Appendix C: DNS Resources

Alternate DNS Software

The following links provide additional information about alternative Open Source DNS software.


Python binding to BIND 9 APIs. GPLv2.


A customizable DNS proxy server. License ?


DNS tools/proxy written in Java.

djbdns I

A modified version of djbdns a full DNS bind replacement - but with less features.

djbdns II

Dan Berstein's page (the author of the origibal djbdns). A full DNS bind replacement - but with less features.


DN proxy.


DNS tools including a reverse mapper written in Python. Contributed by Nominium the BIND developers.


Lightweight DNS server based on Berkeley Database (BDB). GPL.

Domain Name Relay Daemon

Proxy DNS. Optimized for dial-up networks.


Dynamic IP DNS system written in Perl.


Sophisticated DNS Load Balancing server.


Load balancing Name Server written in Perl.


LDAP based DNS server based on core djbdns code. License ?.


LDAP based DNS server based on reworked core and without the use of OpenLDAP libraries. License ?.


C library for DNS and DNSSEC based on PERL NET::DNS functionality. License GPL.


A secure DNS for *NIX systems. Limited function DNS.


GNU licensed. Uses MySQL to hold zone file records. No resolve library. Does not support recursive queries.


Authoritative Only DNS server. Version 2+ supports latest DNSSEC (DNSSEC.bis) standards. Performance is 2 to 3 times BIND. A very serious product and deployed in the RIPE root-server network. Modest documentation.


Authoritative and recursive DNS server written in Python. LGPL.


No longer actively maintained by author (but there isalternative site. Permanent caching server (Proxy DNS). Optimized for dial-up networks.


Proxy DNS


Runs on FreeBSD, Linux and Windows. Uses Filemonitor to auto-update zone file changes. Resolver library. SAM is a lite (authoritative only) version for windows only. Various other tools. License


Authoritative Only DNS server. Flexible back-end supports zone files, MySQL, PostGeSQL, Microsoft SQL, Orable, DB2 and many more. GPL.

Stanford DNS Server

Underlying support for lbnamed written in Perl.


Limited function DNS (formerly ENS).

BIND APIs and Drivers

The following links provide information about alternative API for BIND 9 and Open source drivers which use the existing BIND 9 APIs


An apparently well funded project to replace the existing BIND 9 APIs to address the thorny problem of dynamically adding zones which none of the current BIND 9 APIs address adequately in the opinion of the project.


A BIND 9 SDB API back-end using LDAP.

DNS Web sites

The following links provide information about DNS or tools for verifying DNS systems: DNS Security Extensions (DNSSEC) DNS and BIND Resources Great DNSSEC resources, HowTo etc. Comprehensive DNS Tools Quick check of your zone files

Dynamic IP DNS Services Name services for dynamic IPs.

Useful Links

The following Links provide some useful background, information on loosely related topics by category:

IPv6 - major information source for IPv6 deployemnt and products. - IPv6 Forum for industry participants. - On-line tool to build IPv6 reverse mapping files.

DNS Operations describes the root-servers and the organizations that administer them. RIPE default value recommendations for TTLs.

Security SANS organization, specialising in system security. Offers an alert newsletter service. Use the Reading Room for good backgrounders. US Federally funded organisation and center for security expertise. Some useful backgrounders The research arm of RSA Security, Inc. - excellent overviews and articles. General security site covering a lot of topics including crytography. Some useful articles and whitepapers many written from a non-mathematicians viewpoint. US National Institute of Standard and Technology - Computer security division. Lots of security information and articles. The Computer Security Institute - dedicated to training computer and network security professionals. - security organisation provides BugTrac mailing list for security announcements. - Data collection site. Headlines and up-to-the-minute status information. Excellent link site to various international security centers.

DNSSEC Automated tools for key rollovers and building DNSSEC.bis zones. Excellent portal site for collection of DNSSEC information. Status reports of the dnsext Work Group and current draft RFCs. PERL tools (Net::DNS and Net::DNS::SEC) for secure zone maintenance and key rollovers.

ENUM ENUM Forum Primarily US led group looking at North American Country Code (1) implementation of ENUM. Home page for a Neustart ENUM trial. RIPE is the ITU designated Tier-0 organisation for ENUM. Country status of ENUM usage.

Zone Management

Software to help you manage one or more zones. Licenses are GPL unless noted otherwise. List courtesy of David Nolan - many thanks (contact David info-dns at managedandmonitored dot net). Any errors are entirely ours.


The Carnegie Mellon NetReg package is a scalable and flexible Web-based multi-user system for managing networks, using perl and MySQL. It consolidates information about DNS zones, subnets, machine registrations, and DHCP configuration, and provides tools for easy management. The system exports ISC BIND configuration and zones, and can update them via either static zone files or TSIG signed dynamic DNS updates. It also exports ISC DHCP configurations, and has a SOAP API for integration with other systems. NetReg is designed for enterprise class network management, if you deal with dozens of hosts NetReg is more then you need. However if you deal with thousands or tens of thousands of hosts, NetReg may be exactly what you need. A live demo site is available off of the link above.


A system for generating internal DNS zones, external DNS zones, and DHCP configuration data from the same repository. HostDB is not database driven, doesn't provide a web interface, and isn't designed for managing large networks of hosts, but its great for small networks. You maintain a few small files describing your network and HostDB generates the necessary DNS & DHCP configuration.

DNS Control

DNS Control is a Web-based DNS management tool for BIND 9. It supports maintaining A, MX, and CNAME records, with all information stored in a MySQL database using ADODB. Written in PHP.


Maintain is a multi-user, highly extensible, Web-based management tool for medium to large size computer networks to maintain host information for building configuration files for DNS and DHCP. Written in PHP.

DNS Dusty

DNSDusty is an uncomplicated Web-based DNS management tool. It does all of its modifications via signed dynamic updates, and gets info on zones via zone transfers. Thus, it does not require any external databases, and plays along well with other tools that do dynamic updates (such as DHCP). DNSDusty is written as a Perl CGI script, so it should work with most Web servers.

Pro DNS and BIND by Ron Aitchison


tech info
guides home
dns articles
1 objectives
big picture
2 concepts
3 reverse map
4 dns types
5 install bind
6 samples
7 named.conf
8 dns records
9 howtos
10 tools
11 trouble
12 bind api's
13 dns security
bits & bytes
15 messages
notes & tips
registration FAQ
dns resources
dns rfc's
change log