Firstly... I apologise for the atrocious pun in the subject; just can't seem to help myself.
Anyway my company currently uses BIND for our DNS requirements (9.6.0). I'm always pretty keen on updating, when advised to, in order to patch vulnerabilities and so forth as we have a fairly popular website and I'm sure there's lots of nasty little tykes out there ready to try and take us down. I have six servers in total, two multi-homed servers for ordinary DNS and four servers running an Anycast network (2 x master and slave).
Anyway I've recently been investigating other options for DNS as, like many companies currently, we've laid off a bunch of staff and the overhead for maintaining BIND is quite high if done, like us, unassisted and you are editing zone files in a text editor.
Ultimately for our simple zones (non-Anycast, basic web forwarders) I want to create a web-app to do this for me, probably in PHP. I could create something that:
1) Creates a zone file for "mydomain.com" and fills in defaults; overrides with options from the web-app if needed.
2) Updates the existing named.conf file
3) Opens a secure connection to the master, and uploads new config files
4) Runs a remote process to restart BIND
5) Opens a secure connection to slave, updates named.conf
6) Runs a remote process to restart BIND
But I've had a play with "myDNS" (http://mydns.bboy.net) which is capable of serving DNS requests directly from a mySQL database. And it seems pretty good. All my web-app now needs to do is adjust some database records and everything else updates automatically. All very cool.
However, my question is this... Has anyone yet experienced any major problems with myDNS - either security or reliability? Frankly, I'm a little scared of daring to shift away from a well-established system.
Perhaps you've had the chance to poke about in the code... Is it based on the BIND codebase? Does it get security updates when exploits are revealed?
Finally I've managed to successfully configure BIND 9 as a slave to a myDNS server and the AXFR transfers seem to be working fine. This strikes me as being quite a nice balance of ease of use and reliability in case myDNS fails on me. Ok I appreciate it doesn't get around security concerns but hey ho.
Opinions much appreciated.