ISC has always been supportive of Internet infrastructure development in Africa. In addition to being the first root-server operator to offer anycast instances in Africa, we have long provided Secondary Name Services (SNS) to a number of African ccTLDs as part of our public benefit mission. We have also sent our staff to AfNOG meetings to help in training on our FOSS (BIND and DHCP).
At ISC we have recently received several inquiries from customers who are using the binary packages of BIND that we distribute for Microsoft Windows. They have expressed concerns about security vulnerabilities present in older versions of OpenSSL. BIND uses OpenSSL for securing communications between dynamic nameservers and clients and between master servers and slave servers. To support this functionality, ISC uses functionality from the OpenSSL libraries and ships libraries from the OpenSSL package with binary distributions of BIND.
BIND 9.9 is a new release of the gold standard for DNS servers on the Internet. It builds on a tried and trusted platform that has been evolving and maturing over more than 10 years and has kept adding new powerful and useful features with each new release.
In BIND 9.9 we have introduce several new features that can make a difference to how you operate your DNS service, no matter what size of an installation you have. Here is a brief rundown of why you should care about this new version:
I was so honored to participate in the TechWomen mentoring program in the summer of 2011. Meeting and working with my mentee, Sanae Baatti from Morocco, was a life changing experience. I wrote some about the TechWomen experience last summer. I was deeply honored as well, to travel to Morocco last fall with a state department sponsored TechWomen mentor and mentee delegation.
Currently the DHCPv6 protocol does not allow the provisioning of any routing-related information to hosts. A new proposal is addressing this shortcoming. The draft draft-ietf-mif-dhcpv6-route-option defines a mechanism for delivering routing information over the DHCPv6 protocol. This article explains core concepts and explains how to use the ISC DHCP software to deliver such information.
Today, ISC is publishing a new beta release of BIND 9.9.0. As several new features have been added since the feature preview I posted on the occasion of the first alpha release, it would seem to be a good time for an update.
It has been about six months since I got together with four of my friends from the DNS world and we co-authored a white paper which explains the technical problems with mandated DNS filtering. The legislation we were responding to was S. 968, also called the PROTECT-IP act, which was introduced this year in the U. S. Senate. By all accounts we can expect a similar U. S. House of Representatives bill soon, so we've written a letter to both the House and Senate, renewing and updating our concerns.
In the October 2011 issue of the Usenix Associations ";login:" newsletter, I published an article entitled "Other Uses for Secure DNS", with special attention to the IETF DANE working group and the proposed protocol for replacing the X.509 certificate authority system with a secure and scalable system based on Secure DNS.
As I wrote in June (link to my last techwomen blog), I've been deeply honored this year to participate in the inaugural round of the TechWomen initiative, a program of the US State Department, as a technical mentor.