each's blog

BIND 9.9.0b2 -- a feature update

22 Nov 2011
by Evan Hunt

Today, ISC is publishing a new beta release of BIND 9.9.0.  As several new features have been added since the feature preview I posted on the occasion of the first alpha release, it would seem to be a good time for an update.

ISC BIND 9.9.0a1 -- feature preview

01 Sep 2011
by Evan Hunt

Yesterday afternoon, ISC published the first alpha release of BIND 9.9.0. This is an early technology preview, showing off some of the work we've been doing in BIND 9.

There will be more new features added in later alpha releases, but here's what's ready to debut now...

ISC BIND 9.8.1b3 provides startup-performance improvements

13 Jul 2011
by Evan Hunt


ISC BIND 9.8.1b3 is now available. This release includes startup-performance improvements described in A Major Improvement in BIND 9 Startup Performance (see http://www.isc.org/files/imce/startup-performance.pdf).

BIND 9.8.1b3 is the third beta release of BIND 9.8.
 

A Major Improvement in BIND 9 Startup Performance

12 Jul 2011
by Evan Hunt

One of the common complaints we've received over the years about BIND 9 is that large authoritative servers, particularly those with a very large number of small zones, are slow to launch. I've met some DNS operators who expressed a powerful aversion to upgrading their systems, because a shutdown and restart can literally take all day.

If that describes you, I have some good news. There is a simple optimization for BIND 9 that can dramatically improve your startup performance.

DNSSEC Transitions and the Signing of ARPA

15 Apr 2010
by Evan Hunt

2010 is shaping up to be a banner year in at least two areas: major steps toward the deployment of DNSSEC, and discoveries of operational snags affecting the deployment of DNSSEC.

An example of the former took place on March 25, when it was announced that the ARPA TLD had been signed. ARPA contains the sub-zones in-addr.arpa and ip6.arpa, which are used for reverse DNS: converting IP addresses to DNS names. It is an essential piece of the DNS infrastructure, and the signing of ARPA makes it possible for reverse lookups to be cryptographically authenticated via DNSSEC.

Unfortunately, an example of the latter took place a short time later.