# Which DNS server software?



## subnetspider (Mar 20, 2022)

Hello everyone,

I want to migrate my current DNS server from a Windows Server to FreeBSD.
The DNS server should have the following features:

Authorative DNS (for my Internal network only)
Resolving DNS
High Availability
So far I have found named(8) (aka. BIND9) and nsd(8) + local-unbound(8) as possibilities, are there any (better) alternatives or recommendations?

I'm also considering using ansible for my DNS zone management, would there be any downsides to manually syncing the zone and config files between two identical DNS Servers instead of using HA?

Thanks in advance


----------



## hardworkingnewbie (Mar 20, 2022)

Well BIND9 is the granddaddy of name servers. It works, but it's also quite old. But then again since it's old there's lot of documentation around.

Unbound and NSD you've already found, note also that Unbound is the default DNS resolver of FreeBSD.

Another implementation, also from the Netherlands, is PowerDNS which also has its own resolver.

And then there's also KnotDNS from CZ.NIC, which also has a resolver as well.

If you want it smaller, there's dnsmasq. Personally I would not use that one.


----------



## Jose (Mar 21, 2022)

There is also Djbdns. The author also has a dated list of DNS software implementations:


			https://cr.yp.to/djbdns/other.html
		


I use BIND. I tried unbound on my Openbsd secondary server back when it became the default on that platform, and switched back to BIND after that secondary crashed silently multiple times. I would find this out at the worst possible time i.e., when taking the primary down for maintenance and discovering that "the Internet is down"* because there was no name resolution on my network.

I use the built-in AXFR zone transfer mechanism, though it has many critics.

* Early in my career, I got so tired of hearing that "the Internet is down", that I started replying with "Really? The whole Internet? This is huge! We've got to alert the media!" It's a wonder I didn't get fired. Anyway, the average user experiences name server problems as an Internet-wide outage.


----------



## Geezer (Mar 21, 2022)

hardworkingnewbie said:


> Well BIND9 is the granddaddy of name servers. It works, but it's also quite old.



Old does not mean not good.

I would recommend it. Works very well. Easy to get going. Does everything you want.


----------



## obsigna (Mar 21, 2022)

0xfe said:


> ...
> 
> Authorative DNS (for my Internal network only)
> Resolving DNS
> High Availability


You can do all that with local-unbound(8) alone. As long as you need the authoritative name service only locally, nsd(8) is not really needed. Some years ago, I wrote a BLog post on how to set up a recursive caching name server in my LAN, employing local-unbound only:





						Netzwerkdienste DNS und DHCP auf dem FreeBSD-Home-Server
					






					obsigna.com
				




Authoritative DNS is absolutely easy to setup. You want to read the chapter about local-zone and related directives in unbound.conf(5).

I know you did not asked for it, however, once you got employed said name services for your LAN using local-unbound, it would be a snap to set up DNS based ad-blocking for your LAN by using my dns/void-zones-tools. For this see:








						GitHub - cyclaero/void-zones-tools: Prepare a list of void zones that can be readily feed into Unbound on FreeBSD
					

Prepare a list of void zones that can be readily feed into Unbound on FreeBSD - GitHub - cyclaero/void-zones-tools: Prepare a list of void zones that can be readily feed into Unbound on FreeBSD




					github.com
				








						Spam-Sperrzonen im DNS des FreeBSD-Home-Servers
					






					obsigna.com


----------



## subnetspider (Mar 22, 2022)

Thanks for all the responses 

I think I will try to run unbound only, if that does't work, unbound and nsd, if even that fails, bind.


----------

