Today, ISC is publishing a new beta release of BIND 9.9.0. As several new features have been added since the feature preview I posted on the occasion of the first alpha release, it would seem to be a good time for an update.
One of the common complaints we've received over the years about BIND 9 is that large authoritative servers, particularly those with a very large number of small zones, are slow to launch. I've met some DNS operators who expressed a powerful aversion to upgrading their systems, because a shutdown and restart can literally take all day.
If that describes you, I have some good news. There is a simple optimization for BIND 9 that can dramatically improve your startup performance.
2010 is shaping up to be a banner year in at least two areas: major steps toward the deployment of DNSSEC, and discoveries of operational snags affecting the deployment of DNSSEC.
An example of the former took place on March 25, when it was announced that the ARPA TLD had been signed. ARPA contains the sub-zones in-addr.arpa and ip6.arpa, which are used for reverse DNS: converting IP addresses to DNS names. It is an essential piece of the DNS infrastructure, and the signing of ARPA makes it possible for reverse lookups to be cryptographically authenticated via DNSSEC.
Unfortunately, an example of the latter took place a short time later.