Posted by
ryuzaki0
on from the looks-up-good dept.
Eric Sun writes "After numerous release candidates and betas, the final stable release version of Bind 9 has been released. Looks like the homepage hasn't updated yet, but you can get a list of download servers from its page at Freshmeat."
There's a DNS Tutorial by Jim Reid of Nominum the copany responsible for the offical support of BIND. I assume he'll be mentioning the changes in BIND 9 at this event.
This is not "news for nerds" nor "stuff that matters."
Can't we please only get updates on important software.
It's not bind holds the entire net together or anything.
--Shoeboy
BIND: providing remote root since 1993
by
MattW
·
· Score: 4
I'm sure glad we have a nice fresh version.
It's been so long since I've had to patch my
BIND, this sure will be exciting.
I'm hoping BIND9 is a complete, utter rewrite, with no code from BIND8 still remaining.
If it isn't, then it's way way too late - switch to Dan Bernstein's djbdns instead. Read the security guarantee and weep in relief. Notice the exceedingly small memory footprint. The lack of core dumps. That you can get rid of AXFR completely and just use rsync+ssh to transfer to your secondaries.
Check out tinydns.org which has migration tools from BIND which im playing with atm.
Good news for large domains.
by
alteridem
·
· Score: 5
This is good news for large domains as it adds some great features for servers servicing many requests. Bind 9 is now;
Thread safe so it can run on multi-processor machines
Plugs into several back end databases so it will be easier to support large domains
Support for IPv6. The future is nearly here!
Several protocol enhancements like IXFR, DDNS, Notify, EDNS(0,1) and improved standards conformance.
This is a major rewrite and may contain a host of new security problems, but it is a step in the right direction and I will definately be looking at it to manage my larger domains.
There is also good news for those with a smaller number of domains.
views
this allows one daemon on one server to present different data to different groups depending on where the request comes from.
if request is from internal reply with www=192.168.1.1
if request is from external reply with www=63.1.1.1
the config file would look something like this
view "internal" {
match-clients { localhost; localnets; 192.168.0.0/24; };
recursion yes;
zone "." { type hint; file "root.cache"; };
zone "0.0.127.in-addr.arpa" { type master; file "named.local"; };
zone "pricegrabber.com" { type master; file "db.pricegrabber.com.internal"; };
};
view "external" {
match-clients { any; };
zone "pricegrabber.com" { type master; file "db.pricegrabber.com.external"; };
};
This is _very_ cool! If you run two name servers(master and slave), before you would actually have to run four servers. two for 'internal users' and two for 'the world'.
Christopher McCrory
"The guy that keeps the servers running"
chrismcc@pricegrabber.com
http://www.pricegrabber.com
PriceGrabber.com - The Smart Place to Start Your Shopping
"Linux: Because rebooting is for adding new hardware"
-- Christopher McCrory
"The guy that keeps the servers running"
chrismcc@gmail.com
http://www.pricegrabber.com
I recently changed from BIND (the Buggy Internet Name Daemon) to D. J. Bernstein's DJBDNS. It's a very modular, robust and not to mention secure replacement for BIND. He's got a security guarantee as well. He offers $500 to the first person who reports a verifiable security hole.
So instead of worrying about the next serious security hole in BIND, replace it with DJBDNS and make your server a lot more secure.
DNSSEC is a reality! (Well, it would be, if
anyone else used it...!)
No resolv.h file! (This means ALL network code
that's out there will need to be re-written to use
the new resolver, which is NOT backwards-compatiable.)
LOTS of libraries! No more simple -lresolv, or
-lbind. Instead, you're faced with -ldns, -lisc,
-llwres and -lowrapi. NONE of which are shared.
They're ALL static.
Headers are split up into 3 or 4 directories,
now. Time to get out the road map.
The Internet needs a powerful name server and name
resolver, but USEFUL tools don't use structure to
obscure the content.
-- It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Bind 9.0 web page is posted, but not linked
by
ChuckRoast
·
· Score: 5
The official Bind 9 page is written, just not linked, yet.
Slashdot Mirror
Any new rootholes for us to exploit, or will it be just the same, old, boring stuff?
--
There's a DNS Tutorial by Jim Reid of Nominum the copany responsible for the offical support of BIND. I assume he'll be mentioning the changes in BIND 9 at this event.
This is not "news for nerds" nor "stuff that matters."
Can't we please only get updates on important software.
It's not bind holds the entire net together or anything.
--Shoeboy
I'm sure glad we have a nice fresh version. It's been so long since I've had to patch my BIND, this sure will be exciting.
I'm hoping BIND9 is a complete, utter rewrite, with no code from BIND8 still remaining.
If it isn't, then it's way way too late - switch to Dan Bernstein's djbdns instead. Read the security guarantee and weep in relief. Notice the exceedingly small memory footprint. The lack of core dumps. That you can get rid of AXFR completely and just use rsync+ssh to transfer to your secondaries.
Check out tinydns.org which has migration tools from BIND which im playing with atm.
- Thread safe so it can run on multi-processor machines
- Plugs into several back end databases so it will be easier to support large domains
- Support for IPv6. The future is nearly here!
- Several protocol enhancements like IXFR, DDNS, Notify, EDNS(0,1) and improved standards conformance.
- A host of other features, see this for more.
This is a major rewrite and may contain a host of new security problems, but it is a step in the right direction and I will definately be looking at it to manage my larger domains.I recently changed from BIND (the Buggy Internet Name Daemon) to D. J. Bernstein's DJBDNS. It's a very modular, robust and not to mention secure replacement for BIND. He's got a security guarantee as well. He offers $500 to the first person who reports a verifiable security hole.
/usr/ports/net/djbdns; make; make install
So instead of worrying about the next serious security hole in BIND, replace it with DJBDNS and make your server a lot more secure.
Homepage: http://cr.yp.to/djbdns.html
For OpenBSD users: cd
The Internet needs a powerful name server and name resolver, but USEFUL tools don't use structure to obscure the content.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
The official Bind 9 page is written, just not linked, yet.