Is Bind still broken?
Jim Reid
jim at rfc1035.com
Wed Nov 13 10:22:11 UTC 2002
>>>>> "Rick" == Rick N <naga at europe.com> writes:
Rick> Some time ago I switched to UltraDNS because someone told me
Rick> that BIND was broken...
Would you jump off a cliff just because someone told you to do it?
Rick> EG https://www.ultradns.com/news/0314b.html
Rick> Is BIND still broken?
Define "broken". Approximately 90% of the TLD name servers and ALL of
the internet root servers run BIND. It would come as a great surprise
to the operators of these servers and zones if BIND was "broken". BIND
is also the reference implementation of the DNS protocols: NOTIFY,
Dynamic Update, IXFR, EDNS0, DNSSEC, etc, etc. It would be a big
surprise to the many thousands of people routinely depending on those
protocols if BIND was "broken". In fact, almost every non-trivial DNS
installation uses BIND. This would not be the case if BIND was
"broken". Independent surveys show that approx 80% of the world's name
servers are running BIND. That would not be true if BIND was "broken".
Now there are some things where BIND can be clumsy: like loading a
1Gb+ zone file or handling upwards of tens of thousands of zones. Even
at these corner-case extremes BIND works just fine, though it's not
pretty. Naive administrators misconfigure BIND and get their
delegations wrong which creates brokenness. But it's not the software
that's broken: the way it's been (ab)used is what's broken. They'd
probably make the same mistakes with other DNS software anyway.
You should be very sceptical of a press release coming from a company
that has a vested interest in spreading FUD about BIND. The above URL
promotes UltraDNS's managed DNS service, which is fair enough. The net
needs competent managed DNS service providers. However the issues of
providing managed DNS service are largely orthogonal to the DNS
software used to deliver that service.
Some of the stuff in this PR puff is wrong and/or misleading. This
press release states "no one has yet delivered mission critical DNS
reliability with BIND-based DNS". This is blatantly absurd, as anyone
with a clue about DNS would know. All the internet root servers run
BIND and have done for years. You can't get any more mission-critical
than that. [BTW one of those servers had 10 seconds downtime in the
last 5 years.] I suspect that just one of those root servers gets more
queries per second than the whole of UltraDNS's infrastructure. There
are plenty more examples where mission-critical DNS service depends on
BIND: aol.com's mail service for example. Or the web search engines.
Or the corporate intranets of probably all the Fortune 500 companies.
More information about the bind-users
mailing list