Archive for 'Server Software'
BIND Addresses Performance and Stability Issues
The initial patches provided for better port randomization in BIND caused it to experience performance issues. Today ISC has provided a second patch for each of the Unix versions of 9.3.5, 9.4.2, and 9.5.0 that addresses the problems introduced in the first patch. As stated in the release notes, this update provides:
performance improvement over the [...]
Posted: August 2nd, 2008 under BIND, Security.
Comments: none
BIND Issues on High Traffic Caches
ISC has issued a statement about the performance issues that many BIND administrators are seeing.
Evidently, the new security updates to BIND are causing problems in high traffic recursive environments (more than 10k queries/sec). Specifically, the issue exists with BIND 9.5.0-P1. Their statement recommends that systems affected by this be immediately downgraded to BIND 9.4.2-P1, which [...]
Posted: July 30th, 2008 under BIND.
Comments: none
A Big Day for DNS Security
Dan Kaminsky has done it again.
Kaminsky found a security vulnerability in the design of DNS itself. Yea, let that sink in. The problem was in the DNS protocol, not just certain implementations. That means BIND is affected (of course), Microsoft DNS is affected, and so on. A full list of affected systems is available in [...]
Posted: July 9th, 2008 under BIND, Security, Server Software, Uncategorized, djbdns.
Comments: none
Unbound Released
A new recursive and caching DNS server named Unbound has been released by NLnet Labs, VeriSign, Inc., Nominet, and Kirei. According to the press release:
Unbound is a validating, recursive, and caching DNS server designed as a high-performance alternative for BIND (Berkeley Internet Name Domain). Unbound will be supported by NLnet [...]
Posted: June 8th, 2008 under Unbound.
Comments: none
DNS SRV Record Tutorial
Anders Brownworth has written a nice tutorial for configuring SRV records. SRV records are becoming more popular, especially for use with SIP, so it’s good to see someone writing about them.
Anders has also written an SRV record builder for use with djbdns’s tinydns server. tinydns has a generic record format that can [...]
Posted: June 5th, 2008 under Articles, djbdns.
Comments: 2
BIND 9.5.0 Released
BIND 9.5.0 has been released. Many, many bugs and security problems have been fixed, and a few new features have been added as well, including:
GSS-TSIG support (RFC 3645).
DHCID support.
Experimental http server and statistics support for named via xml.
More detailed statistics counters, compatible with the ones supported in BIND 8.
Faster [...]
Posted: June 3rd, 2008 under BIND.
Comments: none
BIND 8 EOL extended until August 2008
This is just a reminder for those who may not have heard.
BIND 8 was originally scheduled to be end-of-life’d on August 27th, 2007, but after another security issue was announced the ISC agreed to continue supporting it for another year.
That year is almost up though, so if you are still running BIND 8 you now [...]
Posted: June 3rd, 2008 under BIND.
Comments: none