[ Thanks to Chris
Pallack for this link. ]
“In this interview, Paul Vixie and David Conrad talk about
the Internet Software Consoritum, the change s in the latest major
version of bind, the security features designed into it, a nd the
future of Internet security….“
“BINDv9 is a ‘major rewrite’ from previous versions. Can you
explain to us the reason for this rewrite and what new features
have been added with regard to security?”
“Paul Vixie: Because every bit of effort I ever put into BIND,
from version 4 to version 8, was patchwork. The basic sleazeware
produced in a drunken fury by a bunch of U C Berkeley grad students
was still at the core of BIND. In 1998, Jerry Scharf, who was the
Executive Director of ISC, convinced the remaining UNIX vendors and
a few government agencies that the only way to support all of the
new DNS protocol enhancements was to totally rewrite BIND. That
work is substantially complete as of last month. The major feature
isn’t security as much as it is robustness. BIND9 was written by a
large team of professional software developers who had enough time
and enough money to “get it right.” BIND9 is auditable in ways
which BIND8 and BIND4 never were. It will support the next
generation of DNS protocol evolution, as well as back end database
support, security (both transactional and authenticity),
portability, abstract user and management interfaces, SNMP, and
everything else that’s needed to be a robust commercial product in
the Internet of Y2K and beyond.”