscache only has 200 defined
. However, if not in need of extreme performance, bind will not send out duplicate queries and
is thus less likely to be treated as abusive whereas dnscache does not keep track of queries
, it just sends them out as they come if answers
are not cached
. dnscache suffers from not being multi-threaded and so will only utilize one cpu, and fully if necessary, even if there are more cpus available...but even so, in performance tests involving thousands of queries per second, only it
can handle high loads whereas bind will drop queries.
+* Bind does not go through the thorough checking dnscache does and so it will retrieve records faster by using glue records. eg: Akamai has some really obnoxious dns entries for its worldwide load-balancing service which is used by yahoo.com. Try a dig www.yahoo.com @bindip and a dig www.yahoo.com @dnscacheip. dnscache takes a while before you get an answer
.
* A lot of people cite the file format as big feature. That is, they find tinydns's file format much easier to understand than BIND's. One person likened BIND's file format to a 'programming language' - I wonder if they were confusing it with sendmail?
----
