Quoting Craig Sanders (cas@taz.net.au):
it's been years since I used them, but both maradns and dnsmasq do a reasonable job too (dnsmasq can also do dhcp and tftp).
i can't remember if unbound can do this or not, but both dnsmasq and maradns can also do some authoritative DNS - not as good as bind, but good enough for maintaining local hostname entries.
Unbound does not do local-only authoritive service the way Dnsmasq and MaraDNS do, just recursive service. OTOH, Dnsmasq is only a forwarder, with no recursive abilities. (But Dnsmasq referring queries to a recursive server such as Unbound would give you the best of both worlds.) MaraDNS continues to be a good option, especially now that Sam Trenholme has rewritten the recursor from scratch and dropped in the replacement 'Deadwood' recursor codebase instead of his original, somewhat problematic design. And yes, it does do local authoritative zones. (Fair disclosure: Sam is a friend of mine.)
powerdns just seems like massive overkill for a tiny little internet gateway box. it's designed for very large ISP and DNS service providers, with a need for great flexibility in where DNS data is sourced (e.g. flat files, databases, whatever) and huge numbers of domains.
Yeah, we use it at $DAYJOB. FYI, 'DNS Servers' on http://linuxmafia.com/kb/Network_Other has my bestiary of all known DNS software available for Linux. I specify the capabilities of each, e.g. recursive, authoritative, forwarder.
PS: i personally use bind9 but only because it's the only thing that conveniently does both authoritative and recursive DNS in the one program - and my auth dns MUST be on my gateway box's IP address of 203.16.167.1. i need both auth & recursive and don't want to run two nameservers.
Yeah, I have the same problem. FWIW, one standard setup for PowerDNS involves running the authoritative server and the recursive server on the same host with the recursive server bound only to loopback on a high-numbered port. The authoritative server answers directly any queries in its bailiwick but forwards to the local recursive server any that aren't. It turns out, one can run nsd bound to a high-numbered port and forward queries from Unbound to it, like this in unbound.conf: stub-zone: name: "mdylocalnet.com" stub-addr: 127.0.0.1@53530 See: https://wiki.archlinux.org/index.php/Nsd https://wiki.archlinux.org/index.php/Unbound https://calomel.org/unbound_dns.html The other way around the problem of separate recursive and authoritative servers on the same host both needing to bind to 53/tcp is IP aliasing, which might be cleaner and less of a headache, dunno. One way or the other, I'm going to do such a thing next rebuild and finally lose BIND9.