Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.
Domain summit 2024

Verisign Dumps BIND

Status
Not open for further replies.
Domain summit 2024

devolution

Level 6
Legacy Platinum Member
Joined
May 14, 2002
Messages
600
Reaction score
0
Feedback: 0 / 0 / 0
I bet it's already hacked - some peed off workers at Verisign have probably nicked the software and are waiting to post it to Usenet!

Imagine what fun will happen if they put this software on the Root Servers.
Anyone care to hazard a guess?

Whitehouse.gov ending up at SheMaleHeaven.com ?
RacialEquality.gov ending up at KluKluxKlan.com?

Originally posted by uuallan
http://www.nwfusion.com/news/2002/133242_06-10-2002.html

Given Verisign's track record for DNS security, I wonder how long it will be until someone hacks ATLAS :D
 

Guest
I won't miss BIND, however they could have easily just switched to djbdns instead of writting their own software. Such arrogance.

-t
 

uuallan

Level 3
Legacy Gold Member
Joined
Apr 23, 2002
Messages
68
Reaction score
0
Feedback: 0 / 0 / 0
Originally posted by thewitt
I won't miss BIND, however they could have easily just switched to djbdns instead of writting their own software. Such arrogance.

I don't know about that...I haven't seen any evidence that tiny/djbdns can handle a large installation like we are talking about here. It certainly is a nice program, but it seems primarily used for small to mid-sized DNS installations.
 

Guest
You are incorrect in your assumption that djbdns is limited to small installations.

It's primary user community is the university environment, however there are a number of major commercial implementations as well - citysearch.com, lycos.com, pobox.com to name just a few.

If you spend some time looking at performance statistics, it outperforms BIND in all configurations (remember that Verisign has been using BIND for years) and can easily handle 4500 requests per second on a 500mhz FreeBSD machine with 2G of ram (the stats that led to this were 1.9B requests over 5 days and a 3.1M entry database).

NIH is likely the reason that Verisign are writing their own - with a fair amount of hubris worked in for good measure.

I should also add that they plan on supporting "emerging" standards as well in their DNS servers, and I suspect this means they will be offering more paid services through both the registry and their registrar divisions that only work with these emerging standards...

-t
 

uuallan

Level 3
Legacy Gold Member
Joined
Apr 23, 2002
Messages
68
Reaction score
0
Feedback: 0 / 0 / 0
Originally posted by thewitt
You are incorrect in your assumption that djbdns is limited to small installations.

It's primary user community is the university environment, however there are a number of major commercial implementations as well - citysearch.com, lycos.com, pobox.com to name just a few.

If you spend some time looking at performance statistics, it outperforms BIND in all configurations (remember that Verisign has been using BIND for years) and can easily handle 4500 requests per second on a 500mhz FreeBSD machine with 2G of ram (the stats that led to this were 1.9B requests over 5 days and a 3.1M entry database).

I'm sorry, I shouldn't have said djbdns was limited to small installations -- I know that is not true. But even the examples you give are nothing compared to the number of queries that are received by the root name servers.

Also, I saw on the blurbs page the mention of Lycos, but all of the Lycos name servers look like they are still running BIND:

Code:
[allan@ns1 allan]$ dig @NS4.HOTWIRED.COM version.bind chaos txt

; <<>> DiG 9.1.3 <<>> @NS4.HOTWIRED.COM version.bind chaos txt
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43591
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;version.bind.                  CH      TXT

;; ANSWER SECTION:
VERSION.BIND.           0       CH      TXT     "surely you must be joking"

;; Query time: 88 msec
;; SERVER: 209.202.221.55#53(NS4.HOTWIRED.COM)
;; WHEN: Thu Jun 13 09:40:47 2002
;; MSG SIZE  rcvd: 80

AFAIK, djbdns does not respond to the version.bind query.

I don't want to sound like I am bashing djbdns, because I think it is a great program.
 

Guest
Originally posted by uuallan
AFAIK, djbdns does not respond to the version.bind query.

I don't want to sound like I am bashing djbdns, because I think it is a great program.
Unless they have patched djbdns to mimick BIND for some reason, you are correct. I have a couple of private emails from the Lycos guys here somewhere, I'll see if I can find anything interesting.

I was also not trying to compare the volume of hits on these large sites with what the root servers take, but to simply point out that in all the benchmarks I've seen, djbdns outperforms BIND significantly - and runs very well on very little hardware, unlike BIND, which is very unstable at high volumes and requires mamoth hardware to support it.

Since BIND has obviously been working in it's role at Verisign, why would you start over from scratch if what you were really looking for was a more secure implementation of DNS for your root services.

I think that this quote is the more telling from their announcement
Next year it will support not only DNS lookups but also emerging protocols such as Session Initiation Protocol and Signaling Series 7 for Internet telephone calls
It appears to me that Verisign are more concerned about offering future services for $$ than they are trying to ...fix a DNS environment that is too homogeneous.

Don't get me wrong, I'm not against capitalisim - I just think that the root servers are at much higher risk if they are running proprietary software from Verisign in support of emerging technologies, than if they are running anything that's open source and has a large installed base - even buggy old BIND...

-t
 

uuallan

Level 3
Legacy Gold Member
Joined
Apr 23, 2002
Messages
68
Reaction score
0
Feedback: 0 / 0 / 0
Originally posted by thewitt

I think that this quote is the more telling from their announcement It appears to me that Verisign are more concerned about offering future services for $$ than they are trying to ...fix a DNS environment that is too homogeneous.

Don't get me wrong, I'm not against capitalisim - I just think that the root servers are at much higher risk if they are running proprietary software from Verisign in support of emerging technologies, than if they are running anything that's open source and has a large installed base - even buggy old BIND...

agreed.

Maybe ICANN will step in and say something...
BWAHAHAHAHAHAH :D.
 
Status
Not open for further replies.

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

Sedo - it.com Premiums

IT.com

Premium Members

AucDom
UKBackorder
Be a Squirrel
MariaBuy

New Threads

Our Mods' Businesses

Free QR Code Generator by MerchArts
UrlPick.com

*the exceptional businesses of our esteemed moderators

Top Bottom