Why use MaraDNS?MaraDNS is a good solution where you need a cross-platform recursive DNS server with a small binary footprint and a relatively small memory footprint (about 2-4 megs with the default settings). As an authoritative server, MaraDNS is a good solution if you have relatively few reasonably static domains (IPs don't change very often) and need a DNS server that very quickly fetches records from memory.
MaraDNS makes a lot of sense on low-end low-cost servers (where any file open or fork() is dog-slow) and on systems where the DNS server is best small. MaraDNS also can make sense for embedded systems (OpenWRT, etc.), but keep in mind that its constant malloc()s and free()s of memory is not ideal with some low-end embedded toolkits.
MaraDNS as an authoritative server is a mature product with over a decade and a half of real-world use. Deadwood, the newer recursive server, is younger: It has existed in some form for nearly a decade but has only been fully recursive for over six years; it has had a fair amount of testing in that time frame. Note that name resolution issues are no longer being actively fixed so it’s probably best to use Deadwood with another recursive DNS server (such as Google’s 188.8.131.52 and 184.108.40.206 DNS servers).
MaraDNS doesn't make sense if you need DNSSEC, full zone transfers, EDNS, or other newer DNS features. MaraDNS doesn't make sense if you need a server that developers are still adding features to: It is a mature and, barring a large inflow of cash or another open-source developer willing to step up to plate, a finished product.
MaraDNS in the pressMaraDNS has been praised in the press. Here are some examples of books, articles, and papers which discuss MaraDNS:
- Mens, Jan-Piet (2008). Alternative DNS Servers: Choice and
Deployment, and Optional SQL/LDAP Back-Ends (Paperback).
UIT Cambridge Ltd. ISBN 0954452992.
This book devotes an entire chapter to MaraDNS
- Danchev, Dancho. How OpenDNS, PowerDNS and
MaraDNS remained unaffected by the DNS cache poisoning vulnerability
This article affirms MaraDNS' excellent security design, pointing out that MaraDNS was never vulnerable to the 2008 cache poisoning attacks.
- Schroder, Carla (2007). Linux Networking Cookbook (Paperback).
O'Reilly. ISBN 0596102488.
This book, on page 545, endorses MaraDNS, stating that "My recommended combination is [...] MaraDNS for a public authoritative server"
- Joao Antunes; Nuno Ferreira Neves; Paulo Veríssimo (2007), Finding Local
Resource Exhaustion Vulnerabilities, 18th IEEE International
Symposium on Software Reliability Engineering, Trollhattan, Sweden
This article discussion MaraDNS' denial-of-service resistance, pointing out that "Figure 2, for instance, shows that the BIND server performs worse than MaraDNS under the same attack, which means that the later is able to sustain a larger number of attacks than the first"
- Rutherford, Matthew J. (2006), Adequate System-Level Testing of
Distributed Systems, Department of Computer Science, Boulder, CO,
This PhD thesis mentions MaraDNS several times.