Hi Jay! On 23 Apr 2009, at 22:50, Jay Daley wrote:
I would go even further and suggest everyone use unbound in preference to any other caching resolver. It is extremely well designed, coded, tested and supported. I'm sure BIND10 will be as well but for now, as is natural, BIND9 has been leap-frogged by the more recently released product.
It used to be that BIND9 was a sick pig of a resolver, but its performance has improved dramatically somewhere along the 9.5 release train. I run two resolvers that serve about 35,000 DSL-attached users in Ontario and Québec and 9.5 runs just fine. I also run unbound in my home/office network, and it seems to do what it says on the box. I still find occasional corner cases which lead to persistent inability to resolve things with unbound that I have not yet had time to properly debug, though, which is mainly what has stopped me from replacing one of the resolvers mentioned above with unbound. I would agree that it is definitely worth trying, though. There are a lot of clever hooks and fancy bits under unbound's hood, and Wouter and co are pleasantly responsive to problem reports. Unbound also has the distinct advantage that it's not BIND, so if you are interested in software diversity a mixture of the two might give you some protection in the event of a zero-day exploit that affects just one of them. BIND10's release timeline is long enough that I don't think it even enters into the picture today unless you're deliberating over software you might run in 5 years time. Joe