The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DNSSEC Bind or PowerDNS?

Discussion in 'Bind / DNS / Nameserver Issues' started by nibb, May 30, 2017.

  1. nibb

    nibb Well-Known Member

    Joined:
    Mar 22, 2008
    Messages:
    310
    Likes Received:
    2
    Trophy Points:
    68
    I'm aware that cPanel supports PowerDNS now but if you enable DNSSEC it cannot be used with a cluster, and that makes it a bit pointless.

    But traditionally, cPanel used BIND, and so does the cPanel DNS only product, the implementation of PowerDNS done by cPanel basically just reads the BIND flat files.
    So I'm a bit confused if switching to PowerDNS should be done or not for those still running BIND or they should wait.

    Is DNSSEC also coming to BIND in the future or it's going to be only for PowerDNS? If the answer is DNSSEC will be PowerDNS only, does this mean that PowerDNS will be the default option for cPanel in the future regarding DNS clustering?

    I know one of the biggest things people claim about PowerDNS is scaling because they claim BIND has to be reloaded for zone changes but that is actually easy to solve by just caching or buffering changes and making one reload for all of changes once every couple of minutes instead of each change.

    Also, while people love PowerDNS because they can use MySQL, that is in no way faster than flat files. Flat files for anyone that understands about computers is always faster than databases, so switching from BIND flat files to PowerDNS with a database while you gain management features, you are actually losing on performance and DNS is all about performance (the faster you resolve the queries, the better).

    PowerDNS users claim you can still use flat files if you want, but that is not exactly how most people run PowerDNS (no benefits over BIND otherwise), said that, BIND is better regarding performance unless you need hundreds of thousands of records.

    To resume. Should cPanel customers using BIND with clustering switch to PowerDNS or not?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    There are currently no plans to offer DNSSEC with BIND. You can switch to PowerDNS for clustering if you find it performs better, but as you mentioned there's no support for DNSSEC at this time. You can find some more details about our plans for DNSSEC support in a clustering environment, and leave some feedback as a comment, on the following feature request:

    DNSSEC support in Clustering

    Thank you.
     
  3. nibb

    nibb Well-Known Member

    Joined:
    Mar 22, 2008
    Messages:
    310
    Likes Received:
    2
    Trophy Points:
    68
    Ok. So it looks like this today?

    BIND standalone = Yes

    BIND clusterized = Yes

    BIND DNSSEC = No, and not planned.

    **********************************

    PowerDNS standalone = Yes

    PowerDNS clusterized = Yes

    PowerDNS DNSSEC = Standalone Only Now

    PowerDNS DNSSEC Clusterized = Planned in some Future

    **********************************

    Is this correct?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Yes, that's correct.

    Thank you.
     
Loading...

Share This Page