Several viable name servers exist for Unix and Unix-like operating systems. The main contenders are discussed here. See also the comparison of several servers including BIND 8/9 and djbdns, presented by Brad Knowles in 2002-3.
BIND is the reference implementation of a DNS server and usually serves as the base for experimentation with DNS protocol extensions. BIND is free and has been ported to many operating systems; see the respective entries in the index. Most BIND servers run on some variant of Unix, although BIND on Windows is also available.
BIND is the proverbial kitchen sink of DNS. This has led to familiar problems associated with legacy software: a large code base, increasing feature bloat, and severe security problems during 2001 and 2002 (although no serious security problems were reported during 2003-2008). Some of the main issues are covered in an article by Paul Vixie.
Because of its long development history and its support for most of the DNS standards, BIND is generally preferred for large production name servers on the Internet. At the other end of the scale, BIND can also run well on an ancient PC with as little as 32MB RAM, and this can be a low-cost name server platform for a smaller site on a budget.
At the time of writing, the most recent release of BIND is BIND 9.3.5, released in April 2008. This allows top level domain wildcard records to be ignored (for instance, .COM redirection). BIND 9.4.2 contains new features and is probably preferable for most sites, with 9.5.0 (released in May 2008) also a serious option.
BIND 9 is the reference implementation. A few large sites are still running BIND 8 (the last released version was 8.4.7). It does run faster for certain applications, and (ahem) supports some "legacy practices" that do not technically conform to the published standards. Overall BIND 9 is a better bet, with at least 9.3 recommended for most sites and 9.4 or 9.5 for sites needing newer DNSSEC features.
D. J. Bernstein's djbdns is a widely used collection of DNS tools from the author of the qmail mail server. The two main name server functions of caching and acting as an authoritative server are sensibly split into two separate programs (dnscache and tinydns). The djbdns package is free (with some minor restrictions on distribution of modified versions), and comes with a $500 security guarantee. Worth a look. See also the community site for djbdns.
ANS/CNS are commercial DNS servers from Nominum, for enterprise applications that need maximum performance. For those with serious budgets.
pdns is in reasonably wide use, including at some large infrastructure providers. The software is covered by the GPL, while support is offered on a contract basis.
NSD is a relatively recently developed open source server, used at several large registries.
MaraDNS is relatively new, free, and written to be secure against remote compromise. Worth a look.
MyDNS is relatively new, licensed under the GNU GPL, and was designed to use MySQL as its database backend. It currently does not handle recursive queries (so it can only be used as an authoritative server). It also seems to prefer to do zone transfers out of band using the database replication mechanism of MySQL instead of using AXFR (although AXFR can be enabled). Versions prior to 1.1.0 were vulnerable to a "query of death" denial of service error.
RBLDNSD is a custom DNS server designed to serve zones containing blacklists, licensed under the GPL.
pdnsd is a proxy DNS server that caches entries permanently to disk. Versions prior to 1.2.4-par were affected by a denial of service error.
Back to Name Server Software index or DNSRD.