Slashdot Mirror

← Back to Stories (view on slashdot.org)

Open Source BIND Alternative Launches

Posted by kdawson on from the ties-that-bind dept.

bednarz writes "A group of experts on Tuesday released an open source alternative to the BIND DNS server. The new software — dubbed Unbound 1.0 — is a recursive DNS server. From its first prototype in 2004, Unbound was designed to be a faster, more secure replacement for BIND. Unbound supports DNS security extensions (DNSSEC), which authenticate DNS lookups but are not yet widely deployed because they rely on a public key infrastructure. Unbound was released to open source developers by NLnet Labs, VeriSign, Nominet and Kirei."

2 of 162 comments (clear)

  1. Are we supposed to trust.. by bleh-of-the-huns · · Score: 5, Interesting

    Anything with Verisign's named attached to it?

    --
    I came, I conquered, I coredumped
  2. Re:DNS is a big problem and it's getting bigger by mseeger · · Score: 5, Interesting
    Hi, If bind is your problem, your doing it wrong. Root F runs bind and I'm betting it does far more than your trivially small organisation with only 100k zones. Root F and its mirrors answer somewhere in excess of 1/3 of all top level queries.

    If you run BIND with 100K zones, it takes quite some time to come up and starts answering queries. If you do a reload, it has a dead time in between. Try it...As secondary it has bugs (for more than 12 months now) that may crash it. I just had customer who paid a lot of money to get it fixed by an external company. Of course the fix was sent to the BIND maintainers.

    As always, you can work around the problem. E.g. for the startup/reload problem you can use multiple server and load balancers, switch ip addresses, pull a rabbit out of your hat... It's all possible. The question is always: is it cost efficent? If you have to adopt your procedures to work with BIND, you may do so. A lot of companys prefer paying money and adopt the software to their procdures. Both ways may work.

    BIND doesn't have a performance problem as primary nameserver or secondary nameserver. It has a performance problem as a caching nameserver and a severe one. This is why i'm happy about Unbound.

    At last: Some root nameservers should always run BIND. We need at huge diversity of software for root server, even if it creates pains. Just for security reasons....

    Regards, Martin

    Disclaimer: I don't hate BIND, i don't love specific comercial products. The decision is always based on a lot of parameters. Price, FOSS vs. comercial, hardware or software based solution, Know How of the administrators... All goes into one pot. There is no one size fits all.