wiki:Year3Goals

The primary goal for BIND 10 DNS Year 3 is to deliver a server that is “production ready”. This means the addition of some necessary features and the stabilization the system to ensure reliability.

The features listed are broken down by when they were originated, and then listed in order of priority. This means that, for example, design & implementation of hooks into the server is of lower priority than dynamic DNS.

Features that were originally planned for Year 2:

  • Support for BIND 9-style IP address-based and TSIG-based ACL.
    This allows server functionality to be restricted to a subset of users. For example, only allowing recursive resolution to users on the local network or requiring a TSIG key to transfer a zone.
  • Support for incremental zone transfers (IXFR).
    For inbound IXFR, the underlying data source update mechanism currently exists but the protocol-level support needs to be added to the existing zone transfer-in module (b10-xfrin). For outbound IXFR, support needs to be added to all data sources and the zone transfer-out module (b10-xfrout).
  • Support for dynamic DNS updates.
    The underlying data source update mechanism currently exists but the protocol-level support needs to be written as a separate module.
  • DNSSEC validation in the recursive caching name server.
    This includes support for NSEC and NSEC3 with all standardized signing algorithms.

Features that were originally planned for Year 3:

  • Support for the BIND 9 Views functionality.
    Views enable the server to return different information, depending on client, to different networks. Views are the most requested feature in BIND 9 user surveys.
  • Operational support tool
    Operational support-oriented tools such as a check upon start-up for newer versions and features, recursive resolution tracing, and a mechanism to provide full system information for troubleshooting and submission of bug reports. These are tools intended to make it easier for administrators to support their systems.

Features that have been added since the project inception:

  • Production implementation of the BIND 10 command tool.
  • A new authoritative data source with higher performance than BIND 9.
    BIND 10 currently supports data sources based on SQLite and an in-memory data source similar to BIND 9. There are three proposed alternatives for the additional data source: one loosely based on the concepts of NSD (a prototype exists), one based on radix trees, and one based on a memory structure proposed by ISC's Paul Vixie.
  • Design and implementation of hooks for plug-ins.
    These hooks allow additions and changes to DNS protocol behavior for specific servers via plug-ins. This includes support for plug-ins on the authoritative side (in both the answering mechanisms and the zone data maintenance) and on the resolver side.
  • Additional Functionality
    Additional functionality may be added based on additional funding and resources. See the section on 'Further Development' for ideas already received.

In order to insure reliability BIND 10 DNS will include the following:

  • Test platform for recursive resolution
    A test platform will be built and used to verify correct recursive resolution behavior. This will be a framework for running DNS servers in well-defined states and verifying each sent packet for correctness.
  • Interoperability Testing
    A test suite comparing results from BIND 9 and other DNS servers with BIND 10 DNS. The intent is to discover differences in server DNS protocol behavior and to provide an explanation for these differences, correcting them if necessary.
  • Security Audit
    A security audit will be performed by a third party. The BIND 10 team will review and implement its recommendations.
  • System Testing
    Conduct build, unit, and system tests for a variety of platforms. BIND 10 DNS currently executes build tests and unit tests on the most popular Unix-like systems. These tests will be expanded to include system-level tests.
  • Operational experience
    Gather operational experience in a production environment.. BIND 10 DNS will be used on some of ISC's DNS servers.
Last modified 7 years ago Last modified on Mar 18, 2011, 6:48:14 PM