Oh, meant to add:
- powerdns is serious overkill for my needs (home server with only a few domains).
Yeah. $WORK did a massive conversion of hundreds of domains from BIND9 to PowerDNS Authoritative Server, and there were various problems along the way. I'm not convinced it was a good idea, even for a large Internet firm that does that many domains. Probably on balance (gains in performance and security), but with some reservations.
I recently stumbled upon a (new?) feature of BIND9's 'rndc' control utility that reduces the relative attraction of PowerDNS: ability to add/remove zones without restarting BIND: Problem You want to add a new zone or delete an existing zone without restarting or reloading a name server. Solution Add a new zone statement to named.conf or delete an existing one, then run rndc reconfig (for BIND 9) or ndc reconfig (for BIND 8). https://www.safaribooksonline.com/library/view/dns-bind/0596004109/ch05s07.h... At $WORK prior to the changeover to PowerDNS, we had greatly reduced the risk inherent in restarting BIND9 by building into our rollout process what they flattered me by naming the 'Rick test' using BIND9's named-checkconf utility: #Double-check BIND conffile: /usr/sbin/named-checkconf -z -t /var/named/chroot/ /etc/named.conf | \ egrep 'missing|not allowed|unknown|not at top of zone|\ appears to be an address|no current owner name|MAXTTL|file not found|\ may not be used with|outside epoch|in future|invalid|unsupported|no TTL|\ ignoring| TTL set to prior TTL' | sort -u #Should return null. This 'lints' the conffiles and all referenced zonefiles (-z), giving you advance warning of problems that might either prevent BIND9 startup or invalidate individual zones at load time. This alone prevented a lot of downtime. And 'rndc relaod [zone]' eliminated most restarts. _However_, ability to add/remove zones without restarting BIND is huge, and should eliminate almost all restarts.