D. J. Bernstein
Internet publication
djbdns

Blurbs


Welfare agency Centrelink was one extremely large Australian organisation that didn't appear today to be worried about the problem, with a spokesperson for the agency saying it was not exposed to the flaw. "The Centrelink gateway uses a DNS product called djbdns, which is not vulnerable to the current DNS poisoning exploit," the spokesperson told ZDNet.com.au today.
("Aussies play down DNS disaster," 23 July 2008)

It works for Lycos. It works for citysearch.com. It works for pobox.com. It works for 1.85 million more .com's. It works for several of the Internet's largest domain-hosting companies: directNIC, MyDomain/NamesDirect, Interland, Dotster, Easyspace, Namezero, Netfirms, and Rackspace Managed Hosting. It'll work for you too.
November 2008 .com update: There are 78.1 million .com names on the Internet. At least 4.6 million .com names are hosted by servers that, according to the fpdns fingerprint tool, run djbdns. The only software packages used for more names are BIND (20.6 million), MyDNS (17.8 million), and PowerDNS (6.6 million).

Note 1: This server scan avoids the unreliable "CH TXT" option to fpdns. Note 2: The scan is still in progress, and so far has identified servers for 50.8 million .com names; presumably more djbdns-hosted names, PowerDNS-hosted names, etc. will be discovered as the scan continues. Note 3: The Measurement Factory recently reported that there are "182 million .com ... domains"; that is a misunderstanding of the 182 million NS records in .com, and unfortunately has produced some skew in the Measurement Factory data.


Overview

Security
The dnscache program
The tinydns, walldns, and rbldns programs
The dns library

Ease of use: BIND versus djbdns

BIND, the Buggy Internet Name Daemon
How the BIND company makes money