March 2010 Archives

BIND 10: The First Year

19 Mar 2010
By Shane Kerr

We have nearly reached the end of the first year of the BIND 10 project. To celebrate this, we are releasing the first version of BIND 10.

An analysis on the DNSKEY query storm problem

02 Mar 2010
by Jinmei Tatuya

Summary:

We have developed a patch to BIND 9 DNSSEC validator to address a recently reported problem that the validator can cause a massive number of DNSSEC related queries at a high rate when it's configured with a stale trust anchor.  This patch suppresses such queries by caching the trust anchor mismatch and temporarily caching other DNSSEC related responses toward the secure entry point, and should reduce the number of unnecessary queries by 1-2 orders of magnitude.  However, the validator periodically (and unsuccessfully) tries to check the validity of the trust anch

BIND 10 and Unit Testing

10 Mar 2010
Jeremy C. Reed

The past few months, the BIND 10 developers have been using a test-driven development model. As classes and functions are coded, corresponding unit tests are also coded to help verify the routines do what is expected -- with good or bad input providing correct results. Sometimes the unit tests are written before the new code or the tests are written soon after.

Perspectives on a DNS-CERT

12 Mar 2010
By Paul Vixie

This week at the ICANN meeting in Nairobi, a plan was announced by ICANN staff to create a "CERT" for DNS. That's a Community Emergency Response Team (CERT) for the global Domain Name System (DNS). There are all kinds of CERTs in the world today, both inside and outside the Internet industry. There isn't one for DNS, and that's basically my fault, and so I have been following the developments in Nairobi this week very closely.