Slashdot Mirror
Interview With Paul Vixie And David Conrad
rwm311 writes: "linuxsecurity.com is running an interview with [Paul Vixie] and [David Conrad] about the ISC and BINDv9. It's a pretty good read. Vixie talks about his days at DEC and his motivation behind BIND while both Vixie and Conrad speak of the future of BIND - features they would like to implement and things that will be going away (such as nslookup)."
Or Slashdot users could figure out how to use proxy servers. Either way.
Of course all on /. know what he meant in his statement.... right? (especially as it was related to security....
Have to preview more carefully from now on....
why didn't you? Paul V is pretty outspoken fellow. I still remember the e-mail he sent to dns forum. At some point domain name registration process was free as a beer. Then you suddenly had to pay $50 a year. There was lots of complainson a forum. Then e-mail from Paul V - he called the whole forum 'a bunch of scum-sucking morons'. Was quite a while ago but I still remember this one. Scum-sucking moron, isn't that something?
Not entirely true. Many ISP's caching proxies will allow non-customers to use them. I don't know if that's intentional or not, though :\
Caching proxy servers even.
This is very good news! The problem that scares me is that bind8 compatability may not be all there. This makes updating a large site to BINDv9 is going to be a problem for many ISP's etc.
There are still a couple of areas where we're deficient in support of standards, e.g., we don't support using DNSSEC with wildcards and a BIND version 9.0.0 slave does not forward dynamic updates to the master as it should according to the RFCs. Our intent is to fully implement the standards (and/or help revise the standards to make them more useful to the Internet community).
While waving off other name server implementations (DjbDNS) by saying it doesn't meet current standards, they admit that Bindv9 WON'T mean some of the current standards! In fact it seems that Mr Conrad is in favor of changing some of the standards. Is that to make them more useful, or make them fit Bindv9?
All in all ANYTHING has to be an improvement over the code of Bindv8. The proof will be after Bindv9 has been "in the wild" for a few months.
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
Friday is Score 2: Troll Day. Join us!
And if you moderate this down, please email me and tell me exactly what you're trying to prove.
.88 magnum -- it goes through schools.
--
It's a
--
It's a
-- Danny Vermin
Vixie wrote a version of cron that is very popular
wolf31o2 Developer, Gentoo Linux Games Team
Definition of Open Source given in ESR's Jargon File.
Download Bind 8 Sources
Finally, the contents of the LICENSE file in the current BIND distribution:
## Copyright (c) 1993-2000 by Internet Software Consortium, Inc.
##
## Permission to use, copy, modify, and distribute this software for any
## purpose with or without fee is hereby granted, provided that the above
## copyright notice and this permission notice appear in all copies.
##
## THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
## ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
## OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
## CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
## DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
## PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
## ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
## SOFTWARE.
I didn't bother to C&P their address, which I'm sure is somewhere on their webpage.
How do the definition and the current BIND license (which I think we can expect to carry over to BIND9) not jibe? In fact, it's not just Open Source, it's Free Software as defined by RMS.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
It's almost a complete rewrite and a beta. There comes a point in the life cycle of most large pieces of software where you have to bite the bullet and re-engineer chunks of it. It's almost always a bit painful.
Dan Bernstein (the guy who wrote qmail) has an interesting commentary on struggling to implement a secure replacement for BIND.
namedroppers
My only request of Mr. Conrad is that they actually make it do something useful, unlike nscd. For those who don't know, nscd is the Name Server Cache Daemon in Solaris. In theory, it caches requests for passwd, group, and hosts requests to make repeated lookups faster. In practice, you can't tell a damn bit of difference whether it's running or not.
..I won't be going through all my shellscripts to edit them and kill off the nslookups. With any luck, they should work.
Sigged!
I agree with everything you say. I'd like to know how postmodern literary criticism could be subject to checks, though! But the comment above really strikes a chord with me. Did you ever read Zen and the Art of Motorcycle Maintenance? Part of the story is about this guy who is convinced that most western thought is based on a mistake made by Plato which should have been picked up 2,000 years ago, and him thinking through the conclusions of what would have happened if the mistake had been noticed (which eventually sends him to the nuthouse). The theme is exactly this - that a clique of researchers cannot even conceive of an error in their underlying assumptions, let alone address the error, or respond to criticism. And that's even without postulating a vested interest - so where a vested interest exists, you can bet the problem is ten times worse.
Fortunately for the physical sciences, as you say, mistakes can be spotted. Relativity and uncertainty are the two things that come to mind. Which makes me feel that physics, next to mathematics, is the most trustworthy of sciences.
When you're talking about evolutionary biology, you wouldn't be thinking about Richard Dawkins, would you? ;) The man who is so sure that his ideas match reality that he's written a library of books convincing people not to believe in God. "Don't accept anything on faith," he says, not realizing he's one of the world's most faithful people (he sure has a lot of faith in his own correctness, despite a staggering lack of scientific evidence).
The only thing I think you have wrong here is where you rubbish statistics. Psychology wouldn't even exist as a science (which might not be so bad ...) if it wasn't for statistics. Statistical theory is all about determining what's noise and what isn't. I agree with your sentiment - sometimes I wonder if (for instance) microwave background radiation really proves that the big bang happened. But if statistics tells you there's a 95% chance of a meaningful correlation, that's what it means. Not that there is a correlation, necessarily, but just that if there wasn't a correlation, there's only a 5% chance that the results would look that correlated. Of course, 5% is good odds. If there was a correlation with 99.99999% probability I'd be inclined to accept it. Much psychology is based, as you say, on likelihoods of 5%, and there's significant doubt. Sadly, the popular perception of science is that it's infallible, so if someone publishes a paper that everyone in the scientific community knows is de facto questionable, the majority can still amend their entire world view based on this dodgy "knowledge". Give it a spin so Fox 11 news picks it up, and you've basically created a new "truth".
Witness, for instance, the "fact" of global warming. It's not like the Earth ever suddenly changed temperature before the industrial revolution ;) Like, say, in the ice age. I'm not saying global warming isn't happening, but it's highly contentious whether or not it's really due primarily to gaseous emissions. There's no doubt in the public mind to mirror the one in mine, however.
Oops, I got stuck in wibble mode. Bye!
.88 magnum -- it goes through schools.
--
It's a
--
It's a
-- Danny Vermin
That means that we should abolish the letter 'Q' and replace it with something that means 'Qu'. It would simplify spelling. The alphabet would remain the same size. We wouldn't have to write the letter 'Q' anymore.
I pick the pipe as the symbol for the replacement letter. It's underused in the English language. From now on, words like quick, que, and quack will be spelled |ick, |e, and |ack.
See how nice that is?
If tits were wings it'd be flying around.
---------///----------
All generalizations are false.
--
I like to watch.
Dan (the maker of djdns) sure makes secure code, but at anno domini 2000 it is totally unnaceptable to have the following restrictions for distribution. this definetly not a open source license.
If I wanted to Improve djdns and distribute it, i couldn't. Same applies to qmail. Only sysadmins with unlimited time install Dan's software, as no distribution can accept Dan's restrictions and distribute precompiled versions.
signatures pending - ansa@kos.to - (dont mail there)
I've never read anything by a security software designer that agrees with you. Sorry. Security, especially in the area of encryption, etc. is not simply an issue of well-written bug-free software (which Bind has definately never been so far). Its a design decision and plan that has to start before the code is ever written.
- Michael T. Babcock (Yes, I blog)
In the interview, they used buzz-terms like "programming by contract" which is a practice that can make a lot of problems go away, but doesn't address the question of how the system was designed. If it's still a monolithic binary with authoratitve and caching built into one, w/o a well defined seperation then it seems like the default is still going to have trouble with preveninting attacks that poison the cache. If the credability rules still exist, then it'll again be easy to start an attack through BIND.
I do hope BIND9 is better then 4 and 8, but I don't think I'm going to use it now that I've got everything I need in djbdns.
-Peter
== Just my opinion(s)
Yes, its compliant in zone transfers. It supposedly even supports IXFRs now (incremental updates). DNSSEC? Nobody else is using it and there are serious questions about its usability in the wild (especially associating it to an existing PKI, or building one). TSIG? Microsoft's version is probably as kind as their version of Kerberos, but they come down on DJB?
I want a nameserver that doesn't suddenly disappear out from under me for no reason, or that has a memory management policy of 'help! restart me!'.
Deal with the REAL issues first, add cute features later.
- Michael T. Babcock (Yes, I blog)
--
Fuck the system? Nah, you might catch something.
I tried running it on a server which has
about 50000 or so separate clients throughout the day, and found a number of bugs. Some of the
bugs prevent bind9 from answering queries,
as it has a mechanism to prevent more then 1000
simultaneous queries by default. Raise it and
BIND fucks up with strange bugs which make it loop
and eat all CPU. Time for the debugger. Or,
maybe http://www.dents.org/
Since some people don't like clicking links for some reason, here's DJB's comments on DNSSEC (a few of them at least):
Taken from http://cr.yp.to/djbdns/forgery.html ; ;Read the rest of that page for his idea for a quick-fix.
- Michael T. Babcock (Yes, I blog)
Although design flaws have made some BIND bugs worse, all the BIND exploits that I can think of have their roots in plain old bad development rather than some specialized security problem.
Take the classic problem, the buffer overflow. Some programmer makes an incorrect assumption about the size of a chunk of data, and ka-blooie, you've written garbage all over memory. Although this can, with a lot of trickery, turn into a security problem, it's really just bad programming.
Good programming is all about making sure that your code does only what it's supposed to, neither more nor less. As part of making a program robust, you'll automatically take care of most of the sloppiness that leads to security flaws.
This isn't to say that security is easy or unimportant, but the first poster is right; security is mainly a design issue. From the perspective of a coder, security errors are a small subset of the errors you aim to eliminate when coding for maximum reliability.
Only if your employer is prepared to allow you to publish ...
What a long, strange trip it's been.
Trying to get slashdot.org to rate high among the porn sites on the less sensible search engines? (other than gOOgle?
jonkatz@slashdot.org
Their comments about security are quite irritating because they mention things like DNSSEC but don't want to talk about the way BIND is coded. DJBDNS comes up (http://cr.yp.to/djbdns.html) but is brushed off with false claims (it does support transfers, and support for IPv6 is in the works).
- Michael T. Babcock (Yes, I blog)
I think this experiment could be very important for computer science research and maybe other typs of research. There are many fields of science where it is possible to go on forever publishing research without any checks. Obvious areas where this goes on are fields like so-called postmodern literary criticism. But it happens in the sciences too. In behavioural evolutionary biology you can make up just-so stories in paper after paper safe in the knowledge that nobody else can rerun evolution for you and demonstrate that you are wrong. In psychology you can repeatedly perform experiments measuring correlation between this variable and that. By chance one in 20 results are 95% significant and you publish those results as if they are something other than noise. Vixie's and Conrad's work is going to be a sanity check against this kind of work - a kind of experimental control. Here's a situation where somebody does know networks work and work can be checked. BIND only does so many things. If researchers are unable to understand this then should they really have jobs supposedly researching network technology? We need to see a few more tests like this in academia. Beyond a certain point - after you've taken your last exam - academics are no longer accountable to anyone. Sure - you get peer reviewed. But what happens when you and your peers all belong to a clique that have a vested interest in promulgating a particular scientific dogma? This experiment is a wonderful way to ensure that researchers still are being tested.
Seems like everyone makes this mistake sooner or later!
(for the confused: he meant "factor products of large primes trivially".)
Torrey Hoffman (Azog)
Torrey Hoffman (Azog)
"HTML needs a rant tag" - Alan Cox
Hopefully, the easing of US crypto controls earlier this year doesn't mean that someone has figured out how to factor large primes trivially... :-)
All prime numbers (including large ones) have exactly two factors, themselves and 1.
on security:
"...it was an indirect goal. We wanted to produce a rock solid, commercial grade, open source DNS implementation in the tradition of BIND..."
translation: bind 9 will be just as buggy as the old bind!
"...and with high compatibility with BIND. One important side effect of all that is security."
is it just me, or does the concept of security as a "side effect" seem very frightening?
you'd think that with all the problems in the past with bind, they would have considered security to be a primary goal, not a "side effect".
--
The basic sleazeware produced in a drunken fury by a bunch of U C Berkeley grad students was still at the core of BIND.
Interesting, I didn't expect them to admit to that sort of thing.
And it's not really that nslookup is going away, at least not the way that I think of it (a command line tool to quickly find an IP address) - they indicate that it was because nslookup currently is closely mapped to the BIND8 API which has been changed all around. I think they want something more abstract which will allow users to get the info they want without being closely tied to the underlying protocol. (Abstraction! Egad!)
All in all, it sounds like good news.
Hopefully, the easing of US crypto controls earlier this year doesn't mean that someone has figured out how to factor large primes trivially... :-)
All in all Bindv9 sounds good. Some have been real critical that it will have bugs etc etc, so whats the deal...I dont think there is any major SW out there that has 0 bugs. Especially in .0 release. If they squash or work around the bugs quickly and efficiently I am satisfied. Monitor the various lists and web sites if your an admin, basically its a job req. I wish it wasn't but then again so do most of the SW developers.
Having said all that I must admit the comment about security being "an indirect goal" by Paul was a bit disconcerting to me too. But then David's comment that it was a "core requirement." Different viewpoints ? Quick damage control by D.C. ?