What I want in a caching nameserver
What the world needs is a good caching nameserver. What brought this on is that I am currently flirting with yet another caching nameserver, which is something that I do from time to time because every caching nameserver I've ever found sucks in its own way. This is actually somewhat surprising to me, because at one level the job is not all that difficult so you'd think that someone would have written a sane implementation by now.
(Possibly the DNS system actually is sufficiently difficult that it drives every implementer insane. Sadly I can believe it; DNS is both baroque and peculiar, and I'm sure there are lots of dark corners.)
What I want in a caching nameserver, beyond 'works', is:
- it can forward queries for some zone(s) off to other recursive (caching) nameservers, as recursive queries.
- it can send queries for some zone(s) directly to primary nameservers,
as non-recursive queries.
- it has a sane and small configuration system. I am not interesting in anything that requires a SQL server, for example.
- it has a small memory footprint.
The first and second give you different ways of splicing in local zones so that you can resolve private internal names and you can still resolve things in your own organization even when your Internet link is down. I need both; sometimes I want to do a recursive query to another caching nameserver that handles all the details, and sometimes I want to talk directly to a primary nameserver that will laugh at me if I send it DNS queries that are marked as 'recursion allowed'.
DJ Bernstein's dnscache is the usual recommendation but it falls down on the first issue (and arguably on the second one as well, depending on how you interpret what it should do if it gets NSes back); it's what I normally use (because years ago I got horribly offended at Bind's memory usage). My current flirtation is with unbound, which has both recursive and non-recursive forwarding, mostly has a sane configuration system, and unfortunately falls down on memory usage even more spectacularly than Bind did.
(Looking at the package list in Fedora 13 suggests that there are a lot more potential nameservers than I thought. This list covers a lot, but the only likely candidates are MaraDNS and PowerDNS's caching server.)