Dear aabracadabra staff,
thank you for posting this interesting project.
I have been involved in the planning and development of different DNS-based systems before, using BIND8/9, PowerDNS and custom DNS protocol implementations, and for different purposes like load balancing, traffic redirection, malware detection etc.
Out of interest, what was the problem with using BIND9? It's normally a pretty reliable implementation, so maybe it was a misconfiguration. Also, I'd like to make sure we won't have the same issues with the new script.
Some thoughts:
dnsmasq can do query logging, but the format may be different from what BIND9 provided. I assume this is not a problem for you. Please inform me if I'm wrong here.
Is interruption-free operation required in case of configuration changes? I'm asking because the documentation doesn't mention a way to reload the configuration without restarting. However, it may be possible to achieve this effect through cascading of multiple dnsmasq instances in order to switch over to a new instance in case of configuration changes.
You write about the requirement to handle 5k-10k clients. However, this is a characteristic of the underlying implementation(dnsmasq), not the script. The dnsmasq documentation claims that 1k clients can be processed. If necessary, we could also do a setup with multiple servers for load balancing.
Please note that my bids will always iclude 19% VAT since we're both Germany-based.
Best regards,
Isidor Zeuner