Showing results for 
Search instead for 
Did you mean: 

DNS BIND failure note


DNS BIND failure note

Magic. E-mail form PN to Usertools group received today:
Over recent weeks we have identified a number of scattered reports from customers who were experiencing intermittent DNS timeouts at certain times of the day. This causes problems with web pages, email and other Internet activities timing out occasionally.

We have implemented a number of changes and invested considerable resource into identifying the cause of this problem and after a series of changes are comfortable that the issue is now resolved.

One of the issues identified was an inconsistency in the version of BIND installed across each of our servers:-

I immediately click the above link and.... yes, DNS server fails to translate the address.

DNS BIND failure note

Thats a bit of a downer - it works fine here.

In case you still can't find the page..... Wink

BIND (Berkeley Internet Name Domain, previously: Berkeley Internet Name Daemon) is the most commonly used DNS server on the Internet, especially on Unix-like systems, where it is a de facto standard. Supported by Internet Systems Consortium. BIND was originally created by four graduate students with CSRG at the University of California, Berkeley and first released with 4.3BSD. Paul Vixie started maintaining it in 1988 while working for DEC.

A new version of BIND (BIND 9) was written from scratch in part to address the architectural difficulties with auditing the earlier BIND code bases, and also to support DNSSEC (DNS Security Extensions). Other important features of BIND 9 include: TSIG, DNS notify, nsupdate, IPv6, rndc flush, views, multiprocessor support, and an improved portability architecture. It is commonly used on Linux systems.

Contents [hide]
1 History
2 Criticisms
3 GeoDNS
4 See also
5 External links
6 Configuration Sites

BIND was originally written in the early 1980s under a DARPA grant. In the mid-1980s, DEC employees took over BIND development. One of these employees was Paul Vixie, who continued to work on BIND after leaving DEC. He eventually helped start the ISC, which became the entity responsible for maintaining BIND.

The development of BIND 9 was done with a combination of commercial and military contracts. Most of the features of BIND 9 were funded by UNIX vendors who wanted to ensure that BIND stayed competitive with Microsoft's DNS offerings; the DNSSEC features were funded by the US military who felt that DNS security was important.

Like Sendmail, WU-FTPD, and other systems dating back to the earlier laissez-faire days of the Internet, BIND 4 and BIND 8 have had a large number of serious security vulnerabilities over the years. BIND 9, being a rewrite, has a much better security history.

BIND 9 is a fairly large application that includes a large number of features that most DNS administrators probably will never use.

GeoDNS is a 40-line patch to BIND to allow split horizon DNS, such that different requesters receive different responses, depending on proximity.

In this way if a website has, for example, a French server, a US server and a South Korean server, they can easily specify that people in Europe go to the French server, people in East Asia go to the Korean server and those in the rest of the world be served by the American server. This can give improved performance and potentially lower costs than a single hosting location or a round robin DNS setup.

As it is DNS based, it is much easier to deploy than BGP anycast. It does not require any support from the ISP and will not break existing connections when the server selected for a particular client changes. However, as it is not intimately tied into the network infrastructure it is likely to be less accurate at sending data to the nearest server.