BIND 9.3 Released With Commercial Support

darthcamaro writes "Time for net admins to update BIND: version 9.3 has been released. internetnews.com has a story on it where they talk with Paul Vixie, the founder of BIND's keeper ISC. In it he details why after so many years BIND has finally decided to offer commercial support. 'Many of the companies who use our software free of charge have told us that their corporate risk management strategy requires them to have a bona fide support channel for all of their critical operations,' Vixie said. 'In other words we were told that having the best software wasn't good enough, and giving it away for free wasn't good enough, we also had to ensure that commercial support was available or they could be forced to switch to software they didn't like as well just to get support.' The full press release on the BIND 9.3 release is also available."

This is a simple reality in corporate use

[Martin+Blank]

No support, no sale.

I can understand it to a degree; there's no guarantee that the version installed today will not be completely dropped next month. It gets a little aggravating when it holds up an entire project, though, because of one small piece.

The upside, of course, is more funding for critical projects.

Re:This is a simple reality in corporate use

[Shakrai]

Many of these support contracts are really just the "Circuit City Extended Waranty" of the corporate world.

Have you ever known a PHB that didn't get the extended Circuit City warranty? That's what this is all about -- selling it to the PHBs of the World so we can go on using our OSS that we know works and even with the support contract is cheaper then the commercial alternative.

Re:This is a simple reality in corporate use

[KimiDalamori]

Why would a coporation be worried about it being dropped? If anything, Open Source projects seem to be a haven for ancient code where it can linger on forever and ever, continually being tweeked and improved over the ages.

On the other hand, I suppose if some huge IT company wanted to give me money for something I did for free in the community-based support forums alredy availiable, I'd take it too.

Re:This is a simple reality in corporate use

[NineNine]

It's not about whether it works or not. It's about being able to call somebody at 2:00AM when a critical machine goes down, as opposed to waiting for your Usenet post to get propogated, then hoping that l334G33k425 responds to your message in a timely manner and gives you the correct answer. Case in point... my retail businesses have a POS system that I paid for. Granted, there aren't any truly viable OSS ones out there yet, but assume there are. It's worth the money for me to be able to get someone on the phone 30 seconds after it crashes to get my business running again. Or if an employee fucks something up, I know that I can absolutely get someone on the phone who will eventually fix my problem. I don't care how good a competing OSS project is supposed to be: no software is perfect, and there absolutely, positively MUST be someone to fix it when the shit hits the fan (as it always does, eventually). When your rent & power bill & paycheck is on the line every day (as mine are), you don't fuck around. Period.

Re:This is a simple reality in corporate use

[jdray]

While I wouldn't have put it quite the way you did, I have to agree with you. If the OSS community keeps up the attitude that Shakrai puts forth, adoption into corporate datacenters and business areas will be slow and agonizing. As you said, people want assurances.

The upside is that companies are used to and willing to fork over large sums of cash for those assurances. So, if you love an OSS project enough to dedicate your life to it, then get to know it inside and out and start offering commercial support for it. If the product is stable, you never have to answer the phone. If you charge $500 per year for support, 100 customers makes for a tidy income. And, honestly, most midsize corporations wouldn't even blink at $500 per year for support on something that goes on a server, unless it was in astonishment at how cheap it was.

Re:This is a simple reality in corporate use

[ron_ivi]

Places I've been, it's taken Oracle Support *days* to get systems up and running - and at as often as not, the in-house DBA or database programmers who worked around the problem _before_ Oracle Support came through.

ROI calculations are easy, though. If your website might be down for 18 hours while your in-house support guy finishes sleeping, wakes up, and reconfigures BIND; and your web site makes $1000/hour; and the chance of this happening is 10% each year; it's very easy to translate to dollars.

How much business do you lose in those 30-seconds?

I think more .com's died because they overdesigned their "zero-downtime incase California sinks in an earthquake, so let's have our database mirror'd around the world"; rather than think through the (modest) implications of a couple hours downtime.

Is this a good thing?

[NivenHuH]

Hopefully the ISC won't turn this into a RedHat situation.. They find that corporate use is profitable, and release a closed-only solution to corporations, while forking the code over to another open source project..

Why is this a surprise?!

[Da+Fokka]

If you are running any kind of critical operation, support has to be guaranteed. And in our capitalist world, that means paying for it. No matter how good it is, free software has no guarantees whatsoever. And companies need those guarantees. Simply because in court a 'we'll do our best to support our l33t software' is just not good enough

Re:Why is this a surprise?!

[AhBeeDoi]

Nobody says that support can't come from a third party. I'm sure there a many consultants/groups (many of whom may be contributors to the project) available that can provide the necessary support.

Re:Why is this a surprise?!

[h00dLuM]

The monstrous beast of a company I work for let me set up a linux box running apache/nagios network monitor, unofficially. When I was done, my manager came by to inspect it and and was quite impressed, but I cringed when the launch screen came up with the usual "Not guaranteed for fitness or any purpose" or whatever.

Then he notices the note at the bottom of the browser about Free Software, he asks me how much it would cost to buy licenses, and my stupid answer is "It doesn't cost anything, (yeah yeah my time) it's free!"

His reply: "I don't trust free."

I disagree personally, but this is our corporate environment.

That frigging Not guaranteed for any purpose thing has somehow got to go, although I know that it's fundamental to the GPL.

Re:Why is this a surprise?!

[NineNine]

His reply: "I don't trust free."

That's completely reasonable. Would you take a hamburger from a guy on a street corner that was giving them away, even if he assured you that they were perfectly good... he just made them himself this morning?

Exactly.

Re:Why is this a surprise?!

[po_boy]

Free Porn. Period. [ninenine.com]

Would you take porn from a guy on street corner that was giving it away, even if he assured you that it was perfectly good...

Perhaps some analogies are flawed, I guess.

Re:Why is this a surprise?!

I sure would- if he ate a few himself first.

Good to see they're 'getting it'

[mgkimsal2]

Not specifically the BIND folks, but it's good to see that people are more and more waking up to this fact. Hopefully the fact that something is 'open source' and people are 'making money' from it won't be a newsworthy item in the near future.

What I think many programmers don't understand is that most people will often choose a so-so product from a well-run business over a better product from a poorly run business or organization. Having no guaranteed support mechanism for BIND (and other projects) does hurt adoption of those projects in many organizations. Option support is essentially the best of both worlds, as long as the prices aren't cost prohibitive. If pricing is too high, there's much less incentive to switch, because people will usually settle for 'good enough' when 'way better' costs a whole lot more.

The best software?

[ybmug]

Hopefully that wasn't in reference to Bind. I know a few people who might take issue with that...

<PHB>Who needs competent sysadmins?

[GypC]

We bought support. The god-like powers of software vendors are obviously much superior to those of anyone that would work for us, even if the source code is open. </PHB>

Read your EULA please.

[Moderation+abuser]

Then come back and start telling us about the guarantees that you get. Oh, and have a look at your support contracts as well to see exactly you are guaranteed.

I think you'll find they amount to little more than "we'll do our best to support our l33t software".

Re:Read your EULA please.

[NineNine]

At the very least, you can tell a company that if it doesn't get fixed, you won't buy another piece of software from them, and neither will anybody else you know. An OS person will tell you to fuck off. I'm the leader of a user group for a specialized piece of software, and the company knows that if I'm not happy, most of their customer base is gonna hear about it. There's incentive for them to get it fixed. There's zero incentive for an OS person to fix your problem.

Re:Read your EULA please.

[Tony-A]

You'll find that you're better off in many cases with OSS, with many less dollars lost.
Yes, but how does megacorp have its cake and eat it too? How does megacorp take advantage of the inherent efficiencies of OSS? OSS can be had cheap, very cheap, but the real advantage is on the high end.

You've paid good money for whatever. That entitles your manager to call your salesman's manager and give him/her an earful. Not that it will do a lot of good, but at least it's something. The vendor has certain responsibilities whether the vendor likes it or not. These responsibilities are tied to the money paid and in reality override whatever legalese is in the EULA or whatever. Satisfied customers are your best salesmen. Dissatisfied customers do not tend to keep it to themselves. It takes something like ten satisfied customers to balance one dissatisfied customer. A very dissatisfied customer, or a dissatisfied prominent customer carries a lot of clout. "Never buy another piece of software" is explicit only at the very end of a nasty downhill slide.

Corporations, businesses, most of us really, like to feel in control. With OSS, the developer(s)/maintainer(s) are very much in control and are subject only to their own whims. They have no requirement to be reasonable by anyone's standard of reasonableness. (I did not say anyone else's. Intentionally.) By buying foo, by whatever name they choose to call it, corporations buy a sense of control and help ensure the viability of something they depend on. I'd also suspect that corporations have a moral sense that freeloading is not a viable long-term plan.

Good move...

[Trolling4Dollars]

...in way. At least it keeps the crappy proprietary DNS products from infiltrating the net to an extent. Since the asshat suits who think it's better to have commercial support for something are wailing about thi issue, at least it's addressed now. They can go sit and spin.

Suprised by opportunity

[Sloppy]

If you are running any kind of critical operation, support has to be guaranteed. And in our capitalist world, that means paying for it. No matter how good it is, free software has no guarantees whatsoever.

Free software has whatever guarantee the vendor wants to sell with it -- and the vendor can be anyone! You just happening to be thinking of the case that most of of nerds are in, where we use the software without there being any vendor at all. Thus, there's no guarantee. But it doesn't have to be that way.

This doesn't so much look like a disadvantage for free software, as it looks like a really easy and cushy business opportunity for some laid-off programmers and sysadmins. Some company wants BIND with support? Then be the guy who sells BIND to them. Get paid $n/month to do almost nothing. Compete with Paul Vixie, selling his own software.

It looks like Paul's problem, is that nobody else wanted the money, so he was forced into taking it himself. Life's a bitch.

Well, that's convenient...

[Angst+Badger]

In other words we were told that having the best software wasn't good enough [...]

That works out well, because BIND isn't anywhere near the best software, at least not for name serving. It is, however, an exceedingly reliable source of serious vulnerabilities, and considering how relatively simple DNS is, that's a monumental achievement in its own right.

Support? why?

[blanks]

Isn't this why companies will pay so much money for IT that know what their doing. If your paying for the best of the best, support should not be a high priority. If you have to use lower quality products just for support, then someone in the chain of command shouldn't have a job.

Shouldn't trust mum's cooking then ...

[anti-NAT]

Or how about when you go around to a new colleages house for a BBQ, to get to know them. Do you eat the free food there ?

Or go to a party where everybody has to bring food or drinks. Do you eat the free food there ? Would you be offended if other people don't eat the free food that you brought ? If they don't, aren't they saying that you are untrustworthy ?

Free doesn't mean you can't trust something.

You are overlooking social and reputational consequences of providing something at no cost that has intrinsic value. I know you know about this idea, as you posted your own example earlier. In your case, it was software you paid money for. You still threaten social and reputational consequences if the product fails, which for a commercial company has financial consquences. For people who provide software for free, social and reputational consequences are far more costly, as the only increase in value they get from providing the software for free are social and reputational.

In fact, this is one of the fundamental truths of The Cluetrain Manifesto. The Internet provides the ability for social and reputational consquences to travel much further and much faster, which increase the impact of those consequences.

I'm sure if BIND wasn't good enough, the readership of Slashdot would know about it pretty quickly. We already know when an exploitable bug is discovered, the day it is discovered. That is likely to be one of the major origins of negative comments about BIND in Slashdot forums. The Slashdot community is a large technical community, who usually are in positions to select one DNS server implementation over another.

If ISC care about their social position within the Internet community (I'm sure they do), and want to avoid reputational consquences when they can't be relied upon (I'm sure they do), they can either try to out market the negative messages, or try to do the right job. It is almost a sport for techos to spot marketroids, so I'm confident they will try to do the right job.

Re:Wait till the next exploit,,,

[macdaddy]

Anyone who understand DNS, their OS's limits, and software applications can deploy BIND 9 in a frighteningly secure manner.

...and anyone that doesn't understand DNS, their OS's limits, or software applications should not be running any server, let along a nameserver, PERIOD, IMHO. The problem today is that there are way to damned many incompotent imbeciles that call them selves admins. Most of the rejects think they know Windows pretty well and thus can run any kind of server. It's really a sad state of affairs. I wish there was a certification that people had to acquire before they could call themselves an admin of any platform.

I run Bind. I run Sendmail. I'll always use both. I supplement Bind with rbldnsd. I have no need to supplement Sendmail. Both do what I want. Since I'm not an incompotent moron I don't have any trouble configuring either of them. The claims people make about both/either being difficult to admin or insecure are complete bullshit. If the person was a half-assed compotent admin neither would be a problem. I swear, what is the world coming to....

Re:Wait till the next exploit,,,

[ectoraige]

It's not clear why people continue to use BIND.

I continue to use BIND because I don't like DJB's licence.

Re:Java / .NET / Strict OOP

[Tony-A]

What you're selling is your phone number. RTFM doesn't do the customer any good if the customer doesn't know what a FM is, or even WHICH FM to R. Even if most of the customers can do it all themselves, it's nice to have that phone number in case of emergencies.

all open-source software should do this

[Sivaram_Velauthapill]

I think if open-source software is to gain popularity (particularly in the enterprise environment), they must all provide corporate support.

Regardless of what you think, corporations are all about minimizing risk and shifting blame onto someone else. Having a support contract is almost a minimum at many large corporations. If there is a problem, management would like to have the confidence that some specialist outside the organization will be helping--or more likely, blamed for the problems. It is much easier for management to blame another company than themselves. Which seems more easy to defend:
"hmm... my team is working as much as they can on it. It'll be resolved soon"

OR

"The problem is being dealt with. Our vendor (insert name; say Novell) is providing a resolution."

Sivaram Velauthapillai

Re:Who needs competent sysadmins?

[GypC]

Exactly... they didn't need a competent sysadmin, they just had to do without until the cavalry arrived. That way, the IT department doesn't actually have to learn a whole lot about computers, they can just be glorified hardware techies that hire their buddies for good jobs, and pay vendors out the nose for tools and services they should be able to script or figure out themselves.

Re:Wait till the next exploit,,,

[the+morgawr]

If he doesn't give you a license, you are stuck with the default rights under Copyright Law. That's DJB's "license".

As such you can't make changes and distribute them as part of a integrated set (in theory you could distribute just the patches but it's a grey area). Hence many people consider it "un-free". Some people see this as a problem.