Bandwidth needed for a DNS server is very minimal. A typical DNS query is contained in a single UDP packet! If you are just hosting a couple of websites, then you really only need 2 servers. I would recommend one server at your location, making it the primary server (ns1.yourdomain.com) and another server located somewhere on a different network to be used as a backup (ns2.yourdomain.com).

To be totally honest, you don't really need the second server, but it's a good idea in case the first one is unreachable for some reason. Also, the needed horsepower for a DNS server is very minimal. A system with just a few hundred mhz and a few hundred meg of ram would be plenty for just running DNS.

Hi Ben,

the bandwidth needed for your DNS will depend on your configuration.

It will be only a very small fraction (my estimate would be far less than 1%) of your current web traffic load, if your servers are configured to just serve lookups for the public only for your own domains you are hosting.

The traffic bandwidth may be unpredictably high, if your DNS servers will be configured wide open to serve not only targeted queries regarding your own domains but any queries and some people out there decide to use your DNS servers as their default resolver.

Therefore, the correct setup for an own DNS server just serving own zones should be to first specify a general
allow-query { localhost; };
only, and then separately allow public lookups for each zone definition you are authoritative for
allow-query { any; };

While it is good practice to have 2 DNS servers as redundancy against system failures, the domain name registrars require this (most registrars even require these 2 servers to be situated in different IP sub nets).

Regards,
R.

Two domain servers are required for redundancy.

I host 245 web sites and have my own DNS servers. The traffic is barely noticable.

Make sure you understand the security implications of DNS, are fully patched and use a tool like nessus to check it out. DNS of all flavors has many, many security holes.

Richard Lowe

While it's true that all software have bugs and holes that can be exploited, I'd still recommend using djbdns. If you search for it, you should find on the main homepage where the author, Dan Bernstein, has pledged a $500 reward for anyone who can find an exploitable bug in his software. The reward has gone unclaimed since it was originally posted by Dan. During the time it has gone unclaimed, numerous bugs have been discovered and patched in Bind. djbdns still doesn't have any.

I don't want to turn this into a debate over which one is better, but you should do your own investigation. People have done benchmark comparisons of the 2 software and djbdns always comes in smaller and faster than bind. Don't take my word for it. Check and see for yourself. The one thing I will say about djbdns... it's harder to install than bind because bind is so well-documented, and djbdns varies a lot because there are certain platform specific patches that need to be applied to make it run properly... i.e. the errno patch needed for RH9 and patches that need to be applied to support ipv6. Bind is probably easier to install, but because of the benefits, I'd still go with DJB on this one.