Lightweight Linux DNS [closed]

What sort of DNS do you need? Do you need a recursive resolver for clients in the datacenter? An authoritative server for some domains you're hosting? Do you want to remove a dependency (external recursive DNS lookups) from your own servers?

The short answer (and this is something of a religious issue, so take it with a lump of salt):

  • run recursive resolvers on each server's localhost, each server uses itself for recursive DNS. PowerDNS makes a resolver that works on windows and unix; DJB's dnscache, part of the tinydns package, is also 100% bullet proof but you may need to adjust it so it can follow really long cname chains (akamai, I'm looking at you).

  • run a separate DNS server for addresses you own. Again, PowerDNS is a choice, used by Wikipedia. It's got all sorts of nice back-ends from bind zone files to postgresql databases. Tinydns is great as well, though a little bit odd if you're coming from bind land. Run these DNS servers on your "non-localhost" interfaces, and publish those addresses with your registrar. Be master of your own domain!

  • if you're providing recursive service to other hosts in the data center, run dnscache or pdns-recursor on a machine that isn't otherwise providing DNS services, and set the ACLs for the resolver to only service requests from inside the data center. Random hosts on the internet can conduct wacky cache poisoning attacks against DNS servers, so they shouldn't be trusted if you've got a choice.

PowerDNS is likely easiest to install from a package; in the distant past, DJB was extra super paranoid about third parties messing up his babies so he had weird license restrictions on binary distributions; these have since been removed but the ill feelings towards the DJB suite of DNS utilities remains.


dnsmasq may be a good option. It can do both dns and dhcp. Just uses the host file and has simple configuration. And it should be in the default repositories for your distribution.

Edit: Let me clarify my answer since it's getting some down votes and comments. The question isn't clear as to the entire use case and scale. So while you may not agree dnsmasq is a completely valid solution under the correct circumstances. The OP is going to have to figure out what fits their particular case since their question was a bit lacking in details.

I would only recommend this as a viable solution if it's for the internal dns resolution on the data center private LAN segment. Assuming that we aren't talking about 100's of servers. If you looking to run your own public DNS then you better be prepared to run a grown up DNS solution in at least 2 geo diverse datacenters.


Have a look at DJB's DNS (djbdns and tinydns) from http://cr.yp.to/djbdns.html? It's even possible to use BIND's zone files.


I use nsd for authoritative name servers I admin. Keep in mind that all nsd does is act as an authoritative name server, so I use "unbound" (from the same developers) internally for the recursive queries from the servers themselves.

For a (somewhat meaningless) reference, one primary name server, serving a half-dozen zones with maybe 20 records each, has a resident memory footprint of about 1.1MB.

I have found nsd to be very stable. The only issue is zone transfers between servers can be tricky, certainly not as plug-and-play as between 2 BIND servers. I ended up using an rsync script to update/rebuild/reload my secondary name server's records.

Another option I've tried is MaraDNS, which is a good performer, but not much lighter than BIND.


IMHO the "weight" of DNS service is not the software itself, but the traffic it handles and the workd it has to do in order to resolve an address. You can deploy multiple DNS in your data centre in order to minimize load and decrease the possible single point of failure. But keep in mind that a low performance DNS could lower the performance of other services.