a few that come to mind:

if you're familiar with BIND and comfortable with its zonefile
nomenclature, it can take a little time to wrap your brain around the
entirely different semantics of djbdns. I put off switching to djbdns
for a couple of years after it came out, dreading learning a whole new
way of doing dns. however, once i decided to make the switch, it took me
perhaps an hour, maybe an hour and a half, to grok it. in retrospect i
wish i hadn't been so timid. i much prefer the djbdns nomenclature now.

lower adoption compared to BIND means fewer sysadmins out there whose
brains you might pick if you run into a problem. that's a theoretical
disadvantage, at least. it's very rare the mailing list doesn't come
through. that said, with installations of BIND numbering into the
millions (i would guess), there's no shortage of expertise in BIND out
there.

low interest in the code by the author. a few bugs and shortcomings to
the code have been identified over the nearly a decade since 1.05 came
out, but djb appears to have better things to do, which is his
prerogative, but it would certainly be nice to perhaps see 1.06 someday.
however, the code's public domain now, so there are assorted forks, and
of course patches have always been available. it's a very minor
disadvantage - since the code tends to just work, fixes are minimal.

pushback. since BIND's included with virtually every distribution of
every unix and unix-like OS out there, there's also no shortage of
people who believe that BIND's part of the OS, and that using something
else is risky or foolish. this can be no small disadvantage in some
circumstances.

that's all i can think of off the top of my head, though i'm sure
there's others.
from the header of this message, which you can view by clicking the
"show original" button in gmail (as that's what the header says you
mailed out from)

Mailing-List: contact dns-***@list.cr.yp.to; run by ezmlm

i just sent a blank message to it, and received a helpful message advising how to unsubscribe.

djbdns doesn't have DNSSEC support. That will become more of an issue as
time goes on...

Of course that also means it doesn't have any of the bugs and security
holes associated with DNSSEC so far...

On 5 May 2010, at 07:32, Allen Schultz wrote:
I was wondering what the (dis)advantages in using DJBDNS over BIND?

Yes, very funny, troll. Go away already.

No, just kidding. Welcome to the party. :-)

I'll tell you what's funny, I came to djbdns long after BIND, but BIND (of today) came very long after djbdns. That may tell you how good it is, and it may not. Basically, if it does what you want and doesn't do what you don't want, it's for you. I'm now using it full-time precisely because of that: caching-only server on a caching-only machine, authoritative-only servers exposed to the big bad world where they will not get cache corruption. You will need a tool like DNSProxy if you want to run both roles on one IP address, i.e., one machine connected to a network segment that expects to receive both iterative queries from outside asking for authoritative information and recursive queries asking for cached information or information resolution by stub clients, which is annoying. And it does a lot of things very well, in a technically superior and standards-conformant fashion. It's lovely. Yes, some features are missing, and if we aren't careful it will catch up on us - DNSSec, IPv6 (patches available), TSig, Dynamic DNS, IXFR and notify. Some people will argue these aren't necessary, or that they can be done better, that the standards are wrong. And yes, I can stand djbdns as an example of doing things right even though I don't see eye to eye with the author and find many of his decisions to be nothing but inconsiderate and ultimately self-serving. For example, TCP queries are not something handled by the standard authoritative DNS; you must switch this on deliberately with the axfrdns program if you want to make TCP available even for non-AXFR data sets.

Try this for a turnaround of feelings:
http://forums.channelregister.co.uk/post/265223

Most of this relates to a time before Debian, where had I still been on Gentoo and without the marvelous Debian packages I'd've been following the arguably complicated and very DJB-centric installation process for djbdns and, worse, qmail. (qmail I simply cannot justify - that is obsolete software with no hope of rescue without the creator's help.) So, check that you are easily able to get the thing installed on your boxes, and that the requisite tools (daemontools, ucspi-tcp, etc) are ready and working for you to follow the excellent documentation, and make sense of it. You are expected to be familiar with Unix primitives.

You should also look at other alternatives: MaraDNS is a thread-centric non-BIND alternative. Unbound is a caching-only name server. There'll be others.

Cheers,
Sabahattin

1) You'll never again fail to put a dot at the end of a domain name,
2) You'll never again fail to update the zone serial number.
3) You can easily write a progam to parse a djbdns data file.