Scribd
Upload
49 views36 pages

The Architecture of The Next Generation DNS Server: BIND 10: Shane Kerr

The document summarizes the architecture of BIND 10, the next generation of the BIND DNS server software. It describes how BIND 10 is being reimplemented using a more modular and scalable design compared to previous versions. The key components of BIND 10 include a core made up of message passing, configuration management and a privileged socket creator. Additional modules handle functions like authoritative serving, recursion, zone management and statistics. The design aims to improve customization, scalability and robustness over BIND 9.

Uploaded by

paulsheth
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
49 views36 pages

The Architecture of The Next Generation DNS Server: BIND 10: Shane Kerr

The document summarizes the architecture of BIND 10, the next generation of the BIND DNS server software. It describes how BIND 10 is being reimplemented using a more modular and scalable design compared to previous versions. The key components of BIND 10 include a core made up of message passing, configuration management and a privileged socket creator. Additional modules handle functions like authoritative serving, recursion, zone management and statistics. The design aims to improve customization, scalability and robustness over BIND 9.

Uploaded by

paulsheth
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 36

The Architecture of the

Next Generation DNS


Server: BIND 10
Shane Kerr
[email protected]
DNS? BIND?
DNS: convert names into numbers

www.isc.org 149.20.64.42

www.isc.org 2001:4f8:0:2::d
BIND: DNS server software
Runs on about 80 of DNS servers
BIND 9. BIND 10!
BIND !: current version of BIND
!.0.0 re"ease# in $000%0!%&'
Now at !.(.$%)$
BIND &0: ne*t version of BIND
+ ,ear -ro.ect to re%i/-"e/ent BIND
0urrent", in ,ear $
S-onsore# #eve"o-/ent
Today! To"ic:
Architecture
12o #ate there is sti"" no agree/ent on
the -recise #efinition of the ter/
3software architecture4.1
Wikipedia article on
Software architecture
Today! To"ic:
Architecture... Defined!
1I 5now it when I see it.1
- Potter Stewart,
United States Supreme Court
Goa#! that Affect
Architecture I
0usto/i6ation 3out%of%the%bo*4
authoritative%on",7 recursive%on",
s"ave%on",7 /aster%on",
enab"e8#isab"e #,na/ic DNS
su--ort favorite S9: bac5en#
0usto/i6ation via co#e changes
non%IS0 /o#u"es7 or /o#ifications
bes-o5e or in%house #eve"o-/ent
Goa#! that Affect
Architecture II
Sca"abi"it,
BIND 8: sing"e core ;30)<4 then=
BIND !: /u"ti-"e cores ;>%' or so=
BIND &0: &01s or &001s of cores7
/u"ti-"e /achines ;c"ustere#=
Robustness
Re#uce serious software bugs
?ini/i6e i/-act of bugs
Re#uce 3fate sharing4
htt-s:88bin#&0.isc.org8wi5i8DesignDiagra/s
BIND 10
0ore
BoB
/sg@
cfg/gr
$a!ter%&Bo!! of BIND
Aan#"es startu-7 shut#own
Restarts -rocesses that #ie
Britten in ),thon
An A!ide:
BIND 10 'an(ua(e!
0CC for -erfor/ance critica" -arts
?o#ern co/-i"e# "anguage
Bi#e", use#
),thon for... ever,thing e"se
?o#ern scri-ting "anguage
Bi#e", use#
0hose ),thon D.*
Best. :anguage. Ever.
)!(*
Inter%-rocess /essage bus
Nee#e# for e*tensibi"it,
:i5e #%bus7 but a"so inter%/achine
?essage for/at: FSGN
<ni* #o/ain soc5et connections
No securit,
cf()(r
0onfiguration /anager
Never nee# to restart BIND &0
H"e*ib"e7 e*tensib"e configuration
Not tra#itiona" <ni* configuration
0hanges are i//e#iate I -ersistent
?ore "i5e a router or an a--"ication
BIND 10
0ore
BoB
/sg@
cfg/gr
G-tions
c/#ct"
auth
*frin
*frout
6one/gr
stats
c)dct#
<se# to contro" the server
Juthenticates users
Interacts with cfg/gr
Kets -er%/o#u"e o-tions
Interacts with /o#u"es
0o//an#s "i5e 3refresh 6one4
0urrent c"ient: bin#ct" ;0:I=
Huture c"ients: web7 K<I7 new 0:I
Su""ortin( 'i+rary:
Data Source!
I#ea sto"en fro/ )owerDNS
Bac5%en# for authoritative DNS
0urrent", S9:ite
)"ans:
?,S9:7 )ostgreS9:
Ber5e"e, DB
In%/e/or, #ata structure;s=
<se# b, auth7 *frin7 *frout7 "oa#6one
Su""ortin( 'i+rary:
DNS $e!!a(e
:ow%"eve" DNS /essages ;-ac5ets=
New 0CC i/-"e/entation
),thon wra--er
auth
Juthoritative DNS server
DNS "ibrar,
C #ata sources
C I8G
C bit of "ogic
Sca"es via /u"ti-"e -rocesses
I#ea sto"en fro/ NSD
xfrout
JLHR out7 to act as a /aster server
DNS "ibrar,
C #ata sources
C I8G
C bit of "ogic
Sca"es via /u"ti-"e threa#s
A ,ina# A!ide:
-a!!in( Around ."en ,i#e!
JLHR /essages co/e to auth
<D) -ac5ets can be forwar#e#
20) connections /ust go to *frout

Sen# fi"e #escri-tor via sendmsg():

SOL_SOCKET7 SCM_RIGHTS
Bor5s on :inu*7 So"aris7 BSD
xfrin
JLHR in7 to act as a s"ave server
DNS "ibrar, ;),thon=
C #ata sources
C I8G
C bit of "ogic
Sca"es via /u"ti-"e threa#s
/one)(r
Mone /anager7 ti/es s"ave refresh
Data sources
2hat1s itN
Stati!tic!
?o#u"es re-ort stats
0o""ecte# b, stats #ae/on
)resent in various wa,s:
Oia bin#ct"
L?: over A22) ;BIND ! st,"e=
SN?)
-rivi#e(ed Soc0et 1reator
)orts P &0$> restricte# to root
DNS runs on -ort +D
Be want to #ro- -er/issions JSJ)
Be want -ort +D at an, ti/eN
J#/inistrator /a, reconfigure
So"ution: )rivi"ege# Soc5et 0reator
S/a""7 sing"e -ur-ose 0CC -rogra/
<ses fi"e #escri-tor tric5 to sen#
soc5ets aroun#
htt-s:88bin#&0.isc.org8wi5i8DesignDiagra/s
S"on!or!

You might also like