ISC Begins BIND 10 Development

Apr 27, 2009

After 10 years the industry-independent Internet Systems Consortium (ISC) is embarking on a completely new BIND implementation with BIND 10. Its patrons and sponsors should ensure that the market leader in DNS implementation is more secure, flexible and highly scalable, although developers are keeping the details close to their chests at present.

Admins have always had a mixed relationship with BIND. Although it has a DNS nameserver market share of almost 75% worldwide, its configuration has proven to be somewhat tedious and difficult when it comes to high availability. ISC president and DNS maven Paul Vixie feels that this should soon change with the help of its dozen or so patrons and sponsors among domain registries. The nonprofit organization can then focus on developing BIND 10 under a BSD-like ISC license based on their financing.

Even with full details on BIND 10 missing, ISC sketched out some cornerstones of its design. One among them is that BIND 10 will support DNSSEC. Many security experts called for higher security measures as a critical Internet infrastructure for DNS after they publicized holes in the protocol.

BIND 10 should undergo some modularization to provide more interfaces, including to background query databases. It will also provide new forms of interaction with monitoring and configuration environments, enabling a closer coupling between DNS and DHCP servers to allow not only IP address but also hostname allocations. One thing where developers agree is that BIND 9 left too many opportunities for DoS attacks by dumping and exiting on the slightest error. BIND 10 will use reset-and-continue as the normal response to attacks instead.

Related content

  • CeBIT 2010: Preview of BIND 10 DNS Server

    In the Open Source Project Lounge in Hall 2 of this year's CeBIT, the developers of BIND 10 presented a preview of the upcoming version of the nameserver and are looking for a contact to the community.

  • Bind 10 Test Drive

    Admins have waited all of five years for the 10th major release of the Bind name server, which appeared at the end of March this year. The latest release is a complete rewrite of the DNS server, with a modular design and new configuration tools, but is it ready for business?

  • Kernel News

    Chronicler Zack Brown reports on the latest news, views, dilemmas, and developments within the Linux kernel community.

  • DIC: Domain Name Registries to Promote DNSSEC

    The DNSSEC Industry Coalition (DIC) was founded in the U.S. with the goal to drive further development and acceptance of the DNSSEC security protocol. The consortium includes a half dozen top Domain Name Registries and software developers that are currently laying out an action plan.

  • DoS Attack Exploit in BIND 9

    A specially crafted dynamic update message to a DNS zone for which the server is a master can raise havoc in BIND 9. An active remote exploit is already "in wide circulation."

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More