Unraveling BIND 9.3

By Martin Brown (Send Email)
Posted Apr 13, 2005


From DNSSEC to IPv6 support, we look at the main improvements in the latest release and discuss how to make the best use of these new features. We also look back on where BIND has been and ahead on where it's going.

The Domain Name System (DNS) is a component of the Internet often taken for granted. Although knowledgeable users are aware that the Internet works off of IP addresses, the reality is that we all type in names rather than impossible-to-remember long numbers. The DNS is based on an open standard, and, thus, numerous choices are available for managing DNS information. The best known method by far is the open source Berkeley Internet Name Domain, more commonly referred to as BIND.

BIND 9.3, the most recent release, has been available since September 2004. It features a number of key enhancements in terms of both security and the way it is supported. This article covers the main improvements in the release and discusses how to make the best use of these features.

Brief History of BIND

BIND has been available for years, and it has had a somewhat rambling history. What has not changed is the main aim of the software: to provide a secure and effective environment for managing domain name information. The earliest versions were developed at the University of California, Berkeley as part of a student project under a grant from the Department of Defense.

Contents

Brief History of BIND
Core Changes in 9.3
Securing your DNS with DNSSEC
Support Options
Looking Ahead to 9.4

Later, the Computer Systems Research Group and a loan employee from Digital Equipment Corporation (DEC) adopted BIND and made it a DEC project. DEC then released it. Paul Vixie, who worked for DEC at the time, adopted the project, and, eventually, through his own company, Vixie Enterprises, sponsored continued work on the project for the key release of version 4.9.2, which is still available today.

The Internet Systems Consortium (ISC) supports the most recent versions of BIND. Paul Vixie and Bob Halley remain key contributors to the latest versions. Today, most people come across BIND because it's included with their operating system, whether commercial (e.g., Solaris, Mac OS X, and Windows) or freely available (e.g., Linux and BSD).

Core Changes in 9.3

The main improvements in Bind 9.3 relate to the security of the application. The security elements are built into the software and improve on the security that the DNSSEC standard provides for securing domain information, transfers, and exchanges, as well as ensuring the information for a domain cannot be usurped or abused. The next section of this article examines DNSSEC in great detail.

Another improvement in 9.3 is the introduction of IPv6 support and, with that, transitional support for servers running both IPv4 and IPv6 that must support DNS on both network types. This is designed to make it easier for such organizations to migrate to the IPv6 platform.

The migration is further aided by support for better configuration of BIND on servers with multiple IP addresses. It's possible to perform a migration on a machine configured with multiple interfaces running on different IP standards. Administering the information has been improved through more extensive IXFR records, making it easier to delegate zones within a domain to different administrators. This is a huge help in very large domains, like big corporations and ISPs.

Other minor improvements in 9.3 include additional server identification options, which makes it easier to key the servers and help exchange information. It is also possible to extract more information about the BIND servers to get better statistics (useful for debugging and performance monitoring).

>> Securing your DNS with DNSSEC

Page 1 of 3


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.