Slashdot Mirror

← Back to Stories (view on slashdot.org)

Root-server switches from BIND to NSD

Posted by ryuzaki0 on from the invulnerability-through-diversity dept.

A Sorry End writes "It appears that one of the 13 root-servers, the core of DNS name resolution, have moved away from BIND to NSD since wednesday, Feb 19th, 2003, which is a Good Thing. Since the 26th of october 1990, all root-servers have been running BIND. According to this message, this change was designed to increase the diversity of software in the root name server system, the lack of which is widely considered to be a potential vulnerability. The nsd software has been designed from scratch specifically as an authoritative name server. It has no design commonalities with bind, the currently prevalent DNS implementation. In addition to that nsd provides a significant increase in the performance reserve of k.root-servers.net. NSD was developed at NLnet Labs in coorperation with RIPE."

2 of 251 comments (clear)

  1. So how secure is it? by modemboy · · Score: 5, Interesting

    Anyone familiar with NSD care to comment on how secure it is? Are we diversifying just for the sake of diversifying or is it as secure as BIND?

  2. Re:Specs on BIND Vs NSD by Anonymous Coward · · Score: 5, Interesting

    We did quite some testing comparing responses
    to millions of both real world and artificial
    queries. None of the differences observed are
    material enough to be noticed by common resolvers
    and much less any applications or even users.

    Daniel Karrenberg
    daniel.karrenberg@ripe.net