wiki:BIND9Features

Existing BIND9 Features

This is a list of (selected) features of BIND9. It is intended to be used as a reference for the BIND10 development. Right now the list focuses on the named server features, but it should include more details about other tools such as dig/host or nsupdate.

Features are roughly categorized for readability, but the categorization is quite subjective and arbitrary rathar than systematic. Note also that this is not an exclusive categorization: a single "feature" item may appear in multiple categories.

DNS standards

  • RFC1034/1035, negative cache, IXFR, dynamic update, EDNS(0), DNAME, TSIG, SIG(0) (mostly verify only), TKEY, NSID, GSS-TSIG, IDN
  • DNSSEC related features (see below)

DNSSEC related features

  • basic spec: RFC 3225, 3658, 4033, 4034, 4035
  • advanced spec: NSEC3, DLV
  • automatic resigning for dynamic zones
  • manual trust anchor: trusted-keys
  • automatic trust anchor (RFC5011): planned for 9.7
  • automatic key rollover: planned for 9.7
  • tools: dnssec-signzone, dnssec-keygen

Zones

  • master, slave, dynamic, stub, forward
  • sanity checks: names, MX, wildcard, MX/SRV/NS integrity
  • ability to support multiple zone DB implementations (with builtin rbtdb and sdb)
  • DLZ

Resolver

  • DNSSEC validation
  • forgery resilience: port randomization, RTT banding
  • delegation-only zone support
  • response normalization, sanity check on names
  • RTT based server selection
  • lame server caching (per RR type to avoid false positive with RFC4074-type broken servers)
  • forwarders and forward zones
  • scalable cache cleanup
  • connected UDP sockets to receive ICMP errors
  • DNS rebinding attack prevention (planned for 9.7)

Statistics

  • XML-based statistics interface (>=9.5)
  • almost all statistics counters supported in BIND8 (>=9.5)
  • statistics counters about internal status (sockets/tasks/memory usage) (>=9.5)
  • file based statistics (being obsoleted by the XML-based one)
  • per zone statistics
  • per remote host statistics (not implemented)

Portability

  • most major UNIX like systems
  • recent versions of Windows

Server Performance

  • thread support for multi processor/core machines
  • additional section caching (more generally hot spot data caching)
  • compiled zone format for faster startup/reload
  • efficient cache management (LRU-based cache cleanup)
  • fast ACL matching

Tuning / Customization

  • Per remote server tuning: bogus, zone transfer parameters, EDNS related parameters, TSIG keys
  • suppress noisy clients: clients-per-query, drop duplicate queries
  • cache parameters: max TTL, cache-size
  • response tuning: rrset ordering, mimimal-responses, preferred glue
  • system resources: nfile, core/data/stack sizes
  • zone transfer parameter tuning: refresh/retry interval, # of XFRs

Views

  • per query source/destination, TSIG, recursive query

Transport

  • IP version agnostic for any communication including rndc/stats
  • customization: query/notify/transfer source, port range specification
  • dual-stack-servers option to help IPv6-only islands

Logging

  • output channels: file, syslog, stderr, null
  • builtin log file rotations by size
  • different debug levels
  • categories: database, query, transfer, security, update, dnssec, etc.

Access Control

  • IP address based and TSIG(ish) based
  • efficient matching using radix based data structure
  • blackhole / refusing responses
  • query(-on), query-cache(-on), transfer, recursion(-on), update/forwarding

Server Control

  • rndc: via a TCP connection or a unix domain path, shared key based authentication
  • supported commands: stop, reload/reconfig, dump/flush cache, dump status/statistics (being obsoleted by XML stats), freeze/thaw dynamic zones, forced zone management, log level control
  • note: restart is not supported

Management Tools

  • dig/host (nslookup), nsupdate, rndc,
  • configuration checker

lightweight resolver library/daemon

  • mostly obsoleted
Last modified 8 years ago Last modified on May 29, 2009, 10:41:36 PM