Upgrade to Bind9.
Fabiano Reis
fabiano.reis at uol.com.br
Mon Jun 25 18:04:17 UTC 2001
Brad, okay, but that is a ultimate question in the
air...
I retired this text from:
http://www.isc.org/services/public/F-root-server.html
"F is a virtual server made up of multiple (currently
two) Compaq AlphaServers, donated to us by the Compaq
Western Research
Laboratory (DECWRL).
Each server is a Compaq ES40 AlphaServer with 4 500mhz
CPUs and 8Gig of RAM, and runs ISC BIND 8.2.3 as its
DNS server."
Why they continues using bind8?
I think the implementation of new features in
bind9(thread, etc) are not completely tested and they
prefer to wait more releases to upgrade too?
Att
Fabiano Reis
Eng/Sys
Brad Knowles wrote:
>
> At 11:25 AM -0300 6/25/01, Fabiano Reis wrote:
>
> > I'm searching for a good reason to upgrade from bind
> > 8.2.3 to bind 9.x
> >
> > Someone can list some reasons?
>
> BIND 8 is single-threaded, and does not answer queries during the
> start-up process. BIND 9 is natively multi-threaded, and doesn't
> have this problem.
>
> Because BIND 8 is single-threaded, it cannot take advantage of
> multiple CPUs in a server. Because BIND 9 is natively
> multi-threaded, it can take advantage of multiple CPUs.
>
> BIND 8 handles zone transfers through an external program, which
> may cause significant fork()/exec() overhead if used on the master.
> BIND 9 handles zone transfers internally, and does not have this
> problem.
>
> BIND 8 only partially supports some of the security and IPv6
> related extensions, while BIND 9 is the reference implementation for
> these features.
>
> Current benchmarks indicate that BIND 9.1.x may be slightly
> slower than BIND 8, but preliminary testing indicates that BIND 9.2.x
> should be at least as fast as BIND 8, and probably faster (especially
> on multiple CPU servers).
>
> BIND 8 is the last in a long line of hacks on top of hacks on top
> of hacks, whereas BIND 9 is a complete ground-up rewrite, using new
> programming methods that try to help ensure that the kind of security
> bugs you could have with the old version simply are not possible any
> more.
>
> That's about all I can think of, off the top of my head. Do you need more?
>
> --
> Brad Knowles, <brad.knowles at skynet.be>
>
> /* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
> /* Represented as 1045 digit prime number by Phil Carmody */
> /* Prime as DNS cname chain by Roy Arends and Walter Belgers */
> /* */
> /* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
> /* where title-key = "153 2 8 105 225" or other similar 5-byte key */
>
> dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'
More information about the bind-users
mailing list