[conspire] DNS software (was: corrected to HP LaserJet4M Plus Re: HP LaserJet4 - CUPS lists printer twice)

[Rick Moen]

Quoting Don Marti (dmarti at zgp.org):

> I just need a recursive nameserver on that box.  Right now it's just
> set up with "listen-on" in named.conf.options to deny it to the
> outside, but I don't trust visitors not to bring some nasty malware
> onto the home network.  I should probably replace it with dnsmasq or
> unbound, and free up a bunch of memory.

I respect dnsmasq and pdnsd, but neither offers recursive service at
all.  Both are just caching forwarders (with dnsmasq also offering
local authoritative service of local names).  Basically, if your main
aim is to cut down on DNS traffic across your uplink and get faster DNS
response time, it's a poor solution, winning only to the degree that it
caches answers.

However, it's possible that having dnsmasq as your local nameserver, but 
forwarding all outbound queries to a local instance of Unbound (or
PowerDNS Recursor) might make sense.  But, of course, that ties up more
RAM.

pdnsd economises on RAM by relying on a disc-based cache, by the way. I
think it's unique among Linux nameservers in doing that.  But, of
course, you lose performance.

Fair disclosure:  I have high confidence in Unbound (which, by the way,
includes some of the same handy local authoritative service of local
names that dnsmasq does), on account of the authors knowing what they're
doing, but haven't yet used it except really briefly for a one-time
test.