Quoting Michael Paoli (Michael.Paoli@cal.berkeley.edu):
Yea departing DreamHost.com!!! (A.k.a. nightmare host <sigh>).
It's funny how they tempt the Irony Fairy.
[add'l auth nameservers:]
Or, ... even not bother a friend and ... There are some free/complementary DNS slave services out there for the taking by any and/or all ... most of 'em suck (perhaps some exceptions?)
Either of the options you discussed seem pretty reasonable. As to the he.net quirk of needing to provide authority before they provide service, I've noticed that the practical effect on a domain of one or two auth nameservers doing RCODE SERVFAIL for a while is not serious.
As for DNS server identifying its software/version ... what [il]legitimate uses for that?
Legitimate uses the CHAOSnet _hostname_ (or server_id) RR I've heard of involve edge cases with multiple auth nameservers behind a load balancer. Publishing that RR lets you more quickly determine which nameserver is giving you problems in some scenarios.
Legitimate use of the CHAOSnet _version_ RR? Never heard of one. Use your imagination, and maybe you can contrive some scenario where there's legitimate, beneficial use for programmatically determining what nameserver/version a query is being answered from.
In fairness, the software/version of a nameserver can probably also be determined pretty well by probing it with DNS fingerprinting methods, such as using the fpdns utility. https://github.com/kirei/fpdns But the same can be said of other public-facing daemons, such as httpds -- yet I would rather not make it easy for the bad guys, so I make mine say as little as possible about its software/version/configuration. Same logic.
Is it entirely (or mostly) unique to BIND?
No. BIND merely had the reference implementation. CHAOSnet (originally invented for completely different purposes involving coax connections among LISP machines in the 1970s) is just one of many, mostly very obscure, DNS class types that are in theory all valid for any and all nameservers. The CH class identity is just an IANA-assigned encoded 16-bit value sent along with RRs. We think of class 'IN' (Internet) as the regular and default class, but to nameserver sofware that's just a two-byte binary-encoded value. Once in a blue moon, you might come across the Hesiod class (HS) from Project Athena (http://en.wikipedia.org/wiki/Hesiod_(name_service) ).
RFC2929 says:
Dec Hex Description 0 0x0000 Assignment requires an IETF Standards Action. 1 0x0001 Internet (IN) 2 0x0002 Available for assignment by IETF Consensus as a data CLASS. 3 0x0003 Chaos (CH) 4 0x0004 Hesiod (HS) 5-127 0x0005-0x007F Available for assignment by IETF Consensus as data CLASSes only. 128-253 0x0080-0x00FD Available for assignment by IETF Consensus as QCLASSes only. 254 0x00FE QCLASS None 255 0x00FF QCLASS Any 256-32767 0x0100-0x7FFF Assigned by IETF Consensus. 32768-65280 0x8000-0xFEFF Assigned based on Specification Required as defined in RFC 2434 65280-65534 0xFF00-0xFFFE Private Use. 65535 0xFFFF Can only be assigned by an IETF Standards Action.
Those are all valid DNS class values. In theory, IETF could roll out any of them in accordance with its bureaucratic process. In practice, IN, CH, and HS are the limit for now. Probably, any nameserver can handle them, but I am not going to go around setting up Hesiod in order to try (let alone a bunch of LISP machines on antique coax networking). ;->
Disclaimer: Specifically, I haven't checked _every_ auth nameserver package to see if they default to certain CHAOS class 'hostname' and 'version' values the way BIND9 does. NSD does. Unbound does. The PowerDNS suite does. djbdns does. MaraDNS does (IIRC). I don't know about the others.