We had a discussion about djbdns on a local maillinglist in Berlin. It's not offering all features that bind offers.
While this may well be true, many people probably don't need certain features at all. And there are workarounds or patches for quite a few of the 'problems' that a certain number of people have with the pure djbdns. Perhaps you could point out which specific features you miss?
I don't know if zone transfers are supported currently, some time ago you had to fiddle around with rsync or such things.
Zone transfers are supported in the current version (djbdns 1.05), but you need the separate ucspi-tcp package to provide TCP client and server. DJB argues against zone transfers and urges people to use rsync (preferrably over SSH) instead, for several reasons outlined on his web page. However, tinydns (the DNS server) in combination with axfrdns (the TCP request and AXFR responder) servers zone transfers just fine. tinydns does not pull zones per zone transfer automatically, so you need to use cron jobs to pull from the clients on a regular basis to emulate AXFR behaviour. DJB favours a push approach (which BIND8, I believe, has introduced with NOTIFY as well) via rsync/ssh. You could also use SSH with automatic command execution (command='cd /etc/tinydns/root && tcpclient 1.2.3.4 53 axfr.get zone data data.tmp && && make') to achieve the same effect.
For non-trivial setups (i.e. some hunderds zones and a handful secondaries) I would not recommend such approach but use bind8 instead.
IMHO, that depends on what you favour: a relatively bloated piece of software with a pretty poor security track that most organisations and documents expect, which therefore means that you'll find HowTos, etc. geared towards it, or a couple of small, highly secure tools that work differently than the former and may require some scripting around them to achieve the same features, however usually implemented with higher quality.
If you need cryptography, I think there is no way around bind9 currently. For a small private caching only server djbdns may be a nice solution.
Hmm, what do you mean with 'cryptography'? You may be right, if you mean that djbdns doesn't support 'SecDNS', which DJB doesn't believe in, BTW (this is meant merely as an explanation, my opinion doesn't necessarily converge with DJB here or elsewhere). It can be configured to support FreeS/WAN's opportunistic encryption by handing out KEY records, and the FreeS/WAN docs speak of SecDNS... so maybe djbdns does actually support 'cryptography'. I don't know enough about the so-called Secure DNS to be able to say. Cheers Tobias