The following links provide additional information about alternative Open Source DNS software.
Python binding to BIND 9 APIs. GPLv2.
A customizable DNS proxy server. License ?
DNS tools/proxy written in Java.
A modified version of djbdns a full DNS bind replacement - but with less features.
Dan Berstein's page (the author of the origibal djbdns). A full DNS bind replacement - but with less features.
DNS tools including a reverse mapper written in Python. Contributed by Nominium the BIND developers.
Lightweight DNS server based on Berkeley Database (BDB). GPL.
Proxy DNS. Optimized for dial-up networks.
Dynamic IP DNS system written in Perl.
Sophisticated DNS Load Balancing server.
Load balancing Name Server written in Perl.
LDAP based DNS server based on core djbdns code. License ?.
LDAP based DNS server based on reworked core and without the use of OpenLDAP libraries. License ?.
C library for DNS and DNSSEC based on PERL NET::DNS functionality. License GPL.
A secure DNS for *NIX systems. Limited function DNS.
GNU licensed. Uses MySQL to hold zone file records. No resolve library. Does not support recursive queries.
Authoritative Only DNS server. Version 2+ supports latest DNSSEC (DNSSEC.bis) standards. Performance is 2 to 3 times BIND. A very serious product and deployed in the RIPE root-server network. Modest documentation.
Authoritative and recursive DNS server written in Python. LGPL.
No longer actively maintained by author (but there isalternative site. Permanent caching server (Proxy DNS). Optimized for dial-up networks.
Runs on FreeBSD, Linux and Windows. Uses Filemonitor to auto-update zone file changes. Resolver library. SAM is a lite (authoritative only) version for windows only. Various other tools. License
Authoritative Only DNS server. Flexible back-end supports zone files, MySQL, PostGeSQL, Microsoft SQL, Orable, DB2 and many more. GPL.
Underlying support for lbnamed written in Perl.
Limited function DNS (formerly ENS).
The following links provide information about alternative API for BIND 9 and Open source drivers which use the existing BIND 9 APIs
An apparently well funded project to replace the existing BIND 9 APIs to address the thorny problem of dynamically adding zones which none of the current BIND 9 APIs address adequately in the opinion of the project.
A BIND 9 SDB API back-end using LDAP.
The following links provide information about DNS or tools for verifying DNS systems:
www.dnssec.net DNS Security Extensions (DNSSEC)
www.bind9.net DNS and BIND Resources
www.ripe.net/disi Great DNSSEC resources, HowTo etc.
www.dnsstuff.com Comprehensive DNS Tools
www.dnsreport.com Quick check of your zone files
DynDNS.org Name services for dynamic IPs.
The following Links provide some useful background, information on loosely related topics by category:
www.ipv6tf.org - major information source for IPv6 deployemnt and products.
www.ipv6forum.com - IPv6 Forum for industry participants.
http://www.fpsn.net/index.cgi?pg=tools&tool=ipv6-inaddr - On-line tool to build IPv6 reverse mapping files.
www.root-servers.org describes the root-servers and the organizations that administer them.
www.ripe.net/ripe/docs/ripe-203.html RIPE default value recommendations for TTLs.
www.sans.org SANS organization, specialising in system security. Offers an alert newsletter service. Use the Reading Room for good backgrounders.
www.cert.org US Federally funded organisation and center for security expertise.
www.cryptostuff.com Some useful backgrounders
www.rsasecurity.com/rsalabs The research arm of RSA Security, Inc. - excellent overviews and articles.
www.securitydocs.com General security site covering a lot of topics including crytography. Some useful articles and whitepapers many written from a non-mathematicians viewpoint.
csrc.nist.gov US National Institute of Standard and Technology - Computer security division.
www.secwiz.com Lots of security information and articles.
www.gocsi.com The Computer Security Institute - dedicated to training computer and network security professionals.
www.securityfocus.com - security organisation provides BugTrac mailing list for security announcements.
www.infosyssec.com - Data collection site. Headlines and up-to-the-minute status information. Excellent link site to various international security centers.
idsa.irisa.fr/index.php?page=kro&lang=en Automated tools for key rollovers and building DNSSEC.bis zones.
www.dnssec.org Excellent portal site for collection of DNSSEC information.
ietfreport.isoc.org/ids-wg-dnsext.html Status reports of the dnsext Work Group and current draft RFCs.
www.net-dns.org PERL tools (Net::DNS and Net::DNS::SEC) for secure zone maintenance and key rollovers.
www.enumf.org ENUM Forum Primarily US led group looking at North American Country Code (1) implementation of ENUM.
www.enum.org Home page for a Neustart ENUM trial.
www.ripe.net/rs/enum/index.html RIPE is the ITU designated Tier-0 organisation for ENUM.
www.centr.org/kim/enum/index.html Country status of ENUM usage.
Software to help you manage one or more zones. Licenses are GPL unless noted otherwise. List courtesy of David Nolan - many thanks (contact David info-dns at managedandmonitored dot net). Any errors are entirely ours.
The Carnegie Mellon NetReg package is a scalable and flexible Web-based multi-user system for managing networks, using perl and MySQL. It consolidates information about DNS zones, subnets, machine registrations, and DHCP configuration, and provides tools for easy management. The system exports ISC BIND configuration and zones, and can update them via either static zone files or TSIG signed dynamic DNS updates. It also exports ISC DHCP configurations, and has a SOAP API for integration with other systems. NetReg is designed for enterprise class network management, if you deal with dozens of hosts NetReg is more then you need. However if you deal with thousands or tens of thousands of hosts, NetReg may be exactly what you need. A live demo site is available off of the link above.
A system for generating internal DNS zones, external DNS zones, and DHCP configuration data from the same repository. HostDB is not database driven, doesn't provide a web interface, and isn't designed for managing large networks of hosts, but its great for small networks. You maintain a few small files describing your network and HostDB generates the necessary DNS & DHCP configuration.
DNS Control is a Web-based DNS management tool for BIND 9. It supports maintaining A, MX, and CNAME records, with all information stored in a MySQL database using ADODB. Written in PHP.
Maintain is a multi-user, highly extensible, Web-based management tool for medium to large size computer networks to maintain host information for building configuration files for DNS and DHCP. Written in PHP.
DNSDusty is an uncomplicated Web-based DNS management tool. It does all of its modifications via signed dynamic updates, and gets info on zones via zone transfers. Thus, it does not require any external databases, and plays along well with other tools that do dynamic updates (such as DHCP). DNSDusty is written as a Perl CGI script, so it should work with most Web servers.
3 reverse map
4 dns types
5 install bind
8 dns records
12 bind api's
13 dns security
bits & bytes
notes & tips