Why We (Still) Need BIND 10

Several years ago, ISC started the BIND 10 project. As part of the effort to kick-start the effort, Joao Damas and Paul Vixie wrote a paper called The Need for BIND 10.

It’s been almost 4 years, and we have recently released the first BIND 10 alpha. It is worth asking, do we still need BIND 10?

Open Source vs. Proprietary Solutions
A high-quality, open source DNS server is important to insure that the DNS protocol continues to be a reliable cornerstone of the Internet.

Smaller organizations often simply do not have the resources to pay for a proprietary DNS solution.

For large organizations, open source offers benefits because the code can be reviewed for quality and correctness. Open source avoids problems of vendor lock-in.

Proprietary DNS solutions have their place, but the Internet also needs an open source implementation.

BIND vs. Other Open Source Software
When the BIND 10 project started, there were not too many options in the open source DNS world. djbdns has been available for years, but is largely abandoned. NSD existed for authoritative servers, Unbound for recursive resolvers, and PowerDNS supported both modes. All had various strengths and weaknesses.

In the time since then, several new authoritative servers have appeared (for example Knot and Yadifa), and existing servers have evolved (of special note: PowerDNS has sprouted DNSSEC support).

While this makes the problem of “genetic diversity” in the open source DNS space less urgent, BIND 10 is still important for the exact same reasons that it was important when the project started.

Minimal vs. Maximal DNS Servers
There are several DNS servers that aim to do one thing, and do that well. That is an excellent goal; as a developer it can be quite satisfying to develop such software, and as a user it is often nice to use a tool that provides a single service; no more, no less.

BIND 10 is not a minimal DNS server.
BIND 10 is unashamedly a maximal DNS server.

Even servers that are not explicitly minimal choose to target a subset of DNS, and to target a subset of DNS administrators with specific needs.

“Implement All the DNS!”
DNS is a complex protocol, with many sub-protocols, enhancements, heuristics, and so on. Many of these are standardized, many are not. All of them exist because someone, somewhere had a need and created a solution to their problem.

The main goal of BIND 10 is to help administrators and other users. In order to do this, we intend to provide implementation of the whole DNS protocol suite.

BIND has always served as a reference implementation for new DNS features, BIND 10 will continue this. And going forward, the world needs a place where new ideas can be experimented with.

Customization Means Complexity
When standard solutions work, then it is great. However, many users have environments with unique requirements.

Some businesses would love to take existing DNS systems and modify them slightly to work with other systems. This can be to improve security, change network behavior, initiate various tasks (billing, usage monitoring, …), or pretty much anything.

Also, the world gives administrators environments inherited with decades of mergers, legacy systems, failed revamps, policy changes, governmental regulations, and so on. Administrators have to work in these environments too.

BIND 10 is designed to be easy to modify. This customizability means complexity – not for the user (we hope) but in the software itself. It is a price that is important for BIND 10 to pay, so that administrators can solve their own problems in straightforward ways.

Every So Slightly Radical
While not strictly related to why we (still) need BIND 10, the software is designed using a number of new and hopefully exciting ideas.

For example, the software is split into components as separate programs, which makes failure only affect a part of the overall DNS service. We have a configuration model which is different from traditional Unix configuration files. The system uses Python for parts that are not performance critical so they will be easier to modify.

We have plans for further ideas as well, such as hooks that allow simple code snippets to modify server operation, and wizard-like administrator tools.

Ideally several of these ideas will be valuable, and push the state-of-the-art in server software in general.

See for Yourself
We recently released our first BIND 10 alpha. If you run an authoritative DNS server, please check it out. It’s a bit different from other DNS servers… because the world needs for it to be.

1 Comment

  1. bert hubert October 15, 2012

    For what it’s worth, here over at PowerDNS we agree fully. We often say ‘no’ to certain feature requests because we want to retain the focus on what we do well. This precludes supporting ‘ALL THE DNS’. And we’re glad that BIND does have that as its mission statement!

Leave a reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Last modified: June 17, 2013 at 4:54 pm