BIND 10 Development Now Fully Underway

darthcamaro writes "A decade after work first began on version 9 of BIND, the widely deployed open source DNS server, work is now fully underway on its successor, BIND 10. '"One of the goals for BIND 10 is to allow people to customize and extend without too much trouble," Shane Kerr, BIND 10's program manager at the Internet Systems Consortium (ISC), told InternetNews.com.' Sounds good right? Only problem is that it's going to take a bit of time until BIND 10 is actually ready for production — potentially as long as five years!"

Re:Excellent..

[Intron]

Here's the entire code for Bind 1:

grep $name /etc/hosts

Fix LDAP Integrated Zones.

[Zombie+Ryushu]

Please, Please Please fix the Bind LDAP SDB Backend to allow LDAP Integrated Zones to Dynamic update. LDAP zones are useless right now because DHCP can't update it!

Re:Fix LDAP Integrated Zones.

[ritcereal]

Read the man page for the dhcp3 configuration for 'on commit', 'on release', and 'on expiry' where you can run code to update your LDAP backend with whatever language you want. There's no reason you can't already do this.

Re:Paul Vixie?

[Ethanol]

He's the president of the company that's doing the work.

5 years and then some

[glitch23]

because after BIND 10 is done all the distributors must package it for their specific customers. This includes appliance vendors that utilize BIND. Speaking of appliance vendors, the article mentions that DNSSEC could eventually be enabled by possibly clicking a single button in an interface but that will be dependent on the interfaces put on top of BIND. I guess if BIND 10 has its own interface then that could work well but appliance vendors put their own GUI on top of their implementations of BIND and it may not always be as simple as a single button click.

Feature parity

[TopSpin]

Please try not to leave behind useful features. Yes, misfeatures should be abandoned. Sometimes mere obsolescence can move a feature into the misfeature column. However, merely uncommon or obscure != "mis". It requires a pragmatic grownup to detect the difference.

The feature set begins with BIND 9. Too many major revisions of fundamental systems fail to achieve feature parity and long after the "new" is production solid the user base remains stratified into the (neglected) old and the (indifferent) new.

You must know that after the (entirely reasonable) half decade is spent to produce 10 it will take years to migrate the majority of the user base. The justifiably conservative nature of the BIND user base is such that dropped functionality will retard adoption dramatically. Better to provide parity with BIND 9's feature set and remove one excuse to sit on 9 till 2020.

Put it on the list of goals, near the top; "Feature Parity with BIND 9". Make it clear that the user base can take this for granted; if BIND 9 can do it, BIND 10 can do it.

I think you'll find if not a lot more support, at least less resistance. I know you will cut the migration period dramatically.

Re:Feature parity

[fractoid]

Do you REALLY want to assign your rocket car's IP address by hand? O.o

How about making it simpler?

[Bondolo]

For a program who's core functionality is name -> number why is the configuration guide heavier than my tombstone? If the future of every Internet standard is to become as complicated as DNS after 35 years then I sincerely believe that the Internet is doomed. 114 RFCs (not counting 20 or so additional obsolete RFCs), WTF? DNS RFCs

By the way, SMTP and IMAP folks, you're way ahead of the game. Your stuff is already reached the point of sublime unusability past which no fully compliant implementation is possible. Well done!

Re:How about making it simpler?

[Just+Some+Guy]

For a program who's core functionality is name -> number why is the configuration guide heavier than my tombstone?

Mainly because it's required to do so very much. Yes, my named.conf is very complicated. I don't know how much simpler you could make split-zone DNS for about 30 zones, including masters, slaves, and some dynamic updates. Oh, and TSIG to authenticate request between each pair of servers. And reverse zones. And IPv6. And recursion (but only for one of the views). I mean, it's sort of like Apache's httpd.conf. Sure, it gets twisty, but what could you leave out and still be able to configure the same functionality?

Re:Excellent..

[characterZer0]

Here's the entire code for Bind 10:

wget http://cr.yp.to/djbdns/djbdns-1.05.tar.gz

Re:Modular design?

[e9th]

You know, it's a shame that djb couldn't play well with others. qmail & djbdns show that he really understood SMTP & DNS. Unfortunately, his dogmatism, odd coding style & disdain for comments, and his weird license (until he PDed them) kept both those products from evolving as they deserved.

Re:Excellent..

[GGardner]

You jest, but this one line program is incredibly buggy!

Re:Paul Vixie?

[rs79]

Paul's doing fine, he and Brian Reid are working together at ISC these days. Brian, if you recall, is the guy who originally funded Paul to take the Berkely B-tree stuff and turn it in to usable software (*) while they were at Digital. They also do some load testing stiff on dns servers for the nsf. You can poke around and find their papers if you look.

(*) for some definition of "usable". I use djb which annoys them both no end.

Re:Modular design?

[e9th]

I resolved slashdot.org through the magic of dnscache. qmail dropped the news of your reply into my inbox. But do you remember the qmail/VMailer (now postfix) wars? Wietse Venema was there on USENET responding helpfully to potential users' questions & suggestions. Dan was there with a withering reply, if he responded at all. But I saw that qmail was Good (and also ready before postfix, and Sendmail 5 was killing me), so I chose it. Bind was the bane of my existence. Bugs, holes, bloat.

I'm saying that if Bernstein had worked a little closer with his user community, many more people would be happily using qmail & djbdns, and there might even be official distros that supported things like TLS & DNSSEC.

Re:Modular design?

[stinerman]

Weird license?

IIRC, his code was unlicensed. DJB believed that you didn't need a license to run a binary, compile source, etc.; this is debatable. However, you do need a license to distribute someone's copyrighted works; this is very obvious. Of course, as you say he disclaimed the copyright, so the point is now moot.

Re:Modular design?

[e9th]

Before he placed it into the public domain, his qmail site had a wonderful "Information for Distributors" page. Maybe not technically a license, but when the copyright holder says

If you want to distribute modified versions of qmail (including ports, no matter how minor the changes are) you'll have to get my approval. This does not mean approval of your distribution method, your intentions, your e-mail address, your haircut, or any other irrelevant information. It means a detailed review of the exact package that you want to distribute.

it makes you think twice before including it in [your favorite distro here].

Too late

[mseeger]

Hi,

my personal opinion is, that BIND 9 already lived too long and BIND 10 started much too late. If you have to operate huge installations (>250.000 Zones), BIND 9 is close to unuseable.

Example: Starting BIND 9 with 350.000 Zones already consumes the complete service window (2 hours) we have for works concerning the hardware. You can't even shave off much time by having all zone files on a ram disk (about 10% less time). BIND 9.6 utilizes a single core for 2 hours just to parse and load the information. For comparison a different (comercial) product imports the (same) complete configuration in about 90s (from disk, BIND 9 format) and takes about 4s for start afterwards. I know there are workarounds for BIND, but they come with high operational costs.

BIND is (IMHO) mainly a reference implementation. It has to implement everything in one single product and suffers the usual penalties for it. I still use BIND 9 myself for several purposes since it has a some advantages too (mainly, that it is OSS).

Sincerely yours, Martin

P.S. If there is any interest, i can post some benchmarks and scripts which i used to run them....

DISCLAIMER: I'm working for a company that is selling DNS products. So i'm not to be considered a neutral party :-). But since i'm doing this for 15 years now, i consider myself at least an experienced biased party.....

Re:Modular design?

[metamatic]

What killed my use of djb's stuff wasn't any of those things; it was the dependency on his daemontools replacement for /etc/init.d. (Even today, the djbdns FAQ tries to steer people away from using djbdns without daemontools, and only supplies a half-assed script to install manually.)

Re:Excellent..

[Minwee]

I tried to install it, but it responded to every query with "Bind 4 is buggy. Use my code instead!", "Zone transfers should be done with rsync!" or "Worship me, mortal!".

I tried to read the man page to see how to fix that, but was greeted with nothing more than a lengthy rant about how the man system was outdated and needed to be replaced with something painfully convoluted which violated at least sixteen different Internet standards, five state laws and no less than two commandments.

I went to the author's web site for more information but found only a condescending diatribe about how web browsers were bloated and shouldn't be used for anything important. Eventually my interest in testing that new product faded away only to be replaced by the slightly sickened feeling that comes from sitting up all night watching informercials so I just gave up.

I do hope that future releases can address these rather obvious and simple problems as I suspect that there is some useful code buried in there somewhere.