[Dnsmasq-discuss] When would DNSMasq NOT be preferred over
something like BIND or djbdns?
Rune Kock
rune.kock at gmail.com
Fri Feb 9 23:21:15 GMT 2007
On 2/9/07, Charles Marcus <CMarcus at media-brokers.com> wrote:
> Question:
> What would you say are the primary factors that would cause one to
> consider NOT using DNSMasq, in favor of something heavier like BIND?
I can think of the following situations:
1) dnsmasq is not usually used to publish DNS for your domains to the
rest of the internet -- though it can do a bit, it is hardly a
full-feature solution for that.
2) dnsmasq doesn't query the root servers, but relies on an upstream
server to provide the answers. So if your ISP doesn't provide a
DNS-server that you trust, you'll probably want something like DJB's
dnscache.
3) Information for Windows Active Directory can be automatically (and
securely) registered in a Microsoft DNS-server only. In other
DNS-servers you can only store this info manually -- though for a
simple AD-setup, this is probably not needed.
4) Though I believe that dnsmasq is quite secure, security does not
appear to be its raison d'etre, like it seems to be for DJB's
programs.
Rune
More information about the Dnsmasq-discuss
mailing list