Upgrade to Bind9.

Fabiano Reis fabiano.reis at uol.com.br
Mon Jun 25 18:04:17 UTC 2001


Brad, okay, but that is a ultimate question in the
air...

I retired this text from:
http://www.isc.org/services/public/F-root-server.html
"F is a virtual server made up of multiple (currently
two) Compaq AlphaServers, donated to us by the Compaq
Western Research 
Laboratory (DECWRL).
Each server is a Compaq ES40 AlphaServer with 4 500mhz
CPUs and 8Gig of RAM, and runs ISC BIND 8.2.3 as its
DNS server."

Why they continues using bind8?

I think the implementation of new features in
bind9(thread, etc) are not completely tested and they
prefer to wait more releases to upgrade too?

Att
Fabiano Reis
Eng/Sys

Brad Knowles wrote:
> 
> At 11:25 AM -0300 6/25/01, Fabiano Reis wrote:
> 
> >       I'm searching for a good reason to upgrade from bind
> >  8.2.3 to bind 9.x
> >
> >       Someone can list some reasons?
> 
>         BIND 8 is single-threaded, and does not answer queries during the
> start-up process.  BIND 9 is natively multi-threaded, and doesn't
> have this problem.
> 
>         Because BIND 8 is single-threaded, it cannot take advantage of
> multiple CPUs in a server.  Because BIND 9 is natively
> multi-threaded, it can take advantage of multiple CPUs.
> 
>         BIND 8 handles zone transfers through an external program, which
> may cause significant fork()/exec() overhead if used on the master.
> BIND 9 handles zone transfers internally, and does not have this
> problem.
> 
>         BIND 8 only partially supports some of the security and IPv6
> related extensions, while BIND 9 is the reference implementation for
> these features.
> 
>         Current benchmarks indicate that BIND 9.1.x may be slightly
> slower than BIND 8, but preliminary testing indicates that BIND 9.2.x
> should be at least as fast as BIND 8, and probably faster (especially
> on multiple CPU servers).
> 
>         BIND 8 is the last in a long line of hacks on top of hacks on top
> of hacks, whereas BIND 9 is a complete ground-up rewrite, using new
> programming methods that try to help ensure that the kind of security
> bugs you could have with the old version simply are not possible any
> more.
> 
>         That's about all I can think of, off the top of my head.  Do you need more?
> 
> --
> Brad Knowles, <brad.knowles at skynet.be>
> 
> /*        efdtt.c  Author:  Charles M. Hannum <root at ihack.net>          */
> /*       Represented as 1045 digit prime number by Phil Carmody         */
> /*     Prime as DNS cname chain by Roy Arends and Walter Belgers        */
> /*                                                                      */
> /*     Usage is:  cat title-key scrambled.vob | efdtt >clear.vob        */
> /*   where title-key = "153 2 8 105 225" or other similar 5-byte key    */
> 
> dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'


More information about the bind-users mailing list