BIND 10 la start - osn.ro | Știri IT, editoriale, tehnologie, Internet

The Internet Systems Consortium a anunțat că a primit suficiente fonduri din partea sponsorilor pentru a începe lucrul la proiectul BIND 10, înlocuitorul serverului de nume BIND 9 care are deja o venerabilă vârstă de 11 ani și este cel mai utilizat server DNS (Wikipedia: EN / RO) din întreaga lume.

ISC vrea să reprogrameze complet aplicația pentru servere DNS, unul dintre scopurile principale fiind și de a integra în acesta tehnici curente de securitate cum ar fi DNSSEC, dar și pentru a cosntrui un sistem modular, pentru a putea fi folosit doar ca simplu rezolvator pentru rețele de mici dimensiuni, sau ca server autoritativ pentru domenii de top. O altă posibilitate ar putea fi dezvoltarea conectivității bazei de date SQL ca și modul.

DNSSEC sau Domain Name System Security Extensions este o parte critică din BIND 9, deşi DNSSEC însăşi nu este larg disponibil. DNSSEC oferă un mecanism pentru semnarea digitală a numelor de domenii pentru a asigura autenticitatea acestora. Tehnologia a fost declarată ca una dintre cele mai bune soluţii la vulnerabilitatea DNS Kaminsky care a afectat grav funcționalitatea Internetului în 2008. Momentan, dintre domeniile TLD, doar cele .org sunt semnate pentru DNSSEC.

Robustețea va fi un alt punct major pe lista dezvoltatorilor, BIND 10 fiind capabil să se reseteze singur și să continue operarea normală, față de BIND 9 ale cărui răspunsuri la erori multiple pot provoaca potențiale exploatabile la atacuri de tip Denial of Service.

„One of the goals for BIND 10 is to allow people to customize and extend without too much trouble. Every design decision will be documented in a way that makes sense without having to know the details of the entire system. The same applies to APIs and the code itself.„, declara Shane Kerr, director de proiect pentru BIND 10 la Internet Systems Consortium.

Conform DENIC, faza de dezvoltare pentru BIND 10 s-ar putea întinde pe cinci ani. Printre participanții la dezvoltarea viitorului server de nume se numără AFNIC (Franţa), CIRA (Canada), JPRS (Japonia) şi SIDN (Olanda).

Declarația de presă:

ISC Commences Development of Next Generation Domain Name Server Architecture with Unprecedented Community Sponsorship

Redwood City, CA – April 22, 2009 – Internet Systems Consortium (ISC), with the support of industry leading sponsors, today reveals plans for BIND 10, the next leap forward in DNS server software. Japan Registry Services Co., Ltd. (JPRS) and Canadian Internet Registration Authority (CIRA) are patron sponsors of the multi-year effort committing both financial support and development resources. Afilias, AFNIC, DENIC, IIS.SE, Nominet, NIC.br, SIDN and .za Domain Name Authority complete the list of visionary organizations that have chosen to provide financial support for ISC’s development effort. Like its predecessors, BIND 10 will be open source but it will also be modular, highly scalable and provide simple methods for configuration management and integration with other systems.

BIND 10 is being designed to serve the needs of today’s dynamic and growing Internet-dependent businesses. The design goals are simple: a secure, flexible, resilient DNS server that integrates easily into the workflow and maintenance of the complex networks organizations demand. The sponsors named in this release have agreed to serve on a steering committee overseeing the development of BIND 10 from the very beginning working with ISC to ensure it will best serve the needs of diverse Internet community.

Secure. BIND 10 will provide the state-of-the-art in DNS security as one would expect. The differentiation will be the way that a user configures the secure services they choose to deploy. The design goal for DNSSEC in BIND 10 is to be usable by the typical DNS administrator with built-in safeguards for key management and renewal.

“JPRS is pleased to join the development effort of BIND 10 as the .JP registry,” said Koki Higashida, president of JPRS. “The Internet has expanded day by day, and its reliability as a social infrastructure is required. BIND 10 will accomplish what is needed for DNS that supports the Internet in the future, such as the full support for DNSSEC and the flexible operation of large-scale DNS. By using the experiences of .JP registry, JPRS will support this project positively for not only TLD registries but worldwide DNS managers.”

Flexible. BIND 10 will be modular by design and implementation. A user can easily configure a lightweight resolver or a fully featured authoritative server in a given installation. Even non-BIND specific modules can be integrated such as an SQL-based server or a pre-compiled answer database ensuring very high performance.

Scalability is another property that will be intrinsic to BIND 10. From a large complex system used by country code top level domains, like .de or .uk, to small home system, like a cable modem, BIND 10 will run efficiently based upon the resources it has to draw from optimizing the performance delivered.

Resilient. BIND 9’s response to unexpected failures is to log the exception and exit while saving the data for further analysis. This was a design choice to provide maximum diagnostic information and reduce the potential for subsequent errors. BIND 10’s design premise will be to recover in all possible circumstances and exit only when no recovery is possible or advisable given security risk. The end result will be a more resilient and available BIND name server while maintaining the analysis tools to troubleshoot the error.

“CIRA is committed to participating in valuable and innovative, global projects that are rooted in the public interest and that will further the evolution of DNS,” said Byron Holland, President and CEO of CIRA. “BIND 10 is critical to the infrastructure of the Internet and essential for registries to provide a robust, high-performance DNS that will ensure the availability of domains to all Internet users.”

Integration and Maintenance. BIND 9 uses text configuration and data files susceptible to operator error. While this is adequate for most purposes, it is not a very useful way of integrating with the ever more sophisticated back-end systems that customers use for process management. BIND 10 will provide new forms of interaction with (and interfaces to) monitoring and configuration environments such as enabling a closer coupling between BIND and DHCP. One of the explicit design goals is a finer-grained approach to configuration changes.

The DNS protocol was created in 1982. BIND 4 was released to the public in 1986. ISC’s founders shouldered the primary responsibility for BIND software in 1996, and ISC has been developing and adapting and improving it ever since. As DNS protocols evolve, BIND evolves with them. BIND 9 was created to implement the DNS Security standards (DNSSEC). With market share of greater than 80%, BIND is the undisputed leader in name server software. ISC will continue to provide production-grade, standards-based name server software as open source for as long as the community continues to support us.

“ISC is pleased to be able to begin work on this very important project for the global Internet community,” said Paul Vixie, president of ISC. “Through the shared vision and financial support of our sponsors and the support of the open source community, BIND 10 will happen.” For more information on the details on the project and participation, visit www.isc.org/bind10.

About ISC:

Internet Systems Consortium (ISC) is a non-profit 501(c)(3) public benefit corporation widely known for world-class Internet software engineering and network operations. ISC produces only open source software, of which BIND and ISC DHCP are the two best-known examples. Our emphasis is on Internet core technology. Our widely-imitated Managed Open Source process ensures the quality of this software while keeping it completely open and available. ISC operates high-reliability global networks of DNS root servers (F-root) and authoritative DNS servers (SNS@ISC) both for non-profit and for commercial enterprises. ISC is also very involved in ongoing Internet protocol and standards development, particularly in the areas of DNSSEC and IPv6. ISC is supported by donations from generous sponsors, by program membership fees, and by specific fees for services. For program or donation information, please visit our website at http://www.isc.org.

Informaţii suplimentare se pot găsi la adresa https://www.isc.org/bind10
Informații alternative:
http://www.wired.com/techbiz/people/magazine/16-12/ff_kaminsky
http://en.wikipedia.org/wiki/Dan_Kaminsky
http://www.internetnews.com/commentary/article.php/3764546/Did+Dan+Kaminsky+Save+the+Internet.htm