BIND 9.3 Released With Commercial Support

darthcamaro writes "Time for net admins to update BIND: version 9.3 has been released. internetnews.com has a story on it where they talk with Paul Vixie, the founder of BIND's keeper ISC. In it he details why after so many years BIND has finally decided to offer commercial support. 'Many of the companies who use our software free of charge have told us that their corporate risk management strategy requires them to have a bona fide support channel for all of their critical operations,' Vixie said. 'In other words we were told that having the best software wasn't good enough, and giving it away for free wasn't good enough, we also had to ensure that commercial support was available or they could be forced to switch to software they didn't like as well just to get support.' The full press release on the BIND 9.3 release is also available."

Wait till the next exploit,,,

[darkjedi521]

Wasn't at one time BIND the IIS of the unix world? This could open them up to a world of problems if/when the next exploit shows up.

Re:Wait till the next exploit,,,

[otis+wildflower]

No, you're thinking of Sendmail.

Re:Wait till the next exploit,,,

[John+Starks]

Exploits are not uncommon in BIND, even today. Take a look at their security alert page, especially the matrix at the bottom. Security problems abound!

It's not clear why people continue to use BIND. It's probably because it's just assumed that it's the only thing out there. But everything from security to configuration is poorly done in BIND. I use tinydns (part of djbdns) instead on all my servers. It's written by Daniel Bernstein, the same guy that wrote qmail. He's got a great track record -- no security holes in any of his software, AND he backs up that assertion with a $1000 prize to anyone that finds such a hole. He makes a better case than I do for tinydns/qmail vs. BIND/sendmail than I ever could.

Re:Wait till the next exploit,,,

[Florian+Weimer]

Exploits are not uncommon in BIND, even today.

Critical exploits in BIND 9 still have to show up. The really nasty bug so far was actually in OpenSSL.

It's not clear why people continue to use BIND.

For the full resolver part, their are hardly any alternatives. If you need DNSSEC, your options besides BIND are even more limited.

tinydns is unusable for most people (who aren't masochists) because it doesn't conform to existing standards and parctice. Just speaking the DNS protocol is not enough, you also have to implement some of BIND's quirks, and more important: the software has to be maintained. DNS is still evolving, DJB's software is not. (Some of it doesn't even compile on modern, POSIX-conforming systems.)

Re:Is this a good thing?

> Hopefully the ISC won't turn this into a RedHat situation.. They find that corporate use is profitable, and release a closed-only solution to corporations, while forking the code over to another open source project..

How did this get a "Score 3, Insightful" when it's so completely WRONG?!? All the Red Hat source code is freely available - how "closed-only" is this?!?

Re:First Post?

[NineNine]

Windows Server has a DNS service built in.

NOT "Time for net admins to update"

[strabo]

I really hope that most net admins know better than to update until after the beta is over, and the release version comes out.

BIND 9.3.0 is not released yet. It is at beta 2, which was released two days ago.

Re:First Post?

[0racle]

Your going to need to learn how to read first. Bind for Windows NT/2000 binary and source, just a little down the page.

Re:This is a simple reality in corporate use

[ChoyLeeFut]

It's worth the money for me to be able to get someone on the phone 30 seconds after it crashes to get my business running again.

30 seconds??

Wow... you've never had to deal with support from Monolithic Corporation Inc., have you? ;-)

Re:Why is this a surprise?!

[operagost]

but I cringed when the launch screen came up with the usual "Not guaranteed for fitness or any purpose" or whatever.

Guess what? The Microsoft EULA (along with most other companies') says the same thing in other words. And you DO pay hordes of money for those without getting any real support, until you pay hordes more. Might as well get the right free product and buy competent support and save one horde.

How the BIND company makes money

[amacleod98]

D. J. Bernstein has a few things to say about this Also see here And here

Re:Read your EULA please.

[morelife]

You are, loudly, shooting yourself in the foot.

If you had a critical software problem, and you told the vendor you "won't buy another piece of software from them" you know what you still have?

Your same broken ass software, and a worse relationship with your vendor.

Read your EULAs, ask your lawyer about them, and then go do a little research on the reliability and fix times for problems in BIND, Postfix, Apache, OpenSSL/SSH, etc etc etc.

You'll find that you're better off in many cases with OSS, with many less dollars lost.

Re:First Post?

[dasmegabyte]

So? If he wanted a quality DNS server, he would have asked about DJBDNS.

Dan Bernstein might be an, uh, "colourful" character, but his software is fast, easy to use, easy to admin, and all around better than anything Vixie & crew could offer. Plus this guy's devotion to security is nothing less than astounding. I trust his internet tools wherever possible...shit, i even run an instance of his no frills HTTP server for images.

Comment removed

[account_deleted]

Comment removed based on user account deletion