Posted by
ryuzaki0
on from the looks-up-good dept.
Eric Sun writes "After numerous release candidates and betas, the final stable release version of Bind 9 has been released. Looks like the homepage hasn't updated yet, but you can get a list of download servers from its page at Freshmeat."
There's a DNS Tutorial by Jim Reid of Nominum the copany responsible for the offical support of BIND. I assume he'll be mentioning the changes in BIND 9 at this event.
This is not "news for nerds" nor "stuff that matters."
Can't we please only get updates on important software.
It's not bind holds the entire net together or anything.
--Shoeboy
bind...
by
Anonymous Coward
·
· Score: 3
I gave up on bind a while ago. Certainly some folks need its features, but for most of us, DJB's dns package should be powerful enough, plus its faster and more secure.
According to the ISC Bind plans "Support for alternative back end database" is part of Bind 9. I hope that means I can add a MySQL database backend, and cgi the whole thing.
-- ok then your [sic] infringing on my copyright! Could you as [sic] me next time before STEALING my comments for your own?
I'm hoping BIND9 is a complete, utter rewrite, with no code from BIND8 still remaining.
If it isn't, then it's way way too late - switch to Dan Bernstein's djbdns instead. Read the security guarantee and weep in relief. Notice the exceedingly small memory footprint. The lack of core dumps. That you can get rid of AXFR completely and just use rsync+ssh to transfer to your secondaries.
Check out tinydns.org which has migration tools from BIND which im playing with atm.
djbdns does have IPv6 support, thanks to patches by Felix von Leitner - get them from www.tinydns.org
IFXR is an incremental method of zone transfering, which is completely useless if you use something like rsync and ssh. djbdns stores all of its zone data in a highly efficient CDB file. All you have to do to update your secondaries is to push the CDB file out. If you use rsync, then only the differences get pushed, the file gets updated atomically, and you're laughing.
If you use djbdns consistently, you have absolutely no need whatsoever for AFXR or IFXR. If you do secondary with other BIND servers then you'll need to run an AFXR process, unfortunately.
Good news for large domains.
by
alteridem
·
· Score: 5
This is good news for large domains as it adds some great features for servers servicing many requests. Bind 9 is now;
Thread safe so it can run on multi-processor machines
Plugs into several back end databases so it will be easier to support large domains
Support for IPv6. The future is nearly here!
Several protocol enhancements like IXFR, DDNS, Notify, EDNS(0,1) and improved standards conformance.
This is a major rewrite and may contain a host of new security problems, but it is a step in the right direction and I will definately be looking at it to manage my larger domains.
There is also good news for those with a smaller number of domains.
views
this allows one daemon on one server to present different data to different groups depending on where the request comes from.
if request is from internal reply with www=192.168.1.1
if request is from external reply with www=63.1.1.1
the config file would look something like this
view "internal" {
match-clients { localhost; localnets; 192.168.0.0/24; };
recursion yes;
zone "." { type hint; file "root.cache"; };
zone "0.0.127.in-addr.arpa" { type master; file "named.local"; };
zone "pricegrabber.com" { type master; file "db.pricegrabber.com.internal"; };
};
view "external" {
match-clients { any; };
zone "pricegrabber.com" { type master; file "db.pricegrabber.com.external"; };
};
This is _very_ cool! If you run two name servers(master and slave), before you would actually have to run four servers. two for 'internal users' and two for 'the world'.
Christopher McCrory
"The guy that keeps the servers running"
chrismcc@pricegrabber.com
http://www.pricegrabber.com
PriceGrabber.com - The Smart Place to Start Your Shopping
"Linux: Because rebooting is for adding new hardware"
-- Christopher McCrory
"The guy that keeps the servers running"
chrismcc@gmail.com
http://www.pricegrabber.com
I recently changed from BIND (the Buggy Internet Name Daemon) to D. J. Bernstein's DJBDNS. It's a very modular, robust and not to mention secure replacement for BIND. He's got a security guarantee as well. He offers $500 to the first person who reports a verifiable security hole.
So instead of worrying about the next serious security hole in BIND, replace it with DJBDNS and make your server a lot more secure.
DNSSEC is a reality! (Well, it would be, if
anyone else used it...!)
No resolv.h file! (This means ALL network code
that's out there will need to be re-written to use
the new resolver, which is NOT backwards-compatiable.)
LOTS of libraries! No more simple -lresolv, or
-lbind. Instead, you're faced with -ldns, -lisc,
-llwres and -lowrapi. NONE of which are shared.
They're ALL static.
Headers are split up into 3 or 4 directories,
now. Time to get out the road map.
The Internet needs a powerful name server and name
resolver, but USEFUL tools don't use structure to
obscure the content.
-- It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Re:Interesting points with BIND 9
by
MSG
·
· Score: 3
I moderated you up, but now I have to post a correction to your statement. sorry : )
I haven't actually compiled Bind 9 yet, but the page at http://www.isc.org/products/BIND/bind9.html says "To build shared libraries, specify "--with-libtool" on the configure command line.", so it seems you're inaccurate on one point.
Bind 9.0 web page is posted, but not linked
by
ChuckRoast
·
· Score: 5
The official Bind 9 page is written, just not linked, yet.
Slashdot Mirror
Any new rootholes for us to exploit, or will it be just the same, old, boring stuff?
--
There's a DNS Tutorial by Jim Reid of Nominum the copany responsible for the offical support of BIND. I assume he'll be mentioning the changes in BIND 9 at this event.
This is not "news for nerds" nor "stuff that matters."
Can't we please only get updates on important software.
It's not bind holds the entire net together or anything.
--Shoeboy
I gave up on bind a while ago. Certainly some folks need its features, but for most of us, DJB's dns package should be powerful enough, plus its faster and more secure.
I'm sure glad we have a nice fresh version. It's been so long since I've had to patch my BIND, this sure will be exciting.
According to the ISC Bind plans "Support for alternative back end database" is part of Bind 9. I hope that means I can add a MySQL database backend, and cgi the whole thing.
ok then your [sic] infringing on my copyright! Could you as [sic] me next time before STEALING my comments for your own?
I'm hoping BIND9 is a complete, utter rewrite, with no code from BIND8 still remaining.
If it isn't, then it's way way too late - switch to Dan Bernstein's djbdns instead. Read the security guarantee and weep in relief. Notice the exceedingly small memory footprint. The lack of core dumps. That you can get rid of AXFR completely and just use rsync+ssh to transfer to your secondaries.
Check out tinydns.org which has migration tools from BIND which im playing with atm.
- Thread safe so it can run on multi-processor machines
- Plugs into several back end databases so it will be easier to support large domains
- Support for IPv6. The future is nearly here!
- Several protocol enhancements like IXFR, DDNS, Notify, EDNS(0,1) and improved standards conformance.
- A host of other features, see this for more.
This is a major rewrite and may contain a host of new security problems, but it is a step in the right direction and I will definately be looking at it to manage my larger domains.I recently changed from BIND (the Buggy Internet Name Daemon) to D. J. Bernstein's DJBDNS. It's a very modular, robust and not to mention secure replacement for BIND. He's got a security guarantee as well. He offers $500 to the first person who reports a verifiable security hole.
/usr/ports/net/djbdns; make; make install
So instead of worrying about the next serious security hole in BIND, replace it with DJBDNS and make your server a lot more secure.
Homepage: http://cr.yp.to/djbdns.html
For OpenBSD users: cd
The Internet needs a powerful name server and name resolver, but USEFUL tools don't use structure to obscure the content.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
The official Bind 9 page is written, just not linked, yet.
Having an updated BIND is one thing, but we'll still have to wait for them to update GAG to 9.0 - hopefully both will have Gore and Bush support.
icqqm [ICQ:11952102]