Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

ISC Releases the First Look At BIND 10

timothy posted more than 4 years ago | from the and-in-the-darkness dept.

The Internet 172

Ethanol writes "Internet Systems Consortium, producers of BIND 9 (the most popular DNS implementation on the internet), have spent the past year working on a successor, BIND 10. It's entirely new code, redesigned and rewritten from the ground up, and now the first glimpse of what it will eventually look like has been released. 'This code is not intended for general use, and is known to be inefficient, difficult to work with, and riddled with bugs. These problems will all be fixed over the next couple of years, as functionality is added and refined, and the software matures. However, the codebase has a good framework for moving forward, and the software is capable of serving as a DNS server with significant functionality.' (Full disclosure: I work for ISC and I'm one of the engineers on the project.)"

cancel ×

172 comments

Sorry! There are no comments related to the filter you selected.

How (0, Interesting)

Anonymous Coward | more than 4 years ago | (#31546654)

Is that pronounced? Does it rhyme with sinned or blind ?

Re:How (4, Funny)

Ethanol (176321) | more than 4 years ago | (#31546902)

Is that pronounced? Does it rhyme with sinned or blind ?

Wined and dined.

Re:How (1)

jonaskoelker (922170) | more than 4 years ago | (#31548054)

Does it rhyme with sinned or blind ?

Wined and dined.

You winned!

Re:How (0)

Anonymous Coward | more than 4 years ago | (#31547254)

It's not short for "Binderjit Singh" so you should pronounce it as the word "bind" which only has one pronunciation.

Excellent (1, Funny)

NEDHead (1651195) | more than 4 years ago | (#31546670)

Slow, buggy, hard to work with, but we'll fix it later. And not Microsoft?

Re:Excellent (3, Insightful)

rubycodez (864176) | more than 4 years ago | (#31546740)

nope, Microsoft has the audacity to claim their bloated buggy crap is suitable for general use.

Re:Excellent (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#31547236)

Which bloated buggy crap are you referring to?

Or are you one of those people who last used Windows ME? Last I checked, Windows 7 and office was much more productive than the alternatives..

Re:Excellent (1)

Sam36 (1065410) | more than 4 years ago | (#31547604)

No that is healthcare reform

Great. Just what the DNS infrastructure needs (1, Insightful)

man_of_mr_e (217855) | more than 4 years ago | (#31546678)

So we're throwing away all the code that has matured and spend a decade being looked at, and starting over with new buggy code that will be riddled with security vulnerabilities.

Nice.

Re:Great. Just what the DNS infrastructure needs (4, Insightful)

FooAtWFU (699187) | more than 4 years ago | (#31546726)

Yes. As opposed to hacking any new functionality that's needed into all that existing cruft and introducing subtle, hard-to-understand bugs and security vulnerabilities. Which is the trade-off, after all.

(We don't have to stop all development on anything new in the future ever just because we have one mature codebase. It's not like we're all deploying the stuff tomorrow.)

Re:Great. Just what the DNS infrastructure needs (1)

man_of_mr_e (217855) | more than 4 years ago | (#31547218)

In my opinion, if you're going to start over, you start a new project. You start small, and you build a solid base of code. You don't get something that the authors admit is "riddled with bugs"

Re:Great. Just what the DNS infrastructure needs (0)

Anonymous Coward | more than 4 years ago | (#31547298)

relax, it happens sometimes: for example when a major version is created...have you ever heard the term "alpha code"?

Re:Great. Just what the DNS infrastructure needs (0, Troll)

Joce640k (829181) | more than 4 years ago | (#31547758)

Something as simple as DNS should have been "right" after about version 3.

Version 10 being a complete rewrite and still "inefficient, difficult to work with, and riddled with bugs" is funniest thing I've heard this month. I can only imagine what the committee meetings for this are like.

BIND 10 committee metings (2, Informative)

shani (1674) | more than 4 years ago | (#31548036)

There is no "BIND 10 committee", but we do have weekly conference calls. Minutes from these are published on our Trac site:

https://bind10.isc.org/wiki/WeeklyConferenceCalls [isc.org]

[ disclaimer: I am the BIND 10 project manager ]

Re:Great. Just what the DNS infrastructure needs (1, Flamebait)

loxosceles (580563) | more than 4 years ago | (#31546762)

Seriously. "Riddled with bugs"? The implication is that nobody at ISC knows how to write good software. Not really surprising. Bind 4 was a mess. Bind 8 was a mess. Bind 9 was a mess.

"Insanity: doing the same thing over and over again and expecting different results." (Einstein)

They need to start over using sane software design methodology. That probably means hiring competent software engineers.

Re:Great. Just what the DNS infrastructure needs (1)

bipbop (1144919) | more than 4 years ago | (#31546782)

Simply: I wonder what they find so hard about writing tests.

Re:Great. Just what the DNS infrastructure needs (4, Insightful)

larkost (79011) | more than 4 years ago | (#31546858)

Tests are great for finding bug/problems you have already thought about. They are great for making sure that you don't make the same mistake again. However they don't reliably cover things you have not yet thought about. It is also really hard to write tests that cover complicated network interaction... and that is percicely what Bind must do.

Re:Great. Just what the DNS infrastructure needs (2, Insightful)

Anonymous Coward | more than 4 years ago | (#31546880)

This is why you hire information/computer security researchers (or researchers in general, but security people have a tendency to think "how can I break this" as opposed to "this should work and let's all play nice") and have them review and validate your design and your code. You discuss your assumptions with them, and make sure they are sane (or can at least be enforced, i.e. buffer sizes). This is one of the most critical pieces of software that humanity will rely on for a few more decades, I think we should put some real effort into it, as opposed to an ad-hoc throw code at the wall and see what sticks.

Re:Great. Just what the DNS infrastructure needs (1)

poetmatt (793785) | more than 4 years ago | (#31547460)

hiring people isn't a solution to anything.

That's like asking someone to figure out how to prevent a situation that has never occurred.

you can plan and plan and plan, but you're not going to have a fallback for everything that can possibly happen.

Re:Great. Just what the DNS infrastructure needs (1)

man_of_mr_e (217855) | more than 4 years ago | (#31547230)

It responds with an IP address given a name.

How exactly is that "complicated network interaction"?

Yes, yes.. i know, we have Dynamic updates, DNSSec, etc.. now.. but come on, how hard is it to get the basics solid, then move on to the rest?

Re:Great. Just what the DNS infrastructure needs (0)

Anonymous Coward | more than 4 years ago | (#31547454)

Dynamic updates, DNSSec/etc. are part of the basics nowadays.

Re:Great. Just what the DNS infrastructure needs (5, Informative)

Ethanol (176321) | more than 4 years ago | (#31546888)

We wrote lots of tests. (How else would we know it has bugs in it?) This is a somewhat fair criticism of BIND 9, but read the link before you assume we didn't learn any lessons from the past. The unit tests are included in the tarball and coverage results are viewable online [isc.org] .

Re:Great. Just what the DNS infrastructure needs (1)

FlyingGuy (989135) | more than 4 years ago | (#31547524)

Dude, you have fucking got to be joking!

155 // should we refactor this code using, e.g, the state pattern? Probably
156 // not at this point, as this is based on proved code (derived from BIND9)
157 // and it's less likely that we'll have more variations in the domain name
158 // syntax. If this ever happens next time, we should consider refactor
159 // the code, rather than adding more states and cases below.
160 while (ndata.size() 161 unsigned char c = *s++;
162
163 switch (state) {
164 case ft_init:
165 //
166 // Is this the root name?
167 //
168 if (c == '.') {
169 if (s != send) {
170 isc_throw(EmptyLabel, "non terminating empty label");
171 }

You have variables name like "s" and "c" and you declare and init a variable inside a while loop, and assign it the incremented value of a dereferenced pointer!?

I know you inherited this code from the comments, but unless someone is physically preventing you from changing it you have no business writing any code that is critical to the functioning of the internet.

Re:Great. Just what the DNS infrastructure needs (0)

Anonymous Coward | more than 4 years ago | (#31547750)

You have variables name like "s" and "c"

Short variable names are fine, as long as their scope is limited. Do you prefer "index" to "i", for example? Such names are common.

you declare and init a variable inside a while loop

So? If it's only used in that block, why on earth wouldn't you declare it in that block? Scope. It's a good thing.

assign it the incremented value of a dereferenced pointer!?

Do you program in C? A construct like *s++ is really very common. K&R, for example, give the following strcpy() example (not an ANSI/ISO implementation, but it doesn't matter):

void strcpy(char *s, char *t)
{
    while (*s++ = *t++)
        ;
}

Or do you have a problem with using something like that as an initializer? Why?

You, personally, might not like the style, but you can't pretend it's somehow "incorrect".

Re:Great. Just what the DNS infrastructure needs (1)

FlyingGuy (989135) | more than 4 years ago | (#31547832)

Yes using i is a common idiom in C when using a throw away integer for loop control, its intent is clear,

In this code ( please go read the rest of it ) the variable c referes to s all over the place and these is nothing really explaining it. While being terse does have its merits as the example you showed indicates ( the scope is limited to a simple 5 line function, that kind of terseness does not belong spread over 50 lines of code.

As an initializer you really have no idea what you are initializing with unless you are intimately familiar with the code, and yes I have done such in many instances but with a variable name that gives some hint ( at least ) as to what it does. This is just plain bad coding.

Re:Great. Just what the DNS infrastructure needs (1)

ebcdic (39948) | more than 4 years ago | (#31548226)

Using "s" to refer to a string and "c" to refer to successive characters in it is a common C idiom, and will be immediately understood by any competent C programmer.

Re:Great. Just what the DNS infrastructure needs (0)

Anonymous Coward | more than 4 years ago | (#31548238)

We wrote lots of tests. (How else would we know it has bugs in it?)

You'd model [spinroot.com] it and apply LTL to check for certain classes of bugs.

Re:Great. Just what the DNS infrastructure needs (0)

Anonymous Coward | more than 4 years ago | (#31547310)

Turned you down, did they?

Re:Great. Just what the DNS infrastructure needs (1)

Eil (82413) | more than 4 years ago | (#31547150)

If everyone subscribed to that logic, we would not have Postfix, Firefox, lighttpd, or any other number of important open source Internet software projects.

Re:Great. Just what the DNS infrastructure needs (1)

man_of_mr_e (217855) | more than 4 years ago | (#31547212)

both Firefox and lighttpd started out as very small subsets of larger tools, focusing on small code and a lower number of features. From the sound of BIND 10, it sounds like they're shooting for the universe.

Also, Postfix wasn't a rewrite of existing code.

Re:Great. Just what the DNS infrastructure needs (1)

TheRealMindChild (743925) | more than 4 years ago | (#31547350)

"matured" indeed. bind is known for carrying plentiful amounts of exploits to the point of MS Exchange/IE. It's coders must be basement dwellers because by now they should know how to create and follow a process.

Re:Great. Just what the DNS infrastructure needs (1)

evilviper (135110) | more than 4 years ago | (#31547492)

So we're throwing away all the code that has matured and spend a decade being looked at, and starting over with new buggy code that will be riddled with security vulnerabilities.

If you can't write a new program, practically free of buggy code, you certainly don't have the wherewithall to fix bugs in existing code...

Sendmail certainly came through it's rewrite vastly better than it was before. Other DNS programs, like MaraDNS, have come on the scene, and remain exploit-free for several years now.

Re:Great. Just what the DNS infrastructure needs (1)

mcrbids (148650) | more than 4 years ago | (#31547902)

Sure - new codebase, new bugs. A given. What isn't given is why the original developers thought this was a good idea? None of the answers to that question that I can think of are complimentary to what is now core infrastructure to the Internet. Was it not modularly written? Was it horribly insecure, and so badly so that it wasn't considered worth extending?

Bind is now in its tenth revision. You'd think by now that some sort of good, workable framework or design pattern would have evolved by now?

But clearly, it hasn't, and clearly, after several rewrites, it's *still* not considered worthy of being extended or refactored rather than rewritten. This bespeaks (to me) a well of WTFs, in light of the idea that you should basically never rewrite your software [joelonsoftware.com] .

Why BIND 10 is a rewrite (5, Informative)

shani (1674) | more than 4 years ago | (#31548100)

Joel has a lot of followers, but you shouldn't take what he says as holy writ. In fact, this very article is all about how we should still be using the old Netscape browser and not have started this crazy Mozilla project... you know, the one that resulted in Firefox?

I view the BIND 10 project in some ways as the DNS version of the Mozilla project - it is an ambitious rewrite, and will take a while to reach maturity. Luckily BIND 9 is still an excellent piece of software, so we have the luxury of enough time to get there.

BIND 9 is 10 years old, and was designed and implemented when the computing and Internet worlds were different than they are today. The architecture of BIND 9 - a monolithic, multithreaded program - does not lend itself well to today's DNS needs. So a new architecture is needed.

Originally we had planned on reusing a lot of the BIND 9 code. After all, like Joel says, it has been field-tested and is known to be high-quality in handling real-world DNS needs. However, the BIND 9 code has very, very high coupling. In order to make a small change or use an excerpt of code, you need to use the BIND 9 memory management system, and the BIND 9 task model, and the BIND 9 socket library, and so on. One of the reasons that BIND 9 needs to be rewritten is to make it possible to use the parts of the software you need to solve your problems without having to understand the entire system.

My theory is that the architectural problems would have been resolved over the decade of active use for BIND 9, as users submitted their patches and the developers periodically refactored the code. Unfortunately the BIND 9 project does not have an active community, either as developers or users. There are lots of people using BIND 9 (surveys put BIND 9 at about 80% of DNS servers on the Internet), but they have no group identity as BIND 9 users, and the direction and development of the software comes almost entirely from within ISC. This means it is an open source project that has resources limited in ways similar to proprietary software. If there was a BIND 9 community, then I think the software would have evolved with the times and a rewrite would not have been necessary.

For BIND 10, we want it to be an actual open source project, not just open source software. We have tried hard to be open and transparent about how BIND 10 is developed, and are trying to make it easy to participate in BIND 10. Hopefully this will be the last time a major rewrite is necessary, and the code base can evolve in any direction it needs to in the future, by maintaining a good connection with the people who actually use it.

[ disclaimer - I am the BIND 10 project manager ]

Re:Great. Just what the DNS infrastructure needs (1)

Hurricane78 (562437) | more than 4 years ago | (#31548266)

You mean like Windows ME? ^^

DJB? (0, Troll)

Gothmolly (148874) | more than 4 years ago | (#31546694)

No djb tag?

Re:DJB? (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#31547032)

DJB is second only to RMS in dick sucking faggotry.

Why? (1, Flamebait)

nitehorse (58425) | more than 4 years ago | (#31546716)

Why would they even release it if their ground-up rewrite is so pathetic? Were they worried that BIND might be losing its rich reputation as the worst piece of widely-used network software ever made? If so, bravo, guys.

Re:Why? (1)

NEDHead (1651195) | more than 4 years ago | (#31546744)

Bonuses based on meeting a release date? Or perhaps the poster is just too dim to actually mention any of the virtues of this new approach.

Re:Why? (0)

Anonymous Coward | more than 4 years ago | (#31547316)

release early release often

Re:Why? (1)

sith (15384) | more than 4 years ago | (#31546758)

worst piece of widely-used network software ever made

uhh, sendmail?

Re:Why? (1)

nitehorse (58425) | more than 4 years ago | (#31546810)

A fair point, but aren't there are a larger percentage of mailservers running !sendmail than there are DNS servers running !BIND at this point?

I hope I'm wrong.

Re:Why? (0)

Anonymous Coward | more than 4 years ago | (#31546868)

I hope you're !right.

Re:Why? (1)

WMD_88 (843388) | more than 4 years ago | (#31547134)

I'm having trouble finding recent numbers, but Sendmail was at 42% and falling in 2001, and possibly at 27% in 2008. BIND had around 70% in 2004. So, yeah, BIND is used way more than Sendmail.

Re:Why? (0, Flamebait)

h4rr4r (612664) | more than 4 years ago | (#31546898)

What's wrong with sendmail?
Too hard for you, no gui?

Re:Why? (1)

deniable (76198) | more than 4 years ago | (#31546988)

Sendmail had so many holes, qmail was a good alternative. Thankfully, I've since been able to replace both.

Re:Why? (2, Informative)

Ethanol (176321) | more than 4 years ago | (#31546826)

Why would they even release it if their ground-up rewrite is so pathetic?

'Cause it's open source software, emphasis on "open". It won't be done for another couple of years, but you can look at the work in progress. You can even help write it if you want.

Re:Why? (1)

shani (1674) | more than 4 years ago | (#31548112)

Basically, someone once wrote a convincing text which says: Release Early, Release Often [catb.org] .

It's a release in the sense that we wanted to make it widely available for people to see what ideas we are playing with, and to get feedback and participation.

[ disclaimer - I am the BIND 10 project manager ]

Difficult to work with? (1)

brunoacf (1186539) | more than 4 years ago | (#31546742)

This code is not intended for general use, and is known to be inefficient, difficult to work with, and riddled with bugs

Inefficiency and bugs are common characteristics of alpha/beta code. But what do you mean when you say "difficult to work with"? A code that is difficult to understand/maintain/evolve?

Re:Difficult to work with? (4, Informative)

Ethanol (176321) | more than 4 years ago | (#31546802)

But what do you mean when you say "difficult to work with"? A code that is difficult to understand/maintain/evolve?

I sure hope not, as those are all specific design goals for the project (and they're among the failings of BIND 9 that made us want to redesign it in the first place). I meant "difficult to use" -- the user interface basically doesn't exist yet.

Re:Difficult to work with? (1)

h4rr4r (612664) | more than 4 years ago | (#31546910)

What is wrong with the BIND user interface?
You edit a few simple test based config files, is that really so hard?

Re:Difficult to work with? (1)

shani (1674) | more than 4 years ago | (#31548022)

The existing BIND 9 mechanism are not hard for your small domains that change rarely, but they don't work if you have tens or hundreds of thousands of domains that you manage, which change on a frequent basis. While this may not be interesting for you, there are many organizations for who this is a daily reality, and BIND 9 doesn't work well for them.

There are also organizations that have existing provisioning systems for large deployments, and would like their DNS to be better integrated... something today that usually means running Windows Active Directory or similar proprietary solutions.

There are also people running clusters of DNS servers, for increased performance, reduced network latency, and hardware redundancy. Managing "a few simple test [sic] based config files" across tens of computers distributed around the globe is a non-trivial task.

BIND 10 will continue to support text files for people who are comfortable with that, but will also have better mechanisms for people who prefer more modern ways.

[ disclaimer - I'm the BIND 10 project manager ]

Re:Difficult to work with? (1)

Hurricane78 (562437) | more than 4 years ago | (#31548288)

I meant "difficult to use" -- the user interface basically doesn't exist yet.

You mean it doesn’t offer you a retarded point-and-click interface?
That’s not a bug. It’s a feature. So people like you don’t touch it.

BIND has a pleasing interface based on text files. Just like any other professional server software.

DJB might agree (4, Insightful)

bugs2squash (1132591) | more than 4 years ago | (#31546748)

This code is not intended for general use, and is known to be inefficient, difficult to work with, and riddled with bugs Could apply to any version of BIND

Re:DJB might agree (2, Informative)

Vellmont (569020) | more than 4 years ago | (#31546854)

Right, much better to write code under some bizarre license, ignore it for years forcing people to distribute patches unto patches, then 6 years later finally realize you're not maintaining the code and never will and finally release it under a sane persons license.

Re:DJB might agree (0)

Anonymous Coward | more than 4 years ago | (#31547026)

I would much have something under a "bizarre" (huh? Please describe) license than the buggy piece of crap BINDs

Re:DJB might agree (2, Informative)

Vellmont (569020) | more than 4 years ago | (#31547142)


(huh? Please describe)

He distributed source code, but didn't allow anyone to modify it. Thus why people distributed a series of patches to the software. People have some strange hero worship of Bernstein, but don't understand that an author who abandons his code but doesn't allow anyone else to modify it isn't deserving of much respect.

(Oh, and there are other free, open source alternatives to BIND, so saying both programs suck in different ways and better alternatives exist is perfectly valid)

Re:DJB might agree (0)

Anonymous Coward | more than 4 years ago | (#31547274)

Queue the angry DJB fans! DJB's DNS is even an inferior project to his QMail which atleast hast some merit.

DJB's my-way-of-the-highway methodology just doesn't work in any serious (i.e. not your SOHO business or academia) network.

Re:DJB might agree (0)

Anonymous Coward | more than 4 years ago | (#31548148)

It's great isn't it? DJB had no clue how to release and distribute software; the bind guys had no clue how to write it. And we wonder why the domain name system is so unappealing to work on and attracts so few decent developers, leading to stunningly mediocre design like dnssec.

Re:DJB might agree (0)

Anonymous Coward | more than 4 years ago | (#31547396)

Ah, but any version of Bind has the advantage that it's not encumbered by DJB.

Re:DJB might agree (1)

Angst Badger (8636) | more than 4 years ago | (#31547474)

Could apply to any version of BIND.

That was my first thought, having given up on BIND years ago in favor of the vastly more efficient, user-friendly, and -- most importantly -- bug free djbdns.

After all this time, the best they can do is something they themselves admit is crap, and they plan to take years to make it less crappy? That's really stunning, and not in a good way. We are, after all, talking about a key/value store. Thank goodness they didn't try something that wasn't appallingly well-understood already.

Security (0)

Anonymous Coward | more than 4 years ago | (#31546764)

BIND was the joke of the security conscious community for over a decade. I look forward to their new code. Maybe we can return to the good old days.

Difficult to work with (1)

tpstigers (1075021) | more than 4 years ago | (#31546766)

'This code is not intended for general use, and is known to be inefficient, difficult to work with, and riddled with bugs.' Why does this statement make me so happy?

how many times are they going to rewrite it? (1)

mlong (160620) | more than 4 years ago | (#31546770)

I thought bind 9 was a rewrite from scratch? They did such a crappy job, they have to do it again for 10?

BIND GIGO/SOS, = 1 (0)

Anonymous Coward | more than 4 years ago | (#31546866)

How's the old, GIGO phrase go....
So if you start with the same old stuff in (BIND symantics/syntax), use some "new" code to processes it, and you expect the post dump analysis to be different irrespective of how much the code is rewritten to generate the S.O.S?

djbdns users register here (1)

Onymous Coward (97719) | more than 4 years ago | (#31546904)

Yes, yes, we realize djbdns is far more secure. And that DJB is ornery.

Instead of peppering the whole forum with "djbdns is great", just respond to this thread.

Frist!

Re:djbdns users register here (-1, Troll)

Anonymous Coward | more than 4 years ago | (#31547300)

Gay cocks slapping your face.

What's the point of a rewrite... (1)

marciot (598356) | more than 4 years ago | (#31547014)

...if you're doing it to end up with new code that is "inefficient, difficult to work with, and riddled with bugs"?

Was the original code too efficient, well-commented and well-tested and they couldn't live with that?

Re:What's the point of a rewrite... (2, Funny)

Tackhead (54550) | more than 4 years ago | (#31547034)

What's the point of a rewrite...

...if you're doing it to end up with new code that is "inefficient, difficult to work with, and riddled with bugs"?

Why, backwards-compatibility with BIND 8 and 9, of course!

Re:What's the point of a rewrite... (1)

TheDarkMaster (1292526) | more than 4 years ago | (#31547158)

I agree. Why make a new code from scratch, if the result is again difficult to use, incomplete and full of bugs? It makes no sense to me. Even in a beta state, the new code should be better than the previous one to justify its development.

A Monument to "Software Engineering" (1)

phoebe (196531) | more than 4 years ago | (#31547090)

BIND is thirty years old and a core piece of Internet infrastructure. That a completely new design and re-write of such a fundamentally important piece of software is "inefficient, difficult to work with, and riddled with bugs" highlights the continuing immaturity of the computer software industry.

This should be an embarrassment to every software designer, Google, IBM, and Microsoft should be screaming out how this is making the entire industry look bad.

Wouldn't this be an ideal target for test driven development, or are we to praise that at least they aware of defects?

Re:A Monument to "Software Engineering" (4, Insightful)

PCM2 (4486) | more than 4 years ago | (#31547246)

BIND is thirty years old and a core piece of Internet infrastructure.

Actually, BIND 9 -- "the most popular DNS implementation on the Internet," according to the submitter -- is merely 10 years old, and was itself a major rewrite of BIND 8. BIND 8 was only declared "end of life" in 2007.

That a completely new design and re-write of such a fundamentally important piece of software is "inefficient, difficult to work with, and riddled with bugs" highlights the continuing immaturity of the computer software industry.

Really. So the fact that a software developer plans to take "the next couple of years" (again, re: the submitter) to complete a software project is symptomatic of the total failure of an entire industry. Interesting perspective. Thanks for that.

Re:A Monument to "Software Engineering" (1)

GiovanniZero (1006365) | more than 4 years ago | (#31547444)

Mod Parent up. Seriously, they're basically in alpha here and are opening up for help from the community. They're obviously testing their code like crazy, that's how they know their issues. Why is everyone pissed that a bunch of developers are giving their time to develop a free project that is going to make the internet more reliable and safe in the end. Too many armchair developers in here. "Years! I could rewrite Bind in my sleep with one arm tied behind my back!"

Re:A Monument to "Software Engineering" (0)

Anonymous Coward | more than 4 years ago | (#31548058)

...while masturbating

Re:A Monument to "Software Engineering" (1)

phoebe (196531) | more than 4 years ago | (#31548196)

Really. So the fact that a software developer plans to take "the next couple of years" (again, re: the submitter) to complete a software project is symptomatic of the total failure of an entire industry. Interesting perspective. Thanks for that.

Are you really defending the current development shortcomings of BIND 10 with the article author's inability to elucidate software engineering? Not at all continuing another symptomatic issue of the software industry.

Not in a rush for bind10 (1)

Teunis (678244) | more than 4 years ago | (#31547094)

I'm not in a rush for bind10 - I find bind9 to be quite sufficient, on the whole. I do look forward to seeing what it brings and how it may make my life with the systems I manage much easier. This does look interesting though!

Does not look great, honestly. (1)

Cyberax (705495) | more than 4 years ago | (#31547132)

So instead of 1 daemon I'll now get 3-4 running daemons interacting in strange ways? Thanks, that's exactly what I need.

How about scriptability and/or custom resolvers? Nope, none of this.

Oh well, probably I should switch to DJBDns. It also uses a ton of daemons, but at least it's architectured properly.

That's "designed" (1)

XanC (644172) | more than 4 years ago | (#31547224)

"Architecture" is a noun. "Design" is a verb (or a noun). There's no "architectured".

Re:That's "designed" (1)

salesgeek (263995) | more than 4 years ago | (#31548392)

We've just witnessed the birth of a new buzz word.

Again? (1)

biot (12537) | more than 4 years ago | (#31547152)

They rewrote it from the ground up *again*? Clearly the last few times they did that didn't help. Why should this time be any different?

What's so hard about this? (1)

Animats (122034) | more than 4 years ago | (#31547356)

Most of the trouble with BIND stems from the fact that it's a database app with its own database implementation. BIND10 uses SQLite, which already works. That ought to simplify the thing enormously.

Building in a web server for BIND administration is probably the source of much of the complexity.

Re:What's so hard about this? (1)

flyingfsck (986395) | more than 4 years ago | (#31547478)

It would be good if it allowed the use of a generic back-end. I do not want to administer a system with multiple SQl database systems. I want to standardise on one and use it for all my server data needs. The days of using different databses for email, DNS, authentication, web applications and more should by now be a thing of the past.

Re:What's so hard about this? (1)

headbulb (534102) | more than 4 years ago | (#31547578)

Why should everything use the same database? A file system is a type of database. SQL is another. Each has it's own purpose. SQLite is contained in a file anyways. A separate database server wouldn't have to be setup for this.

Generic back-end (1)

shani (1674) | more than 4 years ago | (#31548122)

The design for BIND 10 allows for generic back-ends. We implemented SQLite as the first one, simply because it was the easiest. One of our early goals for the second year of development is to support additional database back-ends (we call them "data sources"), including MySQL, PostgreSQL, and an in-memory 'database' (for performance-critical environments).

In the end we'll also support more exotic back-ends, like BDB, LDAP, directories, and possibly even the tinydns data format.

[ disclaimer - I am the BIND 10 project manager ]

Re:What's so hard about this? (1)

FlyingGuy (989135) | more than 4 years ago | (#31547600)

First of all I agree, building a webserver for something as critically important as a DNS resolver is completely asshat if that is what they are doing.

But I disagree with you. Any dns resolver should be as complete an island as possible, depending on as little as possible, the fewer other subsystems it has to rely on the less points of failure there are.

This should be a very straight forward hash table, loaded from into ram, all entries mapped to either upper or lower case and then the queries hashed and they are either in memory or not return the corresponding IP address or return null. This is not rocket science, it is a simple lookup.

Re:What's so hard about this? (1)

Joce640k (829181) | more than 4 years ago | (#31547734)

Ummm...this "database" isn't relational, there's no inner joins or anything like that (at least there shouldn't be), it's a one-to-one lookup (text string to IP address).

It's not the sort of thing which takes ten revisions just to get to a state where it's "inefficient, difficult to work with, and riddled with bugs".

Re:What's so hard about this? (1)

Skapare (16644) | more than 4 years ago | (#31548388)

DNS is not naturally a data structure suitable for relational databases. Any SQL is a bad choice because SQL is a bad choice. Something like Berkeley DB might have been better, or perhaps some of these [wikipedia.org] .

Years? (1)

shish (588640) | more than 4 years ago | (#31547366)

These problems will all be fixed over the next couple of years

I admit complete ignorance in this area, so please educate me if this sounds stupid -- but surely writing a DNS server can't be that hard?

Re:Years? (1)

FlyingGuy (989135) | more than 4 years ago | (#31547448)

Are you kidding? It is software written by committee which always sucks. What other examples, try http, css, xhtml, xml, etc. etc. the list is endless.

Additionally the entire DNS system is one pile of legacy crap with a on of kludges to support this or that interest group.

Just be glad there are alternatives.

And you are correct, it should just be a database that responds to a very simple query, here is the domain name, here is the record type, return the IP address.

But it is far more then that. Depending on the query you send the things has to tie itself in knots dealing with CNAMES, ptr records, txt records, Rdns and all kids of other twisted cruft.

Re:Years? (1)

Ethanol (176321) | more than 4 years ago | (#31547468)

surely writing a DNS server can't be that hard?

Try it some time! It's fun! I can even refer you to an ongoing open-source project that you can contribute to, if you like! :)

To give a rough idea of scale, BIND 9 has about half a million lines of C code, and the first release took a couple of years to write.

(BIND 10, in its current minimal and unfinished state, is about 40,000 lines of C++, and 10,000 lines of python.)

What is being thrown out? (1)

ciggieposeur (715798) | more than 4 years ago | (#31547378)

Which major features in bind9 are going to be thrown out (and stay out even beyond beta) for bind10?

Your doing it wrong - for the 10th time! (0, Flamebait)

richrumble (988398) | more than 4 years ago | (#31547462)

How do you sleep knowing DJB is out there and you can't compare? How can this be your 10th version with no hope of being better at writing DNS code. Swallow your pride, and start with a known good code base, you know like DJB, then cock it up... you are bind after all... that's what you guys do, and that you ARE good at. Every week, every month for years, decades, it's another bind security alert. Bind is the only code that I know of that is the exception to the saying "you can't make a silk purse out of a sows ear"... you can if there is no ear left, is there any original code in b9? Back to the drawing board wasn't far enough... jesus christ. Are interns the only ones allowed to code? Are you getting M$ rejects? I don't understand, do the opposite of what you think you should do, and maybe you have some decent code there, ask people on the street if this this and this are a good idea... ask your grand parents, filp coins... something other than what you do day in and day out fuck! -rich

Re:Your doing it wrong - for the 10th time! (1)

richrumble (988398) | more than 4 years ago | (#31547498)

PS... I don't write code, that shit is hard, but I'll be damned if I don't yell at you and I can't write hello world. Nonetheless, I maintain you guys suck and probably eat babies. Fucking baby eaters, learn to follow an RFC and sanitize your queries you fucking baby eaters! -rich

+1 insightful (1)

Joce640k (829181) | more than 4 years ago | (#31547726)

If they didn't get it right after nine versions then it's probably time to move on.

"...is known to be inefficient, difficult to work with, and riddled with bugs"

Make that "definitely".

Yet again (1)

demon (1039) | more than 4 years ago | (#31547680)

Seriously? The idea is to go for yet another rewrite? And it sounds like it's going to be a half-assed database backing (SQLite? Is this right?)? Why not just move to an abstracted storage backend, and let the admin pick what works for him (or write his own backend plugin)? You know, like PowerDNS has been doing for awhile now. Seriously, guys, let's just stop using BIND and move to a better nameserver; it really seems like ISC is going to be rewriting BIND until the heat death of the universe.

The unit tests are a bad joke - age and sex (0)

Anonymous Coward | more than 4 years ago | (#31548056)

These tests are a joke, for example in the file src/bin/bindctl/unittest/bindctl_test.py we have the following function (which isn't used anywhere, so what is the point of this test function, Bind will support some sort of age/sex restrictions on data it serves perhaps?):

class TestModuleInfo(unittest.TestCase):

def test_get_param_name_by_position(self):
cmd = CommandInfo('command')
cmd.add_param(ParamInfo('name'))
cmd.add_param(ParamInfo('age'))
cmd.add_param(ParamInfo('data', optional = True))
cmd.add_param(ParamInfo('sex'))
self.assertEqual('name', cmd.get_param_name_by_position(0, 2))
self.assertEqual('age', cmd.get_param_name_by_position(1, 2))
self.assertEqual('sex', cmd.get_param_name_by_position(2, 3))
self.assertEqual('data', cmd.get_param_name_by_position(2, 4))
self.assertEqual('data', cmd.get_param_name_by_position(2, 4))

self.assertRaises(KeyError, cmd.get_param_name_by_position, 4, 4)

I seriously get the feeling they padded out the unit tests with.. well.. junk from who knows where.

Re:The unit tests are a bad joke - age and sex (4, Informative)

shani (1674) | more than 4 years ago | (#31548138)

One of the ideas of BIND 10 is to allow modules to be added to an already running system. Also, we want administrator tools to be able to ask the modules themselves what functionality is available. This allows relatively simple administrative tools to work with changing systems.

In order to do this, we need to have a mechanism for modules to report their capabilities. So, for example "I have a command called 'notify' which can be used to send a notify to my secondary servers, and it takes the parameter 'domain' which specifies the domain to send it from, and an optional parameter 'secondaries' which you can use to limit to a set of secondary servers".

The test code here exercises this generic capability.

[ disclaimer - I am the BIND 10 project manager ]

riddled with bugs (1)

1s44c (552956) | more than 4 years ago | (#31548142)

'This code is not intended for general use, and is known to be inefficient, difficult to work with, and riddled with bugs.'

If this is indeed a true statement this code is doomed and should be thrown away right now.

If they don't do it right from the start they will spend the rest of forever turd-polishing.

But what about the bloat? (1)

Skapare (16644) | more than 4 years ago | (#31548364)

There's no mention of the bloat of BIND9. Will it be carried into BIND10? Are they reimplementing all the bloat from the ground up?

I'll stick with NSD [nlnetlabs.nl] and Unbound [unbound.net] .

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?