It's a simple, fast DNS server that is straightforward to extend if you need to. The genius of Cartographer is that the backend that calculates where to assign traffic is separate from the DNS server frontend. This let FB use a known-good DNS server that got the common DNS protocol stuff right, and gave them more time to focus on all the magic bits in Cartographer's backend.

DNSSEC was never something we were aiming for, so it's fine that TinyDNS doesn't support it out of the box.

You'd be even more surprised what they used before tinydns. :D They wanted speed and robustness, and iterated over quite a few choices including roll-yer-own.

Source: I created a pilot project called "Doppler" that was eventually folded into this system. http://carlos.bueno.org/2011/07/doppler.html

Why would I get downvoted for that? It's a serious concern. It's missing modern and often important features unless you use unofficial patchsets, and some missing entirely (NSEC3). And then there are all the forks like dbndns from Debian, N-DJBDNS, etc...

Specifically, what's bad about tinydns? Compared to BIND, it's a veritable Fort Knox of security.

DNSSEC isn't a requirement for most people, and I'd wager a lot of people consider DNSSEC more harmful than beneficial.

I can't actually downvote but I imagine you got downvoted because your comment reeked of bikeshedding (regardless of whether you intended it that way or not).