Slashdot Mirror

← Back to Stories (view on slashdot.org)

Internet Systems Consortium Seeks Wider Input For BIND 10

Posted by timothy on from the one-bind-to-ring-them-all dept.

joabj writes "The ISC is seeking some open source magic for the next version of the widely used BIND. Although the BIND is already open source, most of the work thus far done on the DNS server software has come from contractors, the government and Unix vendors. 'The goal is to move away from having BIND a heavily sponsored corporate product,' said BIND 10 manager Shane Kerr. Kerr is hoping that more eyes will equal fewer bugs, and that more users will go ahead and implement the features they've been requesting themselves. BIND 10, due by the end of the year, features a new modular architecture, one designed to circumvent many of the security woes that have bedeviled BIND 9."

3 of 60 comments (clear)

  1. Re:History repeats itself by MaraDNS · · Score: 5, Informative

    From a security perspective, BIND 9 is infinitely better than BIND 8 wasâ"and anyone else who remembers BIND 8's constant remote root exploits knows what I'm talking about.

    The security holes in BIND 9 are along the lines of denial-of-service attacks. Worrying about someone being able to stop the DNS is much less to worry about than worrying about someone being able to control machines remotely.

    --
    MaraDNS is an open-source DNS server.
  2. Re:Non heirarchical naming by Colin+Smith · · Score: 3, Informative

    Mostly because in security terms it's a fucking nightmare. Has to solve some very difficult maths.
     

    --
    Deleted
  3. BIND alternatives by MaraDNS · · Score: 5, Informative

    Since this is about BIND, let me start the inevitable thread about the BIND alternatives.

    BIND is the swiss army knife of DNS servers. It has a lot of features and can do pretty much everything. It's also a big binary and sometimes difficult to configure. CVE

    Unbound and NSD are a suite of DNS servers from the same people. One (NSD) puts your web page on the Internet; the other (Unbound) looks for web pages on the Internet. NSD CVE Unbound CVE

    PowerDNS (which like Unbound/NSD, is two separate programs) has a lot of flexibility with connecting to databases or what not to resolve a DNS name. Used by Wikimedia, among others. CVE

    MaraDNS. I think it's the best one, but my opinion is a little biased. It was once a single program, now two separate programs (like Unbound/BSD and PowerDNS) Easy-to-configure; tiny binary suitable for embedded systems. CVE

    DjbDNS. Great tiny two-program DNS suite. Hasn't been updated since 2001 and yes, it has security problems (I'm already taking bets that a follow-up to this post will pretend DjbDNS is magically perfectly secure). Zinq is a currently maintained unofficial fork.

    There are many many other DNS servers, both open source and non-open source. Rick Moen has a great list of the open-source ones

    --
    MaraDNS is an open-source DNS server.