BIND

BIND ( /ˈbaɪnd/), or named (/ˈneɪmdiː/), is the most widely used DNS software on the Internet. ^{[1] [2]} On Unix-like operating systems it is the de facto standard.

Originally written by four graduate students at the Computer Systems Research Group at the University of California, Berkeley (UCB), the name originates as an acronym from Berkeley Internet Name Domain,^[3] reflecting the application's use within UCB.

BIND was first released with Berkeley Software Distribution 4.3BSD, and as such, it is free and open source software. Paul Vixie started maintaining it in 1988 while working for Digital Equipment Corporation. As of 2010^[update], the Internet Systems Consortium maintains BIND.

A new version of BIND (BIND 9) was developed by Nominum, Inc. under an ISC outsourcing contract^[4]. It was written from scratch in part to address the architectural difficulties with auditing the earlier BIND code bases, and also to support DNSSEC (DNS Security Extensions). Other important features of BIND 9 include: TSIG, DNS notify, nsupdate, IPv6, rndc flush (remote name daemon control), views, multiprocessor support, and an improved portability architecture. rndc uses a shared secret to provide encryption for local and remote terminals during each session.

History

BIND was written by Douglas Terry, Mark Painter, David Riggle and Songnian Zhou in the early 1980s at the University of California, Berkeley as a result of a DARPA grant. Versions of BIND through 4.8.3 were maintained by the Computer Systems Research Group (CSRG) at UC Berkeley.^[5]

In the mid-1980s, DEC employees took over BIND development, releasing versions 4.9 and 4.9.1. One of these employees, Paul Vixie, continued to work on BIND after leaving DEC. BIND Version 4.9.2 was sponsored by Vixie Enterprises. He eventually helped start the ISC, which became the entity responsible for BIND versions starting with 4.9.3.^[6]

BIND 8 was released by ISC in May 1997.^[7]

The development of BIND 9 took place under a combination of commercial and military contracts. Most of the features of BIND 9 were funded by UNIX vendors who wanted to ensure that BIND stayed competitive with Microsoft's DNS offerings; the DNSSEC features were funded by the US military, which regarded DNS security as important. BIND 9 was released in September 2000.^[8]

The acronym BIND is for Berkeley Internet Name Domain, from a technical paper published in 1984.^[9]

Criticisms

Database support

Earlier versions of BIND offered no mechanism to store and retrieve zone data in anything other than flat text files. BIND 9.4 ^[10] DLZ made available (as a compile-time option) zone storage in a variety of database formats including LDAP, Berkeley DB, PostgreSQL, MySQL, and ODBC.

Security

BIND 4 and BIND 8 have both had a substantial number of serious security vulnerabilities over the years, and as such their use is now strongly discouraged.^[11] While BIND 9 was a complete rewrite, ostensibly to mitigate these ongoing security issues, it has also experienced a large number of serious security vulnerabilities.^[12]

See also

Free software portal

• Comparison of DNS server software
• DNS management software

References

Books

• DNS and BIND, Fifth Edition by Paul Albitz, Cricket Liu. 2006. ISBN 0-596-10057-4.
• BIND 9 DNS Administration Reference Book: Name Server Operations and DNS Configuration using BIND. Published by Reed Media Services. 2007. ISBN 0-9790342-1-3.

External links

• The official BIND site at Internet Systems Consortium (ISC.org)
• CircleID Interview with Cricket Liu, author of 'DNS and BIND'
• A Brief History of BIND by ISC
• LWRES, a BIND 9 lightweight resolver library