D. J. Bernstein
Internet publication
djbdns
Blurbs

The tinydns, walldns, and rbldns programs

``In fact, we were previously in exactly that situation, with a BIND failure for one reason or another about every couple of months. Each time it failed, it caused e-mail service disruption. We thought about writing more and better monitoring to try to figure out when it crashed and fix the problem, but in the end we just switched to tinydns for that portion of our DNS system. It's been rock-solid ever since.'' Russ Allbery, Systems Administrator, Leland Systems, Stanford University, October 2000

Simplicity and power

The djbdns package includes three servers that publish local host information: tinydns, walldns, and rbldns. Every aspect of configuration was rethought from the perspective of an overworked administrator who has better things to do than play with DNS.

tinydns handles basic DNS service. The tinydns-data file format combines the flexibility of zone files with the convenience of modern zone-building tools. Host information is stored in one file. PTR records are handled automatically. Changes can be scheduled in advance, with TTLs handled automatically.

tinydns has several load-balancing features. It automatically selects a random set of 8 servers from a cluster of any size. It allows easy removal of dead servers by external monitoring tools. It also supports client differentiation, checking the client's IP address and choosing one of several clusters accordingly.

(In contrast: As of November 2002, the BIND company's web pages say ``We have also received several requests to improve BIND's ability to do load balancing. We are reluctant to do so.'')

walldns is a reverse DNS wall. It lets firewalled sites access name-checking servers without revealing true host information.

rbldns publishes lists of IP addresses, such as DUL or RBL, through DNS. This could be done with a general-purpose server, but rbldns uses much less memory and much less disk space. For example, John Levine reported in September 2001 that DUL, RSS, and RBL took only 4.9MB, 1.4MB, and 89K in rbldns-data format.

Speed

Databases for tinydns and rbldns are compiled into cdb format. The servers start responding immediately, even if the database is a gigabyte or more. (In contrast: BIND cannot answer questions until it has loaded all your data into memory.)

One site reported tinydns answering 6000 queries per second on a dual Pentium III-1000 using 40% of one CPU. That's real queries, not peak performance in lab tests.

While a new database is being compiled, the servers continue to answer queries from the old database. There is no gap in DNS service when the new database is finished. The old database is left in place if anything goes wrong.

Database compilation is very fast. One site reported tinydns-data taking under a minute on a Pentium III-550 to create a 350-megabyte data.cdb covering almost 300000 domains.