On Mon, Jun 1, 2009 at 12:59 PM, Ben Matthew <Ben.Matthew@timlradio.co.uk>wrote:
Anyway my company currently uses BIND for our DNS requirements (9.6.0). I'm always pretty keen on updating, when advised to, in order to patch vulnerabilities and so forth as we have a fairly popular website and I'm sure there's lots of nasty little tykes out there ready to try and take us down. I have six servers in total, two multi-homed servers for ordinary DNS and four servers running an Anycast network (2 x master and slave).
Anyway I've recently been investigating other options for DNS as, like many companies currently, we've laid off a bunch of staff and the overhead for maintaining BIND is quite high if done, like us, unassisted and you are editing zone files in a text editor.
You don't necessarily need to move away from Bind but what you do need is a better backend. Certainly you should avoid Webmin and trying to automate changes to BIND zone files as this gets really messy and unmaintainable very quickly. You can use Bind9 DLZ and MySQL or LDAP. I didn't find this all that easy to package or manage though. Personally, for scalable authoritative DNS I think PowerDNS is far better especially with an LDAP backend as LDAP is trivial to replicate over large numbers of slaves. An interface to LDAP for DNS was also a trivial project for us. If you don't need so much scalability there are existing web interfaces for PowerDNS using the MySQL backend. https://webdns.bountysource.com/ https://www.poweradmin.org/trac/