Blogs

We have decided to move ISC DHCP to the Mozilla Public License (MPL 2.0). In 2016 we re-licensed BIND and Kea under the Mozilla Public License 2.0.  At the time we solicited public comment, and talked to many stakeholders about it. In the end, we didn’t see any negative impact on our users from that change.  Now we plan to make the same shift from

Over the past five years, we have taken on average, 32 days to publicly disclose a BIND vulnerability, from the time we receive the first report.   Typical steps from report to disclosure include: Set-up secure email link with reporter, request more details Reproduce in house (this can take a while, particularly if the reporter can’t provide enough detail) Team

We are excited to announce that, beginning July 7th, we will finally be enabling read-only Guest access to our BIND and DHCP bug database. I know what you are thinking. Every other open source project has had an open bug database for years. What took ISC so long? First problem: Software support for Guests First of all, our issue tracker

One of the major challenges with logging network traffic is that it is very disk I/O intensive. It can also require a lot of storage. The storage requirements often lead to the use of file compression algorithms such as gzip to reduce the amount of disk space needed. For DNS traffic this can typically result in an 80% reduction in

Kea 1.2.0 was released a couple of days ago. You may have noticed that there are two new premium features available. We have received some questions. Is Kea becoming commercial? No. Kea is and will remain open source. Fears that Kea is becoming a commercial product are simply not true. Our first commercial add-on – the Kea Forensic Logging library –

One hundred and seventy-eight tickets were resolved with 9.9.10, 9.10.5, 9.10.5-S and 9.11.1. 35 of these were minor features or feature changes and 13 were test items. We incorporated 15 submitted patches, contributed by: Hannes Frederic Sowa (Use IP_PMTUDISC_OMIT if available) Thomas Anderson (fixing a build failure problem) LaMont Jones “This patch has been kicking around in the Debian tree for

“ISC is dedicated to developing software and offering services in support of the Internet infrastructure.” Once a year, we attempt to catalog what we did the prior year towards supporting the infrastructure.  We do have a small team who are very busy keeping F Root going, as well as the hosting services we still provide for some non-profits, but they are too busy

We have just released a new utility in the Apple app store. It tests recursive DNS servers for conformance against current DNS protocol specifications, especially with regard to EDNS(0) as specified in RFC 6891. Like our other utility on the app store, Dig, this is a free download, and we do not provide formal support for it. Ray Bellis, ISC’s

The first release of BIND 9 was in September 2000. In the intervening 16 years, we have issued 225 more releases, give or take a few.  We have continuously added new additional features and RFCs. BIND 9 is a big project: at last count there were 691,554 lines of code* in BIND.  That is 3 times the size of PowerDNS, 5

The question has risen: “is IPv6 the end of address blacklisting”?

I think not, but the mechanisms used will likely change.

Executive summary If you manage a DNS resolver, you may need to take action in 2017 due to the upcoming root key rollover. If you use BIND with “managed-keys” for the root zone or “dnssec-validation auto”, there is low risk. If you use BIND with “trusted-keys” for the root zone, you need to update your configuration. Anyone setting up a new BIND instance around the