CrossNodes Briefing: BIND
...one ring to BIND them. Some estimate that the Berkley Internet Name Domain (BIND) enables up to 90 percent of all Internet connections. Although the basic functionality seems simple, BIND remains a complex software program. Whether you use BIND for Domain Name Services or Load Balancing, there are a number of things to be aware of. Each CrossNodes Briefing is designed to act as a reference on an individual technology, providing a knowledge base and guide to networkers in purchasing and deployment decisions.
The Berkley Internet Name Domain (BIND) offers Domain Name Services (DNS) for many Internet servers. The basic functionality of the open software remains deceptively simple. When a server receives a request for an Internet site, for example, www.crossnodes.com, it checks a database of names to find the appropriate IP address. If the name is not found, the server forwards the request to known servers on the network. This process repeats until a server that recognizes the name provides the connection.
Although the basic functionality seems simple, BIND remains a complex software program. Multiple versions exist, and recently, reports noted security holes in the various versions. Updates to the code are now available.
The software, which is distributed as open source by the Internet Services Consortium (ISC), runs on Unix systems. Some estimate that BIND enables up to 90 percent of all Internet connections, but ISC reports that users run BIND on such systems as AIX, HP-UX, Linux, Solaris, and Windows NT and 2000.
A Problem of Versions
University of California, Berkeley graduate students developed the first version, but the ISC released several versions in the intervening years. In addition, it is open source software, and users have customized the software in the field. This means that several sites still use earlier versions to preserve their customized code. This makes it difficult to think about BIND as a single product. The most popular versions include:
- Version 4.X: an early version, BIND 4 establishes primary, secondary, and cached servers. It does not support dynamic updates to its database of sites, and it lacks any method of collecting change notices from other BIND servers. In addition, it sends a single message each time it forwards a request. ISC recommends using the latest version of BIND and warns that some exchanges between Version 9.X and Version 4.X are unpredictable.
- Version 8.X: based on the core code used in early versions, this software supports dynamic updates to the DNS and accepts change notifications from other servers running BIND 8.x. It also extends logging and security, and it improves performance. Version 8.X uses a master-slave model that allows one server to control a zone, while the other servers in the zone use copies of the DNS. Version 8.X bundles requests to other servers to better utilize communications links, and it supports Internet Protocol version 6.
- Version 9.X: created from scratch, Version 9.x represents a more robust implementation of BIND. The software supports Internet Protocol version 6, a user-configurable cache, improved performance, and enhanced auditing capabilities. It adds a level of security with its support for DNSSEC, which supports signed zones, and TSIG for signed DNS requests. Version 9.X also supports multiprocessor servers.