On Saturday 09 Apr 2005 8:29 am, sthaug@nethelp.no wrote:
At the risks of prolonging a thread that should have died Saturday.
- dnscache used *more* CPU than BIND 9 in our environment, effectively ruling it out
dnscache opens a separate port for each request, thus making DNS spoofing harder (unless you can sniff the packets, then you don't care), BIND doesn't do this, relying solely on query id to prevent spoofing (till DNSSEC or similar is deployed). Overly paranoid, perhaps, but I think it is important to understand that performance isn't everything. If you want the best performing DNS server last time Rick looked Microsoft DNS was well ahead of BIND, good luck to anyone trying to use it for a big recursive DNS.
- Weird failures reported from users
I've used dnscache in operational, if not terribly busy role, found like most of DJBs software it does what it says on the tin. It may do a lot less than it's competitors but it does it and keeps doing it. Even if you have to patch it to get it to compile <sigh>.
- Annoying installation process with lots of small programs that we don't want or need
Agreed.