BIND

From Wikipedia, the free encyclopedia

BIND
Developed by Internet Systems Consortium
Latest release 9.5.0 / May 29, 2008
OS Unix-like, Windows
Genre DNS server
License BSD license
Website www.isc.org/sw/bind/

BIND (Berkeley Internet Name Domain) is the most commonly used DNS server on the Internet, especially on Unix-like systems, where it is a de facto standard. Supported by Internet Systems Consortium, BIND was originally created by four graduate students with CSRG at the University of California, Berkeley and first released with 4.3BSD. Paul Vixie started maintaining it in 1988 while working for DEC.

A new version of BIND (BIND 9) was written from scratch in part to address the architectural difficulties with auditing the earlier BIND code bases, and also to support DNSSEC (DNS Security Extensions). Other important features of BIND 9 include: TSIG, DNS notify, nsupdate, IPv6, rndc flush (remote name daemon control), views, multiprocessor support, and an improved portability architecture. It is commonly used on Linux systems. rndc uses a shared secret to provide encryption for local and remote terminals during each session.

Contents

[edit] History

BIND was originally written in the early 1980s under a DARPA grant. In the mid-1980s, DEC employees took over BIND development. One of these employees was Paul Vixie, who continued to work on BIND after leaving DEC. He eventually helped start the ISC, which became the entity responsible for maintaining BIND.

The development of BIND 9 was done with a combination of commercial and military contracts. Most of the features of BIND 9 were funded by UNIX vendors who wanted to ensure that BIND stayed competitive with Microsoft's DNS offerings; the DNSSEC features were funded by the US military who felt that DNS security was important.

From the start, the acronym BIND stood for Berkeley Internet Name Domain, the server being the "Berkeley Internet Name Domain (BIND) Server". It was never, as some have believed, Berkeley Internet Name Daemon. The original acronym is clear from the title of and usage in the original BIND paper, The Berkeley Internet Name Domain Server.[1]

[edit] Criticisms

[edit] Configuration

Unlike many Internet applications, BIND requires that systems administrators fully qualify domain names in certain contexts, for example, 'www.wikipedia.org.' (note the trailing '.'). The following response to a dig query is an example of what can result when systems administrators forget this critical point:

;; QUESTION SECTION:
;rr.wikipedia.org.              IN      A
;; AUTHORITY SECTION:
wikipedia.org.          7134    IN      SOA     ns0.wikimedia.org.wikipedia.org.

[edit] Zone storage support

BIND offers no stock mechanism to store and retrieve zone data in anything other than flat text files. Patches must be applied if this support is required. Some other DNS servers include support for content storage in other repositories including SQL databases and LDAP directories.

[edit] Security

Like Sendmail, WU-FTPD, and other systems dating back to the earlier laissez-faire days of the Internet, BIND 4 and BIND 8 have had a large number of serious security vulnerabilities over the years and as such their use is now strongly discouraged.[2] BIND 9 was a complete rewrite; while there have still been various vulnerabilities, none of them have come close to the severe remote exploits found in previous versions.[3]

[edit] See also

Free software Portal

[edit] References

  1. ^ Douglas Brian Terry, Mark Painter, David W. Riggle and Songnian Zhou, The Berkeley Internet Name Domain Server, Proceedings USENIX Summer Conference, Salt Lake City, Utah, June 1984, pages 23-31.
  2. ^ P. Hudson, A. Hudson, B. Ball, H. Duff: Red Hat® Fedora 4 Unleashed, page 723. Sams Publishing, 2005 ISBN 0-672-32792-9
  3. ^ BIND vulnerabilities. Retrieved on 2008-04-15.

[edit] Books

[edit] External links

[edit] Configuration sites