DNSSEC Bind or PowerDNS?

nibb

• May 30, 2017 13:41

I'm aware that cPanel supports PowerDNS now but if you enable DNSSEC it cannot be used with a cluster, and that makes it a bit pointless. But traditionally, cPanel used BIND, and so does the cPanel DNS only product, the implementation of PowerDNS done by cPanel basically just reads the BIND flat files. So I'm a bit confused if switching to PowerDNS should be done or not for those still running BIND or they should wait. Is DNSSEC also coming to BIND in the future or it's going to be only for PowerDNS? If the answer is DNSSEC will be PowerDNS only, does this mean that PowerDNS will be the default option for cPanel in the future regarding DNS clustering? I know one of the biggest things people claim about PowerDNS is scaling because they claim BIND has to be reloaded for zone changes but that is actually easy to solve by just caching or buffering changes and making one reload for all of changes once every couple of minutes instead of each change. Also, while people love PowerDNS because they can use MySQL, that is in no way faster than flat files. Flat files for anyone that understands about computers is always faster than databases, so switching from BIND flat files to PowerDNS with a database while you gain management features, you are actually losing on performance and DNS is all about performance (the faster you resolve the queries, the better). PowerDNS users claim you can still use flat files if you want, but that is not exactly how most people run PowerDNS (no benefits over BIND otherwise), said that, BIND is better regarding performance unless you need hundreds of thousands of records. To resume. Should cPanel customers using BIND with clustering switch to PowerDNS or not?

• 

  cPanelMichael

  • May 30, 2017 22:41

  Hello, There are currently no plans to offer DNSSEC with BIND. You can switch to PowerDNS for clustering if you find it performs better, but as you mentioned there's no support for DNSSEC at this time. You can find some more details about our plans for DNSSEC support in a clustering environment, and leave some feedback as a comment, on the following feature request: DNSSEC support in Clustering Thank you.

  0
• 

  nibb

  • May 31, 2017 00:10

  Ok. So it looks like this today? BIND standalone = Yes BIND clusterized = Yes BIND DNSSEC = No, and not planned. ********************************** PowerDNS standalone = Yes PowerDNS clusterized = Yes PowerDNS DNSSEC = Standalone Only Now PowerDNS DNSSEC Clusterized = Planned in some Future ********************************** Is this correct?

  0
• 

  cPanelMichael

  • May 31, 2017 19:16

  Hello, Yes, that's correct. Thank you.

  0
• 

  Udayakumar S

  • December 12, 2017 15:52

  Hello Michael, Is there is any options to enable DNSSEC on PowerDNS when clustering is enabled. PowerDNS DNSSEC Clusterized = Any updates Now ?

  0
• 

  cPanelMichael

  • December 12, 2017 16:16

  Hello @Udayakumar S, There's no new information to report at this time. You can follow the progress on the official feature request for this at: DNSSEC support in Clustering Thanks!

  0

Please sign in to leave a comment.