# BIND sucks. Any suggestions for securing DNS?



## Chris_H (Jul 31, 2013)

Greetings,

BIND was cool when it was part of Berkeley, but it just seems to suck more, and more since ISC maintains it. Seemingly simple tasks generally offer terse, or otherwise cryptic answers/solutions. In this case, I'm referring to DNSSEC. It's not bad enough it went through some 13 permutations, before being what it is today. The result seems to be a jumble of conflicting information. In the end; the task is overly burdensome. I have no qualms dumping BIND for something else. In fact I seriously considered dns/unbound when it first came out. But given that was "authoritative only" (no recursion). I couldn't see how that would help with my secondaries (slaves). If I can't provide them with the  recursive bit. Anyway, the time has come (long overdue) for me to sign my zones. So I was hoping others might share their experiences, suggestions, ports, that made the whole job less "sucky". 

EDIT: Correction; NSD is authoritative only, unbound is recursive. ;P

Thank you for all your time, and consideration.

--chris


----------

