BIND and DHCP Open Day, Menlo Park

I went to ISC’s BIND and DHCP Open Day in Menlo Park.

There was a good turnout, with about 30 outside attendees and about the same of ISC staff. 3 BIND developers from the Czech and Chinese registrars also attended, as well as Cricket Liu.

Here’s my notes.

DNS

– can learn what you need to know (50%) in a day, lifetime for the next 50%

BIND9

– monolithic program
– 10 years old
– different syntax than BIND8, 30% slower

User Story – Quick Refresh at AOL

– VMs spark up in 9.5 seconds, but DNS takes 15 minutes or more to propagate in their system
– goal is 5 minute updates across globe

BIND10

– sponsored by 10 TLDs, unlike BIND9 which was sponsored by Big Iron vendors
– TLDs represent registrars, users or citizens
– started April 1, 2009
– 5 year plan
– now on year3 – features and performance
– release every 6 weeks
– will be no slower than BIND9
– postfix processes model, not threads
– scalable across cores
– modular
– logging
– reporting
– REST API
– save cache object to memory or network, could be 10s to 100s of MB
– no query or response logging, use tcpdump
– look at DLZ

DNS Provider Issues

– Dealing with large zones
– Dealing with lots of zones
– resource estimates (for sizing new servers)
– high-availability installations and technologies
– anycasting
– cooperate better with firewalls and load balancers
– auto-clustering?
– quagga support?
– multi-master
– support for fully mastered slave
– akin to powerdns “super masters”

– some debate over how much routing is appropriate inside dns
– do it all or just be fast
– does it make sense to send acl info over port 53? needed for cluster setup

DNSSEC Issues

– Deployment and Maintenance procedures
– in-line signing
– aka “bump on the wire” 9.9.0
– hidden master sends signed zones to slaves
– aka “signer in the middle”
– registry vs. registrar
– look at DomainKeys optionality
– DLV keys (don’t need a signed parent)
– zone monitoring is crucial
– 4 HSM known, $80k for qty 1
– some firefox plugins check ad bit
– dnssec slowest on negative answer, nsec3 worst

The event photos are available here and the slides are available under Attachments here.

Thanks to Facebook for hosting this event.

This entry was posted in BSD, Business, Cloud, MySQL, Open Source, Tech, Toys. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.