On Thu, Apr 19, 2012 at 11:07:01PM -0700, Rick Moen wrote:
I use it for a very small virtual-machine host that's extremely memory-constrained, and it's been a champ. Memory footprint is _markedly_ better than BIND9's.
good. that's the main reason i looked at nsd a few years ago, it was supposed to use much less memory than bind.
rick@gruyere:~$ ps auxw | grep nsd | grep -v grep nsd 32007 0.0 0.0 3536 116 ? S Mar27 0:00 /usr/sbin/nsd -f /var/lib/nsd/nsd.db -P /var/run/nsd.pid -u nsd nsd 32008 0.0 0.0 3928 236 ? S Mar27 0:12 /usr/sbin/nsd -f /var/lib/nsd/nsd.db -P /var/run/nsd.pid -u nsd
[rick@linuxmafia]~$ ps auxw | grep named | grep -v grep bind 18665 0.1 2.5 84872 39004 ? Ssl Mar27 66:19 /usr/sbin/named -4 -u bind
is bind running as recursive cache too, or just authoritative server? if both, how much memory does unbound use to do the recursive cache part of what bind's doing?
NSD's performance/throughput is also a great deal better, if that matters.
not to me, my name server is never likely to be under anywhere near enough load for performance to be an issue. even if it came under some kind of port 53 DoS attack, my ADSL2 line is going to melt down under the traffic long before bind starts breaking a sweat on a six-core AMD 1090T machine. even if i moved it to the celeron 900 on my eeepc it would be fine.
The administrative tools and some of the procedures take a little getting used to. I have some notes that I can send if you ever need them.
but overall, i just don't see any compelling reason to switch from bind9 or ISC dhcpd. they meet my needs and don't cause me any problems.
My opinion, yours for a small fee and waiver of reverse-engineering rights: BIND is a slow, RAM-grabbing, overfeatured, monolithic daemon binary. Alteratives are always worth checking out.
yeah, well, if bind ever annoys me enough in future, i'll take another look at nsd and other alternatives. in the meantime, bind does the job. it's more than good enough for my little home name-server serving my own little domains. it's good enough for a handful of domains at work too. since i don't work in the ISP industry any more, i don't have to care much about high-performance DNS or managing tens of thousands of domains. also, i need something that acts as both an authoritative and a recursive name-server. from memory, it was difficult or impossible to set that up on the same machine/IP with nsd & unbound. craig -- craig sanders <cas@taz.net.au> BOFH excuse #371: Incorrectly configured static routes on the corerouters.