BIND is the caching, authoritative DNS server that is responsible for about 90% of the Internet's DNS system, or more. A number of people dislike BIND however, and are major fans of DanBernstein's TinyDNS.

This page will be a comparison of the two DNS servers. As with most comparisons, it wont be fair or unbiased. If anything, its a rebuttal of all the pro-TinyDns fanboy whining that goes on :)

I'm pulling these points (for now) from Brad Knowle's paper on Name Server Comparison. This paper was focussed on performance of an authoritative or caching nameserver, but discusses the differences in the servers as well.

Bind 8:

Pro:

• Full recursive/caching and authoritative name server implementation
• Recursive/caching and authoritative services can share IP addresses
• Faster than Bind 9
• Wide OS Support
• statistics split by resource record type
• IPv6 Support

Cons:

• Based on Legacy (spaghetti) code
• Single-threaded
• Zone transfers handled externally (fork()/exec())
• Near End of Life
• no statistics for SERVFAIL
• uses way to much cpu for subsequent SERVFAILs

Bind 9:

Pros:

• Full recursive/caching and authoritative name server implementation
• Recursive/caching and authoritative services can share IP addresses
• Ground-up rewrite, secure
• DNS Security - DNSSEC, TSIG
• IPv6 support
• Multi-threaded, multi-proc aware
• DNS Protocol enhancements - IXFR, DDNS, Notify, EDNS0
• Standards conformant
• Split DNS / Views
• highly portable
• Internal Zone Transfer mech
• Drops privilidges, chroot()
• statistics for SERVFAIL
• caches SERVFAILs

Cons:

• Utterly slow with several hundred recursive clients
• Seems to run into problems maintaining cache database after a while and over 250mb cached data
• statistics not split by resource record type
• more context switches due to threading compared to bind8 at same recursive workload

djbdns (TinyDNS / DnsCache?)

Cons:

• Violates RFCs
• Doesn't support zone transfers (uses optional external mech, non standarD)
• Doesn't provide referrals by default
• Doesn't support TCP by default
• Truncates responses illegally
• Provides strange responses to query types it doesn't support (Violates the "Be liberal in what you accept, conservative in what you generate" principle)
• Without a third-party patch, cant listen on more than one IP address
• Cannot put both TinyDns and DnsCache? on the same IP (both listen on port 53 udp)
• Does not, and author's code will not, support - DNSSEC, TSIG, IXFR, NOTIFY, EDNS0, IPv6
• Only supports limited set of record types
• Design is focussed on "fixing" security issues in Bind-8 and earlier - Bind 9 fixes these anyway
• Seems to consistently drop a small percentage of queries
• No good conversion tools from Bind
• limited hardware/OS support (compared with Bind)
• Slow. Anecdotal reports of high speed unproven. Testing by the author of this paper shows low performance
• Slow - Bind 8, Bind 9 30 - 40 times faster,Nominium CNS 150 times faster
• DJB has censored negative opinion of his software.

The author of this paper didn't have any positive points about djb's DNS suite, although they are widly publicised elsewhere. Some of the more salient, positive points regarding TinyDNS include:

• Adheres to 'The Unix Way' - lots of small processes doing small tasks, rather than a large monolithic approach
• Attempts to use a quicker, push mechanism for zone transfer - rsync over ssh. This isn't compatable with bind however?
• Written with security in mind from the outset.