On Sat, 20 Sep 2003, Andrew Fried wrote:
I have been following the various threads relating to Verisign and wanted to make one comment that I feel has been missing. Simply put, I would like to publicly express my appreciation to Mr. Vixie for taking the time to add the "root-delegation-only" patch for Bind. I'm fairly new to NANOG, but I'm sure that others beside myself also feel a thank you is appropriate.
I have to second this. I started work on a bind8 patch for Anonymizer's DNS servers after learning of the .com/.net change well before the news that bind9 would have out of the box support for the features I needed. This comes as a great relief, since there is now a supported and de facto standard way of dealing with the Verisign breakage. I don't have to worry about maintaining an in-house solution to this problem over version changes, and I don't have to worry about possible unexpected behavior due to errors on my part. This is probably the most responsive I have ever seen any software "vendor" perform in providing a solution to someone else's problem. As a side effect of bind9's support for the "root-delegation-only" feature, general performance of our systems have improved. (We upgraded two of our caching name-servers from bind8 to bind9, and our proxy response times have jumped by nearly a second in some cases.) This certainly isn't a scientific benchmark of performance advantages for bind9 over bind8, but I am finding myself having to ask the question "is it time to retire bind8 entirely?" now. Thanks again, Len