Apparently, though unproven, at 19:23 on Monday 08 November 2010, James did opine thusly:
> > you can write a wiki page that helps others immensely. > > But just be informed upfront about what it's going to take. > > wink wink, nudge nudge. OK. > ;-) My first spot of advice would be to use unbound as your caching servers - it's stupendously bloody fast. It's free as in beer and free as in freedom, and also keeps up with cns which is neither (and costs an arm and a leg). Plus the developer is very responsive to bugs and features. unbound does the basics and does them well, there are aspects of DNS caching that it doesn't do (stuff that nobody bothers with anyway) Don't use bind as your auth server unless you like pain. That thing is a pig, and a temperamental one at that. It's saving grace is that it's a reference implementation and can always be relied upon to be extremely RFC-compliant. We use it, not because we like it, but because it has one killer feature we absolutely need - ACLs PowerDNS is a fine auth server. If it suits your needs I'd recommend you try it first. I don't know about it's DNSSEC abilities or feature roadmap - it's been a long time since I looked closely at it. Lack of ACLs is what killed PowerDNS for us, I still feel sad about that.... -- alan dot mckinnon at gmail dot com
