Not familiar with knot-dns. Any compelling reasons to choose it over something like BIND? BIND has been around basically forever and the configuration files, apart from having lots of curly braces, aren't any more complicated than the examples here.
Given the bind security and functional track record over the last 30 years, I would pick knot/nsd/yadifa/powerDNS/coredns/tinydns in a heartbeat for authoritative dns server.
Haven't all these issues been related to use as a resolver rather than running as an authoritative server?
Personally, I'd also expect that just by virtue that the majority of the internet's DNS is running on BIND that it's also the most battle tested of them all.
But sure, point taken - I hadn't really considered from a security issue perspective. It just seemed odd to me that someone seemingly dabbling in running DNS for the first time managed to find a relatively niche DNS server, when the majority of tutorials that exist are for BIND.
FWIW, while looking for tutorials for knot to try to figure out how they stumbled upon it, the most compelling I found was a fastmail blog about why they switched to knot (from PowerDNS) and it was largely because they have 100k domains and don't want to do a full reload every time they add domains: https://www.fastmail.com/blog/moving-fastmail-dns-to-knot/
Not familiar with knot-dns. Any compelling reasons to choose it over something like BIND? BIND has been around basically forever and the configuration files, apart from having lots of curly braces, aren't any more complicated than the examples here.
Given the bind security and functional track record over the last 30 years, I would pick knot/nsd/yadifa/powerDNS/coredns/tinydns in a heartbeat for authoritative dns server.
Haven't all these issues been related to use as a resolver rather than running as an authoritative server?
Personally, I'd also expect that just by virtue that the majority of the internet's DNS is running on BIND that it's also the most battle tested of them all.
But sure, point taken - I hadn't really considered from a security issue perspective. It just seemed odd to me that someone seemingly dabbling in running DNS for the first time managed to find a relatively niche DNS server, when the majority of tutorials that exist are for BIND.
FWIW, while looking for tutorials for knot to try to figure out how they stumbled upon it, the most compelling I found was a fastmail blog about why they switched to knot (from PowerDNS) and it was largely because they have 100k domains and don't want to do a full reload every time they add domains: https://www.fastmail.com/blog/moving-fastmail-dns-to-knot/