Server Descriptions

The ``dnscache'' program does DNS resolution, and is the minimum requirement for a machine to operate on an IP network. It is installed at the IP address referenced in the /etc/resolv.conf file, often the loopback interface, 127.0.0.1. The dnscache server doesn't supply any authoritative data, and should generally not be accessible by the world at large. At a minimum, dnscache will look up addresses from the root name servers, and can also be directed to local content servers to get the information for locally maintained domains.

The ``tinydns'' program is a ``content'' server, and supplies authoritative DNS information from files on the system. It doesn't do any address resolution (this is done by dnscache). This will be running on at least one public address for a domain, the address specified in the NIC records as a name server. One can run multiple copies of tinydns on a system to implement ``split-horizon'' DNS where private DNS is maintained separate from the public records.

The axfrdns program allows zone transfers from remote BIND programs from the same data files used by tinydns. This is only necessary to support secondary servers running BIND as djbdns usually maintains multiple servers using rsync instead of zone transfers. This server normally runs on the same IP address as the public tinydns, and services TCP requests while tinydns only services UDP.

The rbldns program provides RBL (Realtime Blackhole List) lookups. These provide a fast way to identify hosts by their IP address that are either to be denied or allowed access. The input to rbldns is a flat ASCII file with IP addresses and CIDR network specifications (192.168.1.0/24 would specify a full class C network). These are very easy to maintain compared to using BIND, and should be much faster responding to queries.

The rootdns program runs a local copy of the root domain information which is faster, and cannot be polluted by somebody cracking or spoofing the root servers.