Lost in Bind-land ? Dnsmasq comes to rescue

Short sample from the rants of a software engineer temporarily converted into a lazy network administrator…

Should you ever need to install a forwarding DNS proxy on Debian, which also acts as DNS for the local network, don't even think about using Bind. This is a very powerful tool, but can be difficult to configure, definitely not for the faint at heart. The frequence of Bind vulnerabilities is sometimes worrying, and you'll have to dedicate more time to Bind administration than you dedicate to walking your dog at dawn. A dubious pleasure, especially when you don't have a dog.

Next contender is a stable, rock solid, simple to use tool : djbdns. Which might prove problematic on Debian, because djbdns and daemontools are not (yet ?) in the main distribution. A kind soul on the net offer some 'homemade' Debian packages, that you'll easily install. Then, you'll quickly remove it, since these packages do not have the slightest intention to work on the current Debian Sarge. My last choice was to compile from scratch and maintain djbdns by myself. With the fresh memories of administrating a bunch of Gentoo servers (perfectly comparable with walking a pack of 23 to 426 dogs, depending on how often you update your systems) – I decided to skip this option. Note to self : never ever maintain software packages built from source needing frequent manual updates.

Hopefully, there's dnsmasq to save the day. In my case, the night. An apt-get install dnsmasq later, I have a working DNS server, resolving internal names from /etc/hosts and forwarding all the other queries to my ISP DNS servers. As a bonus, it also makes for a nice DHCP server, which I don't need for the moment but might come handy later, who knows ?