Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
The Internet

Interview With Paul Vixie And David Conrad 45

rwm311 writes: "linuxsecurity.com is running an interview with [Paul Vixie] and [David Conrad] about the ISC and BINDv9. It's a pretty good read. Vixie talks about his days at DEC and his motivation behind BIND while both Vixie and Conrad speak of the future of BIND - features they would like to implement and things that will be going away (such as nslookup)."
This discussion has been archived. No new comments can be posted.

Interview With Paul Vixie and David Conrad

Comments Filter:
  • Or Slashdot users could figure out how to use proxy servers. Either way.
  • Of course all on /. know what he meant in his statement.... right? (especially as it was related to security....

    Have to preview more carefully from now on....
  • why didn't you? Paul V is pretty outspoken fellow. I still remember the e-mail he sent to dns forum. At some point domain name registration process was free as a beer. Then you suddenly had to pay $50 a year. There was lots of complainson a forum. Then e-mail from Paul V - he called the whole forum 'a bunch of scum-sucking morons'. Was quite a while ago but I still remember this one. Scum-sucking moron, isn't that something?
  • Not entirely true. Many ISP's caching proxies will allow non-customers to use them. I don't know if that's intentional or not, though :\
  • Caching proxy servers even.
  • Actually, BINDv9 is a complete rewrite. There is no significant code shared between BINDv8 and BINDv9

    This is very good news! The problem that scares me is that bind8 compatability may not be all there. This makes updating a large site to BINDv9 is going to be a problem for many ISP's etc.

    There are still a couple of areas where we're deficient in support of standards, e.g., we don't support using DNSSEC with wildcards and a BIND version 9.0.0 slave does not forward dynamic updates to the master as it should according to the RFCs. Our intent is to fully implement the standards (and/or help revise the standards to make them more useful to the Internet community).

    While waving off other name server implementations (DjbDNS) by saying it doesn't meet current standards, they admit that Bindv9 WON'T mean some of the current standards! In fact it seems that Mr Conrad is in favor of changing some of the standards. Is that to make them more useful, or make them fit Bindv9?

    All in all ANYTHING has to be an improvement over the code of Bindv8. The proof will be after Bindv9 has been "in the wild" for a few months.

  • Yup, this is what's wrong with Slashdot. You spend time writing a long and possibly interesting post in an effort to put something into the community, then some f*cking idiot moderator puts you down a -1: Offtopic because what you're talking about isn't directly related to the story. Meanwhile, you make some stupid trolling quip elsewhere and get a +1: Funny.

    Friday is Score 2: Troll Day. Join us!

    And if you moderate this down, please email me and tell me exactly what you're trying to prove.

    It's a .88 magnum -- it goes through schools.

  • Vixie wrote a version of cron that is very popular
  • My guess would be that Conrad's desire to change the standards to make them more useful is adept commentary on standards that make no sense when implemented or are contradictory. Look at how many RFCs have been obsoleted or heavily modified by further RFCs.

    My reading on the interview was that Bindv9 was one of the first or only implementations of some very new and rather complicated DNS standards. That they've implemented them and found some of them in need of upgrade only makes sense. If someone only draws a complex picture of a house and you're the first one to build the house as completely as drawn, you're likely to have some suggestions about the design of the house..

    Rightly or wrongly, I think they probably have a certain sense of arrogance for having rewritten BIND from scratch (or nearly so) to begin with, let alone done so while implementing new standards.

    Even if their arrogance is such that they think that the standards need to bend to fit the new BIND, who am I to complain? BINDv9 is much more likely to become the new open source standard for DNS servers (at least on unix) than DjbDNS ever was and there aren't a whole lot of other competitors in the Unix space -- might as well have the standards comply with BIND... Where BIND has to be careful is not getting supplanted by Microsoft's DNS implementation in Windows 2000. Microsoft's co-opting DNS for ADS was very clever of them, and puts real pressure on BIND from a feature standpoint as well as an interoperability standpoint.

    Compatibility with v8 is a serious concern, but I'll bet that a lot of ISPs aren't terribly concerned about fancy features like dynamic updates and so forth -- they want to be able to serve MX, CNAME, A and NS RRs from their existing zone files with a minimal amount of redoing named.conf files. My guess is that zone files will work or nearly work (ie, run through some filter script) and that the v8 conf file format will travel to v9 with compatible syntax and new features. The world didn't stop when v8 supplanted 4.9.x in spite of the lack of compatibility in files.

  • After all these years, BIND still hasn't fulfilled the vision of open-source, first spoken by Eric Stallman Raymond, and later realized by Linux Torvalds.

    Definition of Open Source [tuxedo.org] given in ESR [tuxedo.org]'s Jargon File [tuxedo.org].

    Download Bind 8 Sources [isc.org]

    Finally, the contents of the LICENSE file in the current BIND distribution:

    ## Copyright (c) 1993-2000 by Internet Software Consortium, Inc.
    ## Permission to use, copy, modify, and distribute this software for any
    ## purpose with or without fee is hereby granted, provided that the above
    ## copyright notice and this permission notice appear in all copies.
    ## SOFTWARE.

    I didn't bother to C&P their address, which I'm sure is somewhere on their webpage [isc.org].

    How do the definition and the current BIND license (which I think we can expect to carry over to BIND9) not jibe? In fact, it's not just Open Source, it's Free Software [tuxedo.org] as defined by RMS.

  • What good is a standard if no one uses it?
    Incidentally, I assume you were talking about DNSSEC...
  • It's almost a complete rewrite and a beta. There comes a point in the life cycle of most large pieces of software where you have to bite the bullet and re-engineer chunks of it. It's almost always a bit painful.
  • Dan Bernstein (the guy who wrote qmail) has an interesting commentary on struggling to implement a secure replacement for BIND.

    namedroppers [cr.yp.to]
  • David Conrad: "...we chose to create a 'lightweight resolver daemon' (similar in concept to Sun's 'ncsd'[sic])"

    My only request of Mr. Conrad is that they actually make it do something useful, unlike nscd. For those who don't know, nscd is the Name Server Cache Daemon in Solaris. In theory, it caches requests for passwd, group, and hosts requests to make repeated lookups faster. In practice, you can't tell a damn bit of difference whether it's running or not.

  • ..I won't be going through all my shellscripts to edit them and kill off the nslookups. With any luck, they should work.

  • But what happens when you and your peers all belong to a clique that have a vested interest in promulgating a particular scientific dogma?

    I agree with everything you say. I'd like to know how postmodern literary criticism could be subject to checks, though! But the comment above really strikes a chord with me. Did you ever read Zen and the Art of Motorcycle Maintenance? Part of the story is about this guy who is convinced that most western thought is based on a mistake made by Plato which should have been picked up 2,000 years ago, and him thinking through the conclusions of what would have happened if the mistake had been noticed (which eventually sends him to the nuthouse). The theme is exactly this - that a clique of researchers cannot even conceive of an error in their underlying assumptions, let alone address the error, or respond to criticism. And that's even without postulating a vested interest - so where a vested interest exists, you can bet the problem is ten times worse.

    Fortunately for the physical sciences, as you say, mistakes can be spotted. Relativity and uncertainty are the two things that come to mind. Which makes me feel that physics, next to mathematics, is the most trustworthy of sciences.

    When you're talking about evolutionary biology, you wouldn't be thinking about Richard Dawkins, would you? ;) The man who is so sure that his ideas match reality that he's written a library of books convincing people not to believe in God. "Don't accept anything on faith," he says, not realizing he's one of the world's most faithful people (he sure has a lot of faith in his own correctness, despite a staggering lack of scientific evidence).

    The only thing I think you have wrong here is where you rubbish statistics. Psychology wouldn't even exist as a science (which might not be so bad ...) if it wasn't for statistics. Statistical theory is all about determining what's noise and what isn't. I agree with your sentiment - sometimes I wonder if (for instance) microwave background radiation really proves that the big bang happened. But if statistics tells you there's a 95% chance of a meaningful correlation, that's what it means. Not that there is a correlation, necessarily, but just that if there wasn't a correlation, there's only a 5% chance that the results would look that correlated. Of course, 5% is good odds. If there was a correlation with 99.99999% probability I'd be inclined to accept it. Much psychology is based, as you say, on likelihoods of 5%, and there's significant doubt. Sadly, the popular perception of science is that it's infallible, so if someone publishes a paper that everyone in the scientific community knows is de facto questionable, the majority can still amend their entire world view based on this dodgy "knowledge". Give it a spin so Fox 11 news picks it up, and you've basically created a new "truth".

    Witness, for instance, the "fact" of global warming. It's not like the Earth ever suddenly changed temperature before the industrial revolution ;) Like, say, in the ice age. I'm not saying global warming isn't happening, but it's highly contentious whether or not it's really due primarily to gaseous emissions. There's no doubt in the public mind to mirror the one in mine, however.

    Oops, I got stuck in wibble mode. Bye!

    It's a .88 magnum -- it goes through schools.

  • That means that we should abolish the letter 'Q' and replace it with something that means 'Qu'. It would simplify spelling. The alphabet would remain the same size. We wouldn't have to write the letter 'Q' anymore.

    I pick the pipe as the symbol for the replacement letter. It's underused in the English language. From now on, words like quick, que, and quack will be spelled |ick, |e, and |ack.

    See how nice that is?
  • Cool... was 'functionality' a requirement as well?

    All generalizations are false.

  • Dan (the maker of djdns) sure makes secure code, but at anno domini 2000 it is totally unnaceptable to have the following restrictions [cr.yp.to] for distribution. this definetly not a open source license.

    If I wanted to Improve djdns and distribute it, i couldn't. Same applies to qmail. Only sysadmins with unlimited time install Dan's software, as no distribution can accept Dan's restrictions and distribute precompiled versions.

  • I've never read anything by a security software designer that agrees with you. Sorry. Security, especially in the area of encryption, etc. is not simply an issue of well-written bug-free software (which Bind has definately never been so far). Its a design decision and plan that has to start before the code is ever written.
  • In the interview, they used buzz-terms like "programming by contract" which is a practice that can make a lot of problems go away, but doesn't address the question of how the system was designed. If it's still a monolithic binary with authoratitve and caching built into one, w/o a well defined seperation then it seems like the default is still going to have trouble with preveninting attacks that poison the cache. If the credability rules still exist, then it'll again be easy to start an attack through BIND.

    I do hope BIND9 is better then 4 and 8, but I don't think I'm going to use it now that I've got everything I need in djbdns.

  • [root@brick /root]# uname -sr
    OpenBSD 2.8
    [root@brick /root]# cd /usr/ports/net/djbdns/
    [root@brick djbdns]# make install

    Unlimited time? Not so hard I think ..

  • Yes, its compliant in zone transfers. It supposedly even supports IXFRs now (incremental updates). DNSSEC? Nobody else is using it and there are serious questions about its usability in the wild (especially associating it to an existing PKI, or building one). TSIG? Microsoft's version is probably as kind as their version of Kerberos, but they come down on DJB?

    I want a nameserver that doesn't suddenly disappear out from under me for no reason, or that has a memory management policy of 'help! restart me!'.

    Deal with the REAL issues first, add cute features later.
  • Hopefully, the easing of US crypto controls earlier this year doesn't mean that someone has figured out how to factor large primes trivially... :-)

    David Conrad
    Now, is he making fun of Bill Gates or making the same error Bill he made?
  • I tried running it on a server which has
    about 50000 or so separate clients throughout the day, and found a number of bugs. Some of the
    bugs prevent bind9 from answering queries,
    as it has a mechanism to prevent more then 1000
    simultaneous queries by default. Raise it and
    BIND fucks up with strange bugs which make it loop
    and eat all CPU. Time for the debugger. Or,
    maybe http://www.dents.org/
  • Since some people don't like clicking links for some reason, here's DJB's comments on DNSSEC (a few of them at least):

    DNSSEC is a project to have a central company, Network Solutions, sign all the .com DNS records. Here's the idea, proposed in 1993:

    • Network Solutions creates and publishes a key.
    • Each *.com creates a key and signs its own DNS records. Yahoo, for example, creates a key and signs the yahoo.com DNS records under that key.
    • Network Solutions signs each *.com key. Yahoo, for example, gives its key to Network Solutions through some secure channel, and Network Solutions signs a document identifying that key as the yahoo.com key.
    • Computers around the Internet are given the Network Solutions key, and begin rejecting DNS records that aren't accompanied by the appropriate signatures.

      However, as of February 2000, Network Solutions simply isn't doing this. There is no Network Solutions key. There are no Network Solutions signatures. There is no secure channel---in fact, no mechanism at all---for Network Solutions to collect *.com keys in the first place.

      DNSSEC is often falsely advertised as a software feature that you can install to protect your computer against DNS forgeries. In fact, installing DNSSEC does nothing to protect you, and it will continue to do nothing for the foreseeable future. I'm not going to bother implementing DNSSEC until I hear a detailed, concrete, credible plan for central DNSSEC deployment.

      Even if DNSSEC is someday put into place, it will continue to allow attacks through Network Solutions itself. What happens if a Network Solutions employee is bribed? Are the Network Solutions computers secure? An attacker who breaks into one critical Network Solutions computer will have control over the entire Internet.

    Taken from http://cr.yp.to/djbdns/forgery.html [cr.yp.to] ; ; ;

    Read the rest of that page for his idea for a quick-fix.

  • Although design flaws have made some BIND bugs worse, all the BIND exploits that I can think of have their roots in plain old bad development rather than some specialized security problem.

    Take the classic problem, the buffer overflow. Some programmer makes an incorrect assumption about the size of a chunk of data, and ka-blooie, you've written garbage all over memory. Although this can, with a lot of trickery, turn into a security problem, it's really just bad programming.

    Good programming is all about making sure that your code does only what it's supposed to, neither more nor less. As part of making a program robust, you'll automatically take care of most of the sloppiness that leads to security flaws.

    This isn't to say that security is easy or unimportant, but the first poster is right; security is mainly a design issue. From the perspective of a coder, security errors are a small subset of the errors you aim to eliminate when coding for maximum reliability.
  • Only if your employer is prepared to allow you to publish ...
  • Trying to get slashdot.org to rate high among the porn sites on the less sensible search engines? (other than gOOgle [google.com]?
  • by MikeBabcock ( 65886 ) <mtb-slashdot@mikebabcock.ca> on Wednesday October 04, 2000 @12:55PM (#731256) Homepage Journal
    Their comments about security are quite irritating because they mention things like DNSSEC but don't want to talk about the way BIND is coded. DJBDNS comes up (http://cr.yp.to/djbdns.html) but is brushed off with false claims (it does support transfers, and support for IPv6 is in the works).

  • by Anonymous Coward
    I think this experiment could be very important for computer science research and maybe other typs of research. There are many fields of science where it is possible to go on forever publishing research without any checks. Obvious areas where this goes on are fields like so-called postmodern literary criticism. But it happens in the sciences too. In behavioural evolutionary biology you can make up just-so stories in paper after paper safe in the knowledge that nobody else can rerun evolution for you and demonstrate that you are wrong. In psychology you can repeatedly perform experiments measuring correlation between this variable and that. By chance one in 20 results are 95% significant and you publish those results as if they are something other than noise. Vixie's and Conrad's work is going to be a sanity check against this kind of work - a kind of experimental control. Here's a situation where somebody does know networks work and work can be checked. BIND only does so many things. If researchers are unable to understand this then should they really have jobs supposedly researching network technology? We need to see a few more tests like this in academia. Beyond a certain point - after you've taken your last exam - academics are no longer accountable to anyone. Sure - you get peer reviewed. But what happens when you and your peers all belong to a clique that have a vested interest in promulgating a particular scientific dogma? This experiment is a wonderful way to ensure that researchers still are being tested.
  • DJBDNS comes up (http://cr.yp.to/djbdns.html) but is brushed off with false claims (it does support transfers, and support for IPv6 is in the works).

    So it does zone transfers, but are they by the standards? What about DNSSEC and TSIG? And DDNS? These are all pretty important standards...

  • What good is a standard if no one uses it?
  • by MSG ( 12810 ) on Wednesday October 04, 2000 @01:41PM (#731260)
    is it just me, or does the concept of security as a "side effect" seem very frightening?

    Maybe it's just you. Good programmers know that stable, correct code is the cure for 99% of all security problems. The other bit is security problems due to design flaws (such flaws would exist in the RFC, for example).

    If you spend the time required to do something _right_, if you make the code robust and stable, then it will be secure. It IS a side effect of programming for stability.
  • Sure, DNSSEC is important, but personally I feel that the DAEHTIHS protocol is much more relevant to this discussion

    All generalizations are false.

  • you'd think that with all the problems in the past with bind, they would have considered security to be a primary goal, not a "side effect".

    But immediately below Conrad states:

    I can't speak to earlier versions of BIND (I wasn't involved in their design), but security was
    among the core requirements of the BIND version 9 project.
  • And whose fault is it that it's not implemented? clicky [cr.yp.to].
  • by Azog ( 20907 ) on Wednesday October 04, 2000 @01:44PM (#731264) Homepage
    David Conrad: I look forward to seeing significantly increased use and interest in developing applications based on the RSA algorithm. Hopefully, the easing of US crypto controls earlier this year doesn't mean that someone has figured out how to factor large primes trivially... :-)
    Er, Mr. Conrad, I can factor large primes trivially...

    Seems like everyone makes this mistake sooner or later!

    (for the confused: he meant "factor products of large primes trivially".)

    Torrey Hoffman (Azog)
  • Hopefully, the easing of US crypto controls earlier this year doesn't mean that someone has figured out how to factor large primes trivially... :-)

    All prime numbers (including large ones) have exactly two factors, themselves and 1.

  • by Phexro ( 9814 ) on Wednesday October 04, 2000 @01:18PM (#731266)
    on security:

    "...it was an indirect goal. We wanted to produce a rock solid, commercial grade, open source DNS implementation in the tradition of BIND..."

    translation: bind 9 will be just as buggy as the old bind!

    "...and with high compatibility with BIND. One important side effect of all that is security."

    is it just me, or does the concept of security as a "side effect" seem very frightening?

    you'd think that with all the problems in the past with bind, they would have considered security to be a primary goal, not a "side effect".
  • by Adam Wiggins ( 349 ) on Wednesday October 04, 2000 @01:05PM (#731267) Homepage
    The basic sleazeware produced in a drunken fury by a bunch of U C Berkeley grad students was still at the core of BIND.

    Interesting, I didn't expect them to admit to that sort of thing.

    And it's not really that nslookup is going away, at least not the way that I think of it (a command line tool to quickly find an IP address) - they indicate that it was because nslookup currently is closely mapped to the BIND8 API which has been changed all around. I think they want something more abstract which will allow users to get the info they want without being closely tied to the underlying protocol. (Abstraction! Egad!)

    All in all, it sounds like good news.
  • Hopefully, the easing of US crypto controls earlier this year doesn't mean that someone has figured out how to factor large primes trivially... :-)

  • What good is a standard if no one uses it?
    No one uses it yet. For people to use it, it has to be implemented first.
  • I imagine the solution to nslookup addicts like me would be a wrapper that translates nslookup commands into dig equivilents. Output mangling would be nice, but the dig-style output is just fine for me.

  • All in all Bindv9 sounds good. Some have been real critical that it will have bugs etc etc, so whats the deal...I dont think there is any major SW out there that has 0 bugs. Especially in .0 release. If they squash or work around the bugs quickly and efficiently I am satisfied. Monitor the various lists and web sites if your an admin, basically its a job req. I wish it wasn't but then again so do most of the SW developers.

    Having said all that I must admit the comment about security being "an indirect goal [linuxsecurity.com]" by Paul was a bit disconcerting to me too. But then David's comment that it was a "core requirement." Different viewpoints ? Quick damage control by D.C. ?

Honesty pays, but it doesn't seem to pay enough to suit some people. -- F.M. Hubbard