I am working as a Professor in a University in India. For our University, I want to set up an Authoritative Name Server. Currently we are running djbdns, since long.
Although djbdns is a wonderful DNS server, the maintenance of it has become very troublesome. It also lacks many new security features. BIND9, I am not convinced if it will be useful in our case. Its a huge piece of software, and we don’t need all the features of it.
I was thinking of running my Authoritative Name Servers, Primary and Secondary on NSD, as we are already using Unbound for recursive name resolution.
I would like to get the comments from the users as to whether my decision is correct or not? I have found that very few tutorials/manuals/articles are available for the NSD setup . Being new to NSD, I feel hesitant in replacing it by running DNS server with NSD. Would like to have some suggestions and comments. Kindly suggest any other alternatives, if that is useful in my case.
Actually: we are in a similar situation. We're currently running bind9, and were interested in to switching to NSD for the authorative dns services, but it seems that you have to compile newer releases (with security fixes etc) yourself, or there is a repo somewhere we're missing?
We're on debian 10. It recommended to simply install the NSD that debian comes with, and rely on debian for the security fixes?
You will of course find a fairly biased answer here. I myself have run
nsd and unbound since the early days. First mixed with bind, then
without bind. But things are ever changing and I'm now getting ready
to go back to using different software on different nameservers for
both keeping familiar and for more biodiversity for my own domains.
I'm not sure how many domains you need to run, but I've recently started
playing with Catalog Zones with the knot nameserver, and it is _really_
nice to not have to manually configure your secondaries when you are
adding or removing zones. I don't think that nsd supports this yet,
but I'm sure it is on the roadmap and will arrive soon.
But honestly, bind9 and knot and nsd are all good DNS servers compared
to djdns.