ISC Announces BIND 9.7 Release “DNSSEC for Humans”

23 Apr 2010

Redwood City, CA – April 23, 2010. Internet Systems Consortium (ISC) announces the much anticipated release of BIND 9.7, designed to make DNSSEC easier to implement and use.

DNSSEC extends standard DNS to prove data came from an official source and has not been modified. DNSSEC is not a secure tunnel; instead, it adds resource records and message header bits which can be used to verify that the requested data matches the original data, and has not been altered in transit.

The challenge lies in the prompt adoption of DNSSEC by DNS data providers. Very few have adopted DNSSEC to date. ISPs and enterprise DNS administrators can accelerate this needed security by configuring their DNS infrastructure to validate signed data. However, their resistance centers on the complex management of DNSSEC.

Enter BIND 9.7.

BIND 9.7 optimizes DNSSEC for usability – automating DNSSEC protocol specifications through its Open Source application.

Specifically, BIND 9.7:

  • Automates trust anchor maintenance and the task of keeping trust anchors up to date through implementation of a new element of the DNSSEC protocol, RFC5011.
  • Simplifies configuration of DNSSEC Lookaside Validation (DLV) by adding an easy option to turn on DLV through alternate islands of trust, which provide DNSSEC validation in areas where a chain of trust from the root is not yet available.
  • Simplifies configuration of Dynamic DNS by providing administrators several new configuration options to make real-time changes on their servers with a simple syntax – and without removing functionality – to easily configure automatic zone re-signing for DNSSEC.
  • Provides fully automatic signing of zones by extending the private key file format to contain key timing metadata. This allows the administrator to pre-select when a key is scheduled, published or revoked.
  • Improve and extends libdns library so that DNS client API can support DNSSEC and dynamic updates, and DNSSEC-aware getaddrinfo() and getnameinfo().
  • Supports PKCS#11 cryptography for use in DNSSEC with a Hardware Security Module.

ISC has been a pioneer in DNSSEC development and deployment for (10) years. ISC is committed to Open Source software, and specifically designed BIND 9.7 to focus on making DNSSEC easier to implement and use. ISC offers a host of commercial quality Open Source software for the Internet Community. We invite you to join the BIND forum at www.isc.org/software/guild/bf.

BIND 9.7 is available for download at http://www.isc.org/software/bind/970-p1.

About ISC

Internet Systems Consortium (ISC) is a non-profit 501(c)(3) public benefit corporation widely known for world-class Internet software engineering and network operations. ISC produces only open-source software, of which BIND and ISC DHCP are the two best-known examples. Our emphasis is on core Internet technology. Our widely imitated Managed Open Source process ensures the quality of this software while keeping it completely open and available.

ISC operates high-reliability global networks of DNS root servers (F-root) and authoritative DNS servers (SNS@ISC) both for non-profit and for commercial enterprises. ISC is also very involved in ongoing Internet protocol and standards development, particularly in the areas of DNSSEC and IPv6. ISC is supported by donations from generous sponsors, by program membership fees, and by specific fees for services. For program or donation information, please visit our website at http://www.isc.org

###

Share this