[dbrgn]

If we're already at it comparing different implementations, how's your story versus Knot (https://www.knot-dns.cz/)? Probably a different focus: Knot is authoritative-only, while your implementation mostly seems to focus on the recursive resolver, correct? Are there any reasons to use Tenta DNS over Knot as authoritative nameserver with DNSSEC support?

[tenta]

Knot DNS is authoritative only. Our main focus has been recursive support and full security support. We haven't used knot dns, but it has an excellent reputation. At the moment, knot dns is more suitable for authoritative hosting (our authoritative features are still very minimal). Although in certain circumstances, like dns leak testing, we have built in support for that.

[scurvy]

I'll put on my djb hat here, I'd avoid combining authoritative and recursive resolving servers in the same process. That is, unless you want to end up like bind.

[tenta]

You can certainly make two configs, an authoritative only and a recursive only and just run two copies. However, while we cannot strictly control how goroutines are allocated, each module (recursor, resolver, nsnitch) run as their own little kingdom and primarily communicate with shared plumbing (geoip, for instance) through channels.

[cat199]

Sorry, unfortunately you have moved the djb hat from the djb hat rack and so can no longer refer to it as a djb hat.

[pouetpouet]

So Knot is authoritative, like nsd. And this Golang server is more like Unbound.

[nimbius]

Does Tenta handle automatic zone signing? can tenta handle ECC param files for hardening elliptic implementations? Why the JSON logging if this is only a recursive unless you planned to run this in a container and stream log data to ELK perhaps?

[tenta]

authoritative features we don't support yet. We have a slack webhook to help us know when it's running and when it's not. It lets us know if we have server errors. All anonymous of course. The only other place we use json is saving test data, which only happens when you have an nsnitch module running and visit the test site (Also, this data automatically expires.)