- By ewinstead on March 7, 2013
If you’re like the majority of our training participants, your career
in DNS* started in a similar fashion. Your knowledge of the protocol,
the resilience of your DNS infrastructure, whether or not you like to
use valid shortcuts in config files and so on are often very dependent
upon which team you found yourself in when you first landed in the DNS
world. For the more fortunate among us, the team was “RFC aware”, had
a book or two on DNS and existing, working configurations from which
to learn. At the other end of the spectrum, some of us have landed
where the mention of DNS just elicited a finger pointing to an old
dusty machine under an unoccupied desk.
Amazingly, no matter the landing point, folks usually don’t find their
way to a training until they have a few years of DNS experience. This
speaks volumes about the protocol design and implementations. It also
says a lot about the adaptability and tenacity of DNS admins. The
critical nature of our “DNS inheritance” becomes very clear, possibly
more quickly than we’d like. One does what needs to be done to
resolve and prevent issues in a timely manner. Unfortunately, these
qualities often produce a “why invest training dollars when you do
such a fine job with DNS” hurdle for admins when trying to justify
taking a formal course. (Please forward this blog for possible help
Whatever the length and depth of your DNS experience, an ISC training
course is an excellent opportunity to expand your understanding. We
discuss the original protocol design goals and how implementation has
played out in the real world. Our intensive hands-on labs offer you a
fresh environment where you build, configure, implement and
troubleshoot. From experienced DNS admins we often hear comments such
as “so that is how that works”, “wish I had known that trick years
ago” and “this really filled in the gaps for me.” For those newer to
DNS, you will leave with solid footing and plenty of tips and practice
to make sure your DNS behaves as it should.
We offer public trainings around the world with our training partner,
Men & Mice. For our most recent schedule of public trainings, please
We also offer private, on-site trainings. Please inquire with
firstname.lastname@example.org if interested.
But wait, there’s more! ISC training participants receive a
complimentary attempt at one of our Certification Exams. For more
information on our certification program, please visit:
* Please re-read this blog substituting “DHCP” everywhere you see
“DNS”. We promise it works, it’s true and it’ll be fun!
If you are an executive or manager whose business model relies on
DNS, perhaps you’ve said similar words. Often, “DNS Just Works” and
you are fortunate enough to maybe not even know who or what team
handles this critical aspect of your business. If so, we invite you
to consider how much you have invested in infrastructure not
specifically related to DNS. Now, think about your return on that
investment should DNS no longer function or become even occasionally
unreliable. Does your recurring investment in DNS match its
importance to your business? If not, ISC training is a good place to
begin bridging that gap.
- By Shane Kerr on February 27, 2013
This blog post comes in response to a question that arrived via Twitter:
@nodakai: WHY BIND10 had to be written in C++?? I think supporters of managed languages have much to learn from this unfortunate incident
When I started working on the BIND 10 project the only decision made was which languages to use, after the expected bikeshed discussion. The important thing at that point was to get on with the project, not re-start a possibly endless discussion about which programming language(s) to use.
Having said that, I was very happy with the languages that were chosen. In fact, I would have picked the same languages if the decision was up to me to begin with.
BIND 9 was written in C. At the time it was designed and written – at the end of the 20th century – that was really the only logical choice. C is relatively simple to read and write, is supported everywhere, and can be used to produce very fast code. It is also completely lacking in any language features to support software engineering, and is totally unsafe.
So when ISC started seriously thinking about BIND 10 – around 2006 or so – the question of what language to use for the new project came up.
The first question is of course, “Why not C?” Some answers are:
- String manipulation in C is a tedious chore
- C lacks good memory management
- Error handling is optional and cumbersome
- Encapsulation and other object-oriented features must be emulated
Everyone agreed that we could do better. The question was “how, exactly?”
There were of course some requirements for choosing a new language:
- The language had to be relatively mainstream.
The Wikipedia page on programming languages has more than 600 languages, and is not complete. However, BIND 10 has a goal of being something that is relatively straightforward to hack on, and while using something like Eiffel or Prolog would attract some developers because of the novelty, it would be a hurdle for most programmers.As a second goal, ISC wanted to make sure that it could find experienced developers in whatever language it picked.
- The language had to address most of the problems with C.
Ideally this meant something with good string handling, garbage collection, exceptions, and that was object oriented.
- The language had to be very fast for CPU-intensive operations.
A modern DNS server is largely CPU-bound, both for authoritative and recursive resolver cases. DNS servers use specialized data structures and algorithms, so we cannot rely on lower-level libraries written in C or C++ to boost our speed.This requirement basically eliminates any interpreted language from the running.
The approach that we ended up choosing in the end is to use a mix of two languages:
Whenever possible, we use Python. Python is a very popular language, usually the most popular of the scripting languages on most surveys (possibly excepting PHP). It has all of the features that we were looking for… except performance.
When necessary, we use C++.
C++ is also a very popular language, and also has all of the features we are looking for. However, C++ is by no means an easy language to work with, so the idea is that we will avoid its complexity when possible.
If you learned C++ a while ago, but haven’t worked with a modern C++ environment, you probably have the wrong idea about programming with it. We use the Boost library, which gives you things like shared pointers providing a sort of reference-counting on your dynamically-allocated objects. In fact, adoption of resource acquisition is initialization (RAII) can resolve a huge number of problems with both locking and leaks.
As of right now, it ends up that about 75% of our code is C++ and 17% is Python (link) since it turns out that a lot of BIND 10 is performance-critical.
Other projects will have different factors to consider when choosing a language, so even though C++ and Python are good choices for BIND 10, they won’t be for every project.
But in general think the motivations and decisions regarding the language choice for BIND 10 made sense when we started, and I think that they still make sense.
One thing we might have done differently is to choose to write our code in a way that works with both Python 2 and Python 3, instead of requiring Python 3. Over time this will be less of an issue since the future of Python is Python 3, but it has caused a lot of hand-wringing as people get very upset about having to install a new interpreter to get their software working. I hope that in 2 or 3 years we can laugh about those concerns, and Python 2 is a fading memory.
- By Kannan Ayyar on January 31, 2013
Lance Armstrong. Bernie Madoff. Barry Bonds. Raj Rajaratnam. Ray Nagin. Whether it is sports, business, or politics, it seems in every walk of life, people are playing fast and loose with the law, with ethics, and with morality. Even in the software business we have some shady practices and business models.
Pump and Dump
Many well known VC’s and early stage investors who have active blog followings use their clout to oversell their particular investments. Some call it a “pump and dump”; well-connected venture capitalists spot a burgeoning tech company, hype its imminent meteoric rise, then cash out during the IPO – all without any real idea of how well the company will perform.
The year before Groupon filed for an IPO, early investor Theodore Leonsis was talking excitedly about his new investment: “Is there a hotter company anywhere these days?” Leonsis didn’t even wait until the IPO to cash out. Zynga is another investment story that gives our industry a bad name. Fred Wilson of Union Square Ventures was positively glowing: “Zynga has build the largest social game network in the short period of six months.” He and his company made a ten-fold return on their initial $5 million investment when they cashed out in April.
If a company is overvalued at its IPO it creates a cascade of distrust and anger toward the Internet and software industries. It never ceases to amaze me how biased people can be once they have an economic interest in the company; some investors will even use their clout to have us believe that an 18 month old company with ten employees and no revenue is worth 1 billion dollars. Yet these individuals were investors in Instagram and it was perfectly logical to them – all of them.
Proprietary Software and the License Model
Open Source Software and the Subscription Model
There are business models that are good for a particular vendor to maximize revenue and profits and there are business models that are good for the long term health of the industry and for the customers.
The software industry was built on building proprietary software – Microsoft pioneered it and companies like Oracle and SAP continue it. We are now finding out that an open source development model is much better for customers – who have access to the source code should something happen to the vendor of the software – and to the industry at large as it heightens innovation. I am confident in claiming that proprietary solutions are not any more effective than open source. In ISC’s space – nameserver software – there are companies who sell proprietary solutions (Nominum) and companies like ISC who make our software open source. Our product BIND (9 and 10) grants customers the ability to take advantage of all of our continued development work – code that we write out of a desire to improve our software, not just improve our revenue stream.
The other half of the old model revolves around licensing software for large amounts of money upfront. Maintenance and support are charged separately and the costs increase as the number of servers and users expand. The subscription model does away with any initial sticker shock, leaving just world-class support plus all the benefits of working with open source software.
Whether it is the “Pump and Dump” method or proprietary software with an enterprise license model, the methods I outlined above have a very appealing aspect: they work. Insofar as your goal is to make as much money as possible, they are likely the most efficient.
In both cases, however, these businesses are violating their customers’ trust, which in my view is the key currency for businesses. Building trust between a business and its customers is the difference between long-term company sustainability and trading at 25% of your initial offering price.
I believe the future of software is with open source development coupled with a subscription based payment system. Those vendors who do not understand this and the benefits for the customer base and for the industry may win in the short run but may not be sustainable in the long run.
Personally, I’m invested in this business model because its good for our customers and good for the industry. At ISC we give users flexible, customizable critical Internet infrastructure without massive upfront costs or proprietary lock-ins. We believe in supporting our community by giving back and creating a total cost of ownership that is in some cases 25 % of our proprietary competitors. Growth here might not net you 300 times your initial investment, but it will help both of us rest a little easier tonight.
- By Kannan Ayyar on January 22, 2013
Working at the Internet Systems Consortium, I feel I have a somewhat privileged look into the open source business model, which I’d like to address. We face the unique challenge of developing and maintaining BIND, the most-installed nameserver software on the planet, which some estimates place on 80% of all DNS servers. We’re proud of our open source heritage–one that began with the first iteration of BIND in 1986. I believe a large part of our success is due to BIND’s flexibility and resilience–it’s software that just works on both large and small scale. The other part is, of course, its price; free is a difficult cost to argue against. According to Dan Ariely, in his paper “Zero as a Special Price”:
“Decisions about free (zero price) products differ, in that people do not simply subtract costs from benefits and perceive the benefits associated with free products as higher.”
Now, don’t get me wrong: I’m a firm believer in the software we produce. However, there are number of costs associated with using open source code that aren’t necessarily visible at a glance. Maintaining BIND in-house or creating a fork requires engineers who understand it, who are familiar with the security community, and are able to install, make, and assemble a compatible patch for each platform used–it’s not exactly a simple download. But there’s another issue more significant than the resources and time required. BIND’s main advantage–a myriad of eyes to improve quality–also contributes directly to its major drawback. People who download open source code don’t have access to the same support as those who use purchased software.
I’ve watched as BIND has been adopted and customized to address all manner of DNS requirements, and I’ve come to realize that some customers need more from ISC. Some need that extra level of support for their systems–some need it 24/7. Some want to know they are following best practices and relish the idea of using our engineers as a sounding board. Many simply need a higher level of performance and stability than they could achieve on their own. The most compelling reason I can think of is achieving peace of mind: knowing that your infrastructure is receiving security patches as soon as they are available and is therefore safest from harm.
ISC has recognized this need from our most demanding customers; we’re adopting a subscription model based on the depth of service most appropriate for each customer. ISC now offers extended support and packaged consultancy for best practice implementation to enterprise-level customers. We’re taking the first steps towards making things convenient, not just functional.
I’ve got good reasons to believe ISC’s support team is some of the best in the business. Our veterans are systems engineers, computer programmers, and network analysts, all of whom have at least five years of experience. If they don’t know something, they can just ask the people who wrote it–if they’re not next door, they’re just an email away.
The important takeaway is that there’s a difference between price and cost. The price of open source is always zero–and that offers a great many benefits to the internet community. There are also costs associated that stem from how much a company might be willing to risk. When you are running mission-critical infrastructure without support, they can be simply astronomical. Sometimes, free is just too expensive.
- By Adib Behjat on January 17, 2013
We all love our social media and cloud-based software. The Internet arena is filled with brilliant services and products that makes our experience online both richer and more convenient. However, this is a potential problem for the DNS industry.
One of the privileges of being close to the Silicon Valley is the exposure and inspiration one can derive from all these products and services. With bountiful support from angel investors and venture capitalists, easily accessible online classes offering the latest information in web software, and positive feedback from society and businesses, today’s best computer science graduates are gravitating towards Internet software and online games.
For most of these graduates DNS technology is, frankly, boring. It’s just not as cool as everything else they’re exposed to–how can routing information compete with Twitter or Facebook?
Other factors that don’t help: a lack of comprehensible literature on DNS, a lack of internship opportunities in the field of computer networking, and a lack of courses available at schools and universities on subjects relevant to DNS software.
Fortunately, there have been few groups and institutions that have come forward to tackle this matter:
Social entrepreneurs in Silicon Valley introduced free online computer networking classes in websites such as Coursera. Another example is Stanford University’s Class2Go, which offers Computer Networking class to the public, online, for free.
This initiative will help in narrowing this gap of interest and knowledge in the education of Computer Science courses, and can potentially motivate computer science majors around the world to expand their opportunities and tap into subjects and technology that will benefit both themselves and their community.
Another notable initiative includes TechWomen, a program by the U.S. Department of State that connects emerging women leaders in technology sectors with leading companies in the United States. My colleague, Larissa Shapiro, is an active mentor of TechWomen and is currently in D.C. sharing her experiences of our recent mentee who joined us during the summer from Tunisia.
I’m hopeful that this matter will be tackled soon, and as more institutions, organizations and enthusiasts foster an environment of learning, encouragement and support, we will see the fruits of our contributions in the form of innovation and development in the field of DNS Technology; leading the world forward through the connectivity and social benefit of Internet technology.