there's an interesting interview of Paul Vixie and David Conrad in Linux Security. Paul Vixie is the current "maintainer" of BIND, which is the
reference implementation of a DNS server. Dave Conrad is the Executive
Director of the
Internet Software Consortium (ISC), which is the host
Open Source version of BIND. There has been a recent stable release of
v9. This is big news in the internet, and there seem to be
very interesting features in BIND9. one of the most interesting to me is called views, which may allow me to have a single authoritative zone for networks i run and all of their "split horizons".
i haven't been able to get on the ftp server (you can imagine it's very popular right now) to have a look at the BOG (BIND Operator's Guide) which will describe the release in detail.
Anyway, here's the link to the article:
and here's Vixie's answer to "Can you tell us the reason for this
rewrite and what new features have been added with BIND version 9?"
Because every bit of effort I ever put into BIND, from version 4 to
version 8, was patchwork. The basic sleazeware produced in a drunken
fury by a bunch of UC Berkeley grad students was still at the core
of BIND. In 1998, Jerry Scharf, who was the Executive Director of
ISC, convinced the remaining UNIX vendors and a few government
agencies that the only way to support all of the new DNS protocol
enhancements was to totally rewrite BIND. That work is
substantially complete as of last month. The major feature isn't
security as much as it is robustness. BIND9 was written by a large
team of professional software developers who had enough time and
enough money to "get it right." BIND9 is auditable in ways which
BIND8 and BIND4 never were. It will support the next generation of
DNS protocol evolution, as well as back end database support, security
(both transactional and authenticity), portability, abstract user
and management interfaces, SNMP, and everything else that's needed to
be a robust commercial product in the Internet of Y2K and beyond.
There's a whole lot more detail in this article, so i encourage you to read this if you run a DNS server.