Paul Vixie to Leave BIND

strabo writes "Paul Vixie made it known at LISA '99 in Seattle on Wednesday that he'll be stepping down as the maintainer and head architect of BIND, which he has been doing for the past 10 years. Many thanks to Paul for his hard work and dedication! "

Re:why slam AlterNIC?

[Frater+219]

Vixie is of the well-considered opinion that the DNS tree can only have one root. DNS is designed around the idea that each zone, including the top-level zone, can only have a single authority record. This means that delegation can emanate only from one place, namely the top-level SOA (Start Of Authority) record.

Whoever controls the top-level SOA controls the delegation for the top-level domains (com, edu, de, jp, etc.) and hence the rest of the system. This was true when InterNIC was run not-for-profit, and remains true now that InterNIC is run for profit: it is not an artifact of the management of the DNS directory, but rather of its design.

It would be possible to create a new name-service system which permitted multiple roots, search engines or Hotline-style "trackers", a directed-graph model instead of a tree model, &c. However, this would not be DNS, and these features should not be slapped onto the side of DNS. They would require a new architecture.

If you want it, please feel free to design it. Distribute your resolver libraries far and wide. However, don't commit the errors of AlterNIC, such as committing computer crimes (forgery of DNS entries) in order to popularize your system.

ok, I've got a silly question

[vyesue]

wasn't BIND brought from 4.9.something to 8 so that it would be consistent with Sendmail? how are we at BIND9 without being at sendmail9?

(hates gratuitous version increment gaps)

Re:ok, I've got a silly question

[vyesue]

_remember_ sccs? I had the displeasure of using it quite intensively for a while when I worked at Sun. guh.

anyway, 8's as good a number as anything else, I was just curious. :D

Re:Other Vixie projects?

[vixie]

no, i'm not dropping any projects. bind is still an ISC project, but bind9 is the up and coming thing and i'm choosing the bind8/bind9 transition as my moment to step back from the technical lime light. i am still chairman of ISC, and ISC is still very much doing bind.

Re:Thanks Paul...

[vixie]

re: "you the man" i was the man, but DNS is now much larger than any man (no matter how much coffee he drinks) can implement. that's why ISC exists. BIND9 is the future, and it's very bright.

Re:BIND, Vixie, et al

[vixie]

> where's this BIND 9 that keeps getting talked about? the companies who funded it wanted early access. since the budget was $1.5M we gave on this point. when it's ready for public testing it will be up on some ftp server with a regular BSD/ISC license. > Second, who's going to take over BIND now? nobody. ISC took it over in 1994. i'm chairman of ISC but as bind8 is approaching end-of-life in favour of bind9, my involvement as an architect is sort of ending. i'm just a manager now. > Third, what's the -real- reason for the resignation? 10 years is a long time. DNS is very big now. i'm going to stay involved with ISC but not be "the" or even "a" BIND technologist in the future. once we (ISC) get bind9 out the door i may decide to contribute code fragments to it, but as an individual contributor rather than as any sort of author, coauthor, or architect.

Other Vixie projects?

[AtariDatacenter]

What other projects is Vixie running, and will he be stepping down on any others?

Re:Other Vixie projects?

[seebs]

The RBL, of course! Although, to be fair, he's mostly handed that off already; it's run by the employees these days.

Nice service. http://www.mail-abuse.org/rbl/

...

[Signal+11]

My only question is why? Will he be stepping down from other projects (the MAPS RBL?) as well? More details! More details!

--

Give This Man a Medal

[mochaone]

Ten years of working on what is arguably the most successful Open Source project ever deserves something. Someone nominate this guy for the FSF 1999 award.

Re:Give This Man a Medal

[vectro]

Too late, he already won the Free Software award in a previous year.

Incidentally, he is also on the judging panel for the 1999 award.

BIND, Vixie, et al

[jd]

First off, where's this BIND 9 that keeps getting talked about? The most recent version I can see a link to is BIND 8. (Grrr! I -hate- closed-door development. It's not much better than closed-source.)

Second, who's going to take over BIND now? For all it's problems and limitations, BIND is an excellent piece of code, and I'd hate to see it vanish.

Third, what's the -real- reason for the resignation? Open Source is less about egos, precicely because it's open, so I've my doubts about this "it's time". It sounds too much like a line from those cheesy B-Movie sci-fi movies, only without the benefit of cheese.

Last, but not least, for all my cynisism, doubt and concerns, I reckon Paul Vixie has done an excellent job with BIND, keeping it's title as one of the most widely-used nameservers on the Internet, despite fierce competition from commercial alternatives.

mail from vixie, alternative to BIND

[Ken+Williams]

--------------------------------------------------

Date: Sat, 13 Nov 1999 21:11:54 -0800
From: Paul A Vixie
Subject: Re: BIND bugs of the month (fwd)

please forward since i'm not on bugtraq

> Date: Sat, 13 Nov 1999 01:14:24 -0000
> From: D. J. Bernstein
> To: BUGTRAQ@SECURITYFOCUS.COM
> Subject: Re: BIND bugs of the month
>
> ...
> But all this cryptographic work accomplishes _nothing_ if the servers
> are subject to buffer overflows! An attacker doesn't have to bother
> guessing or sniffing query times and IDs, and forging DNS responses,
> if he can simply take over the DNS server.

yes. see the proceedings of the fifth usenix security symposium for
further evidence of this, and evidence that i agreed with this view even
several years ago, well before the current events.

> This NXT buffer overflow isn't part of some old code that Paul Vixie
> inherited from careless graduate students. It's new code. It's part of
> BIND's DNSSEC implementation. I don't find the irony amusing. Obviously
> ISC's auditing is inadequate.

at times, yes it is.

> Does anyone seriously believe that the current BIND code is secure? If
> it isn't, adding DNSSEC to it doesn't help anybody. Is ISC going to
> rewrite the client and server in a way that gives us confidence in
> their security?

yes, this has been done over the past 18 months. the result is BIND 9.
and yes, it's all new code, and yes, it's been audited, and yes, it's
designed to be audited, and yes, things like the NXT bug are the reason.

> David R. Conrad writes:
> > In addition, we recommend running your nameserver as non-root and
> > chrooted (I know setting this up is non-trivial -- it'll be much, much
> > easier in BINDv9).
>
> ``I wouldn't consider installing named any other way,'' I told Vixie in
> September 1996. He didn't respond. Of course, DNSSEC is equally useless
> either way; the only question is whether an attacker can also take over
> the rest of the machine.

when i saw the linux chroot("../../../../../../../..") hole i about fell
out of my chair. truly no place is safe any more.

------------------------------------------------ --

Alternative to BIND: http://www.dents.org/

------------------------------------------------ --

all info courtesy of BUGTRAQ@securityfocus.com
--

The MAPS RBL, for one....

[strabo]

The MAPS (Mail Abuse Prevention System) Realtime Blackhole List is one of his projects. As far as I know, he's still going to be working on that...

As for other stuff, check out Vixie Enterprises. He does work with IETF, I think he runs an ISP, and he's got a bunch of other projects, though I'm not sure what they all are off the top of my head...

- strabo

why slam AlterNIC?

[klund]

From the article:: Vixie described this last feature as "the split-horizon DNS people have wanted for a long time," noting dryly (and to considerable applause) that as for "people like AlterNIC who want us to believe it's possible to have more than one set of root name servers, this will not facilitate their political agenda at all."

What is this feature, and why does Vixie hate AlterNIC? Is the (erstwhile) maintainer of BIND in bed with the money-grubbing, freedom-denying, satan-worshipping domain-name-controlling oligarchy?

Blech.

An alternate nameservice

[Frater+219]

(Following up on my own post to elaborate on an idea...)

As I understand it, the Hotline system depends largely on "trackers", which are systems which serve lists of Hotline servers. A server owner registers his/her server with one or more trackers; trackers are more widely-advertised (in the non-commercial sense of the word) than servers are; hence, users who discover a tracker discover all servers listed on it. Trackers, unlike the DNS root, are not global, and some of them may be quite difficult to locate; indeed, there are now meta-trackers (tracker-trackers) and (I'm told) even meta^2-trackers. Trackers serve to publicize servers, but they are not global nor are they as reliable as nameservice. Furthermore, they do not serve the authentication function which DNS does (through the IN-ADDR system, aka Reverse DNS).

A similar system could be constructed for names. Each client system (resolver) would need to know about some set of nameservers and meta-nameservers, through which it could search to find a machine or domain with a particular name. When an application gives the resolver a name to resolve, the name is passed to any or all of the nameservers, which return addresses -- just as DNS nameservers do.

The difference is that the resolver would have to query multiple nameservers, because of the lack of central organization to the system. Some servers would know about a particular name; others would not. Some servers might know that certain other servers knew an address for a name -- just as DNS has the forwarding system and routers have their route-advertisement protocols. However, since no one server could be guaranteed to find a name, the resolver would be best off querying every server it knows about.

Furthermore, because of the lack of a central authority, servers could disagree on the proper address for a given name. A resolver could look up "Slashdot" on a set of nameservers and get back two different answers -- or ten different answers. At that point, a decision of trust must be made: which servers do you trust to have the "real" Slashdot's address? All the problems of a PGP-style web of trust enter into the system here: a nameserver is acting as an introducer, just as a signer of a PGP key does.

Such a system would be by nature nondeterministic. It would be prone to all manner of reliability problems. However, it would be largely free of policy problems: since there would be no central authority, there could be no centralized injustice, such as some accuse NSI of exhibiting.

The decision between DNS and such a system is the decision between a centralized regime and a radically distributed regime: a cathedral and a bazaar -- or, more to the point, a hierarchy ("hieroi-archoi" -- holy leaders) and an anarchy ("an-archoi" -- no leaders). I make no claim as to which would be better for users, for the market, or for the Net as a system.

CONGRATS

[mangino]

I just wanted to say thanks (since you seem to be actively reading and responding here) I've enjoyed using MAPS, BIND and crond for quite some time. I'm appreciate the time you've taken to make the internet what it is today, both from working on BIND to chairing the ISC. You've provided a great service to the internet community. Mike
--
Mike Mangino Consultant, Analysts International

Re:Who will take over BIND?

[rde]

I'm not doing anything this weekend; I'm sure I could fit it in.