Removing the ISC bloat

First off, ISC must be given credit for supplying the BIND DNS and DHCP servers. They’ve been powering a lot of the internet and private networking for many years, including this server. But the time has come to change!

I’m now using nsd as my public authoritative name server and unbound as my private recursive name server. This results in config files much easier to setup and hopefully more security as nsd is very small leaving less room for public exploits. Also, the total memory used after a few days production is 40meg lighter than BIND which is good as my server is really starved for memory right now.

So what’s the catch? Well, there is no way of integrating Dynamic DNS with unbound that I can see. I could use dnsmasq as a DHCP server as that can run a script per lease, which means I can use unbound-control to update DNS. But I dislike this as dnsmasq isn’t entirely the right tool for the job. So I will probably write dhcpsd, a small portable and entirely new DHCP server that can be used to integrate with DNS via scripts. Watch this space!