LinuxSecurity.com: Paul Vixie and David Conrad on BINDv9 and Internet SecurityOct 04, 2000, 00:30 (1 Talkback[s])
(Other stories by Dave Wreski)
[ Thanks to Chris Pallack for this link. ]
"In this interview, Paul Vixie and David Conrad talk about the Internet Software Consoritum, the change s in the latest major version of bind, the security features designed into it, a nd the future of Internet security...."
"BINDv9 is a 'major rewrite' from previous versions. Can you explain to us the reason for this rewrite and what new features have been added with regard to security?"
"Paul Vixie: Because every bit of effort I ever put into BIND, from version 4 to version 8, was patchwork. The basic sleazeware produced in a drunken fury by a bunch of U C Berkeley grad students was still at the core of BIND. In 1998, Jerry Scharf, who was the Executive Director of ISC, convinced the remaining UNIX vendors and a few government agencies that the only way to support all of the new DNS protocol enhancements was to totally rewrite BIND. That work is substantially complete as of last month. The major feature isn't security as much as it is robustness. BIND9 was written by a large team of professional software developers who had enough time and enough money to "get it right." BIND9 is auditable in ways which BIND8 and BIND4 never were. It will support the next generation of DNS protocol evolution, as well as back end database support, security (both transactional and authenticity), portability, abstract user and management interfaces, SNMP, and everything else that's needed to be a robust commercial product in the Internet of Y2K and beyond."