مقارنة بين برامج خوادم نظام أسماء النطاقات

يقدم هذا المقال مقارنة بين مميزات، منصات الدعم، والتطبيقات المستقلة والمجمعة لبرامج أسماء الخوادم في نظام أسماء النطاقات.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

مقارنة الخوادم

BIND

Microsoft DNS

Dnsmasq

djbdns

Simple DNS Plus

NSD

PowerDNS

MaraDNS

ANS

Vantio

Posadis

Secure64 DNS

Unbound

المميزات

شرح المميزات

موثوق: يوجد فئة كبيرة من وظائف نظام أسماء النطاقات الخادم ، انظر أعلاه.

متكرر: يوجد فئة كبيرة من وظائف نظام أسماء النطاقات الخادم ، انظر أعلاه.

Recursion Access Control: Servers with this feature provide control over which hosts are permitted DNS recursive lookups. This is useful for load balancing and service protection.

Slave Mode: Authoritative servers can publish content that originates from primary data storage (such as zone files or databases connected to business administration processes)--such servers are also called 'master' servers--or can be slave or secondary servers, republishing content fetched from and synchronized with such master servers. Servers with a "slave mode" feature have a built-in capability to retrieve and republish content from other servers. This is typically, though not always, provided using the AXFR DNS protocol.

تخزين مؤقت: Servers with this feature provide recursive services for applications, and cache the results so that future requests for the same name can be answered quickly, without a full DNS lookup. This is an important performance feature, as it significantly reduces the latency of DNS requests.

DNSSEC: Servers with this feature implement some variant of the DNSSEC protocols. They may publish names with resource record signatures (providing a "secure authority service"), and may validate those signatures during recursive lookups (providing a "secure resolver"). DNSSEC is not widespread, and has not been adopted by the most popular sites on the Internet. Its value and feasibility has been the subject of debate. However, the presence of DNSSEC features is a notable characteristic of a DNS server.

TSIG: Servers with this feature typically provide DNSSEC services. In addition, they support the TSIG protocol, which allows DNS clients to establish a secure session with the server to publish Dynamic DNS records or to request secure DNS lookups without incurring the cost and complexity of full DNSSEC support.

IPv6: Servers with this feature are capable of publishing or handling DNS records that refer to IPv6 addresses. In addition to be fully IPv6 capable they must implement IPv6 transport protocol for queries and zone transfers in slave/master relationships and forwarder functions.

Wildcard: Servers with this feature can publish information for wildcard records, which provide data about DNS names in DNS zones that are not specifically listed in the zone.

Split horizon: Servers with the split-horizon DNS feature can give different answers depending on the source IP address of the query.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

ميزة المصفوفة

الخادم	موثوق	متكرر	Recursion ACL	Slave mode	تخزين مؤقت	DNSSEC	TSIG	IPv6	Wildcard	Interface	split horizon
BIND	نعم	نعم	نعم	نعم	نعم	نعم	نعم	نعم (since 9.x)	نعم (since 4.x)	Web^{[Note 1]}, command line	نعم
Microsoft DNS	نعم	نعم	لا	نعم	نعم	نعم^{[Note 2]}	نعم^{[Note 3]}	نعم^{[Note 4]}	نعم	GUI, command line, API^{[Note 5]}, WMI^{[Note 6]}, RPC^{[Note 7]}	لا
djbdns	نعم	نعم	نعم	نعم^{[Note 8]}	نعم	لا	لا	لا [1]	جزئي^{[Note 9]}	command line	نعم^{[Note 10]}
Dnsmasq	جزئي^{[Note 11]}	لا	لا	لا	نعم	لا	لا	نعم	نعم	command line	لا
Simple DNS Plus	نعم	نعم	نعم	نعم	نعم	نعم	نعم	نعم	نعم	GUI, Web, command line	نعم^{[Note 12]}
NSD	نعم	لا	N/A	نعم	N/A	نعم	نعم	نعم	نعم	command line	لا
PowerDNS	نعم	نعم	نعم	نعم^{[Note 13]}	نعم	جزئي ^{[Note 14]}	لا	جزئي^{[Note 13]}	نعم	Web, command line	لا^{[Note 15]}
MaraDNS	نعم	نعم	نعم	جزئي^{[Note 16]}	نعم	لا	لا	جزئي	نعم	command line	لا
ANS	نعم	لا	{{N/A}}	نعم	لا	نعم	نعم	نعم	نعم	command line, api, SOAP Interface, SNMP	نعم
CNS	لا	نعم	نعم	{{N/A}}	نعم	نعم	نعم	نعم	{{N/A}}	command line, api, SNMP	نعم
Posadis	نعم	نعم	?	نعم	نعم	لا	لا	نعم	نعم	command line, API	?
Secure64 DNS	نعم	لا	?	نعم	لا	نعم	نعم	نعم	نعم	command line	لا
Unbound	جزئي	نعم	نعم	N/A	نعم	نعم	نعم	نعم	N/A	command line, API	لا

^ A BIND configuration module is available for Webmin in many Linux distributions.
^ Windows Server 2008 R2 supports DNSSEC, however dynamic DNS is not supported for DNSSEC-signed zones. For earlier versions including Windows Server 2003, DNSSEC functionality must be manually activated in the registry. In these versions, the DNSSEC support is sufficient to act as a slave/secondary server for a signed zone, but not sufficient to create a signed zone (lack of key generation and signing utilities).
^ Microsoft DNS supports the GSS-TSIG algorithm for Secure Dynamic Update when integrated with Active Directory, using RFC 3645, an application of GSS-API RFC 2743.
^ IPv6 functionality in the Microsoft DNS server is only available on Windows Server 2003 and newer.
^ Microsoft DNS Server API Reference
^ Microsoft DNS WMI Provider Specification
^ MS-DNSP DNS Server Management Protocol Specification (uses RPCs)
^ djbdns provides facilities to transfer zones; after completing the zone transfer, djbdns can act as an authoritative server for that zone. Consult the axfr-get documentation for further information.
^ djbdns supports wildcard DNS records, but not in a way that conforms with the RFCs.
^ This is not the same as views in bind. But it is a solution with comparable capabilities. See: section of tinydns-data.
^ dnsmasq has limited authoritative support, intended for internal network use rather than public Internet use. A records are supported via /etc/hosts, and there is some MX record support via the command line.
^ Simple DNS Plus does not have "views" in the same way as BIND, but has a "NAT IP Alias" feature which allows host records to resolve to different IP addresses depending on where the DNS request comes from.
^ ^أ ^ب IPv6 support in PowerDNS is incomplete. Zone transfers in master/slave replication are only functional with IPv4 transport.
^ DNSSEC support in PowerDNS is currently restricted to being able to serve DNSSEC-related RRs, full DNSSEC support in progress.
^ It is possible to support the concept of views in PowerDNS by either running two copies of PowerDNS in parallel (on the same machine), or by writing a custom backend which serves different data based on the client who is querying. See here for the original answer regarding this topic by the author of PowerDNS.
^ MaraDNS cannot directly provide slave support. Instead, a zone transfer is needed, after which MaraDNS will act as an authoritative server for that zone. See DNS Slave for further information.

المنصات

الخادم	BSD	Solaris	لينكس	Mac OS X	ويندوز
BIND	نعم	نعم	نعم	نعم	نعم^{[Note 1]}
Microsoft DNS	لا	لا	لا	لا	ضمناً^{[Note 2]}
djbdns	نعم	نعم	نعم	نعم	لا
Dnsmasq	نعم	نعم	نعم	نعم	لا
Simple DNS Plus	لا	لا	لا	لا	نعم
NSD	نعم	نعم	نعم	نعم	لا
PowerDNS	نعم	نعم [2]	نعم	تجريبي	نعم
MaraDNS	نعم	نعم [3]	نعم	نعم	جزئي
ANS	نعم	نعم	نعم	لا	لا
CNS	نعم	نعم	نعم	لا	لا
Posadis	نعم	نعم	نعم	نعم	نعم [4]
Secure64 DNS ^{[Note 3]}	N/A	N/A	N/A	N/A	N/A
Unbound	نعم	نعم	نعم	نعم	نعم

^ BIND is available for Windows NT-based systems (including Windows 2000, XP, and Server 2003) in a port known as ntbind.
^ The functionality available with the Microsoft DNS server varies depending on the version of the underlying operating system; such as most Windows Server components, it is upgraded only with the rest of the operating system. Certain functionality, such as DNSSEC and IPv6 support, is only available in the Windows Server 2000-2003 version. Windows 2000 Server includes TSIG support. The Microsoft DNS Server is not available on Windows client operating systems such as Windows XP.
^ Secure64 DNS runs exclusively on SourceT, a micro operating system developed by Secure64.

الحزمة

الخادم	Creator	Cost (USD)	Public source code	Software license
BIND	Internet Systems Consortium	مجاني	نعم	BSD
أسماء نطاقات مايكروسوفت	مايكروسوفت	يتضمن خادم ويندوز	لا	Clickwrap license
djbdns	Daniel J. Bernstein	مجاني	نعم	ملكية عامة
Dnsmasq	سيمون كيلي	مجاني	نعم	GPL
Simple DNS Plus	JH Software	$79 - $379	لا	Clickwrap license
NSD	NLnet Labs	مجاني	نعم	BSD variant
PowerDNS	PowerDNS.COM BV / Bert Hubert	مجاني	نعم	GPL
MaraDNS	Sam Trenholme	مجاني	نعم	BSD variant
ANS	Nominum	Unpublished price	لا	Clickwrap license
CNS	Nominum	Unpublished price	لا	Clickwrap license
Secure64 DNS	Secure64 Software	Unpublished price	لا	Clickwrap license
Posadis	Meilof Veeningen	مجاني	نعم	GPL
Unbound	NLnet Labs	مجاني	نعم	BSD

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

انظر أيضا

برمجيات إدارة نظام أسماء النطاقات

المصادر

وصلات خارجية

[bind_web-1] A BIND configuration module is available for Webmin in many Linux distributions.

[msdns_dnssec-2] Windows Server 2008 R2 supports DNSSEC, however dynamic DNS is not supported for DNSSEC-signed zones. For earlier versions including Windows Server 2003, DNSSEC functionality must be manually activated in the registry. In these versions, the DNSSEC support is sufficient to act as a slave/secondary server for a signed zone, but not sufficient to create a signed zone (lack of key generation and signing utilities).

[msdns_tsig-3] Microsoft DNS supports the GSS-TSIG algorithm for Secure Dynamic Update when integrated with Active Directory, using RFC 3645, an application of GSS-API RFC 2743.

[msdns_ipv6-4] IPv6 functionality in the Microsoft DNS server is only available on Windows Server 2003 and newer.

[msdns_api-5] Microsoft DNS Server API Reference

[msdns_wmi-6] Microsoft DNS WMI Provider Specification

[msdns_rpc-7] MS-DNSP DNS Server Management Protocol Specification (uses RPCs)

[djbslave-8] s provides facilities to transfer zones; after completing the zone transfer, djbdns can act as an authoritative server for that zone. Consult the axfr-get documentation for further information.

[djbdns_wild-9] s supports wildcard DNS records, but not in a way that conforms with the RFCs.

[locations-10] This is not the same as views in bind. But it is a solution with comparable capabilities. See: section of tinydns-data.

[masqauth-11] smasq has limited authoritative support, intended for internal network use rather than public Internet use. A records are supported via /etc/hosts, and there is some MX record support via the command line.

[sdns_views-12] Simple DNS Plus does not have "views" in the same way as BIND, but has a "NAT IP Alias" feature which allows host records to resolve to different IP addresses depending on where the DNS request comes from.

[powerdns_slave6-13] أ ^ب IPv6 support in PowerDNS is incomplete. Zone transfers in master/slave replication are only functional with IPv4 transport.

[powerdns_dnssec-14] DNSSEC support in PowerDNS is currently restricted to being able to serve DNSSEC-related RRs, full DNSSEC support in progress.

[powerdns_views-15] It is possible to support the concept of views in PowerDNS by either running two copies of PowerDNS in parallel (on the same machine), or by writing a custom backend which serves different data based on the client who is querying. See here for the original answer regarding this topic by the author of PowerDNS.

[maraslave-16] MaraDNS cannot directly provide slave support. Instead, a zone transfer is needed, after which MaraDNS will act as an authoritative server for that zone. See DNS Slave for further information.

[ntbind-33] BIND is available for Windows NT-based systems (including Windows 2000, XP, and Server 2003) in a port known as ntbind.

[msdns_included_functionality-34] The functionality available with the Microsoft DNS server varies depending on the version of the underlying operating system; such as most Windows Server components, it is upgraded only with the rest of the operating system. Certain functionality, such as DNSSEC and IPv6 support, is only available in the Windows Server 2000-2003 version. Windows 2000 Server includes TSIG support. The Microsoft DNS Server is not available on Windows client operating systems such as Windows XP.

[sourcet-35] Secure64 DNS runs exclusively on SourceT, a micro operating system developed by Secure64.

[Note 1]

[Note 2]

[Note 3]

[Note 4]

[Note 5]

[Note 6]

[Note 7]

[Note 8]

[Note 9]

[Note 10]

[Note 11]

[Note 12]

[Note 13]

[Note 14]

[Note 15]

[Note 16]

[Note 1]

[Note 2]

[Note 3]