Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
The Internet Software

BIND 9.3 Released With Commercial Support 224

Posted by CowboyNeal from the still-number-one dept.
darthcamaro writes "Time for net admins to update BIND: version 9.3 has been released. internetnews.com has a story on it where they talk with Paul Vixie, the founder of BIND's keeper ISC. In it he details why after so many years BIND has finally decided to offer commercial support. 'Many of the companies who use our software free of charge have told us that their corporate risk management strategy requires them to have a bona fide support channel for all of their critical operations,' Vixie said. 'In other words we were told that having the best software wasn't good enough, and giving it away for free wasn't good enough, we also had to ensure that commercial support was available or they could be forced to switch to software they didn't like as well just to get support.' The full press release on the BIND 9.3 release is also available."
This discussion has been archived. No new comments can be posted.

BIND 9.3 Released With Commercial Support More

BIND 9.3 Released With Commercial Support

Comments Filter:

  • Wait till the next exploit,,, (Score:4, Informative)

    by darkjedi521 ( 744526 ) on Thursday April 22, 2004 @07:21PM (#8944917)
    Wasn't at one time BIND the IIS of the unix world? This could open them up to a world of problems if/when the next exploit shows up.
    • No, you're thinking of Sendmail.

    • Re:Wait till the next exploit,,, (Score:5, Funny)

      by Rosco P. Coltrane ( 209368 ) on Thursday April 22, 2004 @07:35PM (#8945037)
      I'm sorry, but who even uses BIND anymore? an article like that on 66.35.250.150 is truly News for Nerds...

    • Re:Wait till the next exploit,,, (Score:5, Informative)

      by John Starks ( 763249 ) on Thursday April 22, 2004 @07:54PM (#8945179)
      Exploits are not uncommon in BIND, even today. Take a look at their security alert page [isc.org], especially the matrix at the bottom. Security problems abound!

      It's not clear why people continue to use BIND. It's probably because it's just assumed that it's the only thing out there. But everything from security to configuration is poorly done in BIND. I use tinydns [cr.yp.to] (part of djbdns) instead on all my servers. It's written by Daniel Bernstein, the same guy that wrote qmail. He's got a great track record -- no security holes in any of his software, AND he backs up that assertion with a $1000 prize to anyone that finds such a hole. He makes a better case than I do for tinydns/qmail vs. BIND/sendmail than I ever could.

      • Re:Wait till the next exploit,,, (Score:5, Informative)

        by Florian Weimer ( 88405 ) <fw@deneb.enyo.de> on Friday April 23, 2004 @02:01AM (#8947145) Homepage
        Exploits are not uncommon in BIND, even today.

        Critical exploits in BIND 9 still have to show up. The really nasty bug so far was actually in OpenSSL.

        It's not clear why people continue to use BIND.

        For the full resolver part, their are hardly any alternatives. If you need DNSSEC, your options besides BIND are even more limited.

        tinydns is unusable for most people (who aren't masochists) because it doesn't conform to existing standards and parctice. Just speaking the DNS protocol is not enough, you also have to implement some of BIND's quirks, and more important: the software has to be maintained. DNS is still evolving, DJB's software is not. (Some of it doesn't even compile on modern, POSIX-conforming systems.)

      • Re:Wait till the next exploit,,, (Score:5, Insightful)

        by ectoraige ( 123390 ) on Friday April 23, 2004 @03:19AM (#8947391) Homepage
        It's not clear why people continue to use BIND.

        I continue to use BIND because I don't like DJB's licence.
    • I thought it was Sendmail that went thru a string of exploits one after the other?

  • This is a simple reality in corporate use (Score:5, Insightful)

    by Martin Blank ( 154261 ) on Thursday April 22, 2004 @07:22PM (#8944923) Homepage Journal
    No support, no sale.

    I can understand it to a degree; there's no guarantee that the version installed today will not be completely dropped next month. It gets a little aggravating when it holds up an entire project, though, because of one small piece.

    The upside, of course, is more funding for critical projects.
    • ROI?

      How often have you guys seen positive ROI on a support contract?

      I think as an organization gets larger, ROI analysis would suggest that they're better of managing the risks themselves -- just like at some scale it can be worth it to be self-insured in some things.

      Many of these support contracts are really just the "Circuit City Extended Waranty" of the corporate world.

      • Re:This is a simple reality in corporate use (Score:5, Insightful)

        by Shakrai ( 717556 ) on Thursday April 22, 2004 @07:35PM (#8945041) Journal
        Many of these support contracts are really just the "Circuit City Extended Waranty" of the corporate world.

        Have you ever known a PHB that didn't get the extended Circuit City warranty? That's what this is all about -- selling it to the PHBs of the World so we can go on using our OSS that we know works and even with the support contract is cheaper then the commercial alternative.

        • Yeah.. so essentially what's needed is a piece of paper and some money exchanging hands for them to feel good about having bought something.

          volcano insurance of sorts.

        • Re:This is a simple reality in corporate use (Score:5, Insightful)

          by NineNine ( 235196 ) on Thursday April 22, 2004 @07:40PM (#8945088)
          It's not about whether it works or not. It's about being able to call somebody at 2:00AM when a critical machine goes down, as opposed to waiting for your Usenet post to get propogated, then hoping that l334G33k425 responds to your message in a timely manner and gives you the correct answer. Case in point... my retail businesses have a POS system that I paid for. Granted, there aren't any truly viable OSS ones out there yet, but assume there are. It's worth the money for me to be able to get someone on the phone 30 seconds after it crashes to get my business running again. Or if an employee fucks something up, I know that I can absolutely get someone on the phone who will eventually fix my problem. I don't care how good a competing OSS project is supposed to be: no software is perfect, and there absolutely, positively MUST be someone to fix it when the shit hits the fan (as it always does, eventually). When your rent & power bill & paycheck is on the line every day (as mine are), you don't fuck around. Period.

          • Re:This is a simple reality in corporate use (Score:5, Insightful)

            by jdray ( 645332 ) on Thursday April 22, 2004 @07:56PM (#8945196) Homepage Journal
            While I wouldn't have put it quite the way you did, I have to agree with you. If the OSS community keeps up the attitude that Shakrai puts forth, adoption into corporate datacenters and business areas will be slow and agonizing. As you said, people want assurances.

            The upside is that companies are used to and willing to fork over large sums of cash for those assurances. So, if you love an OSS project enough to dedicate your life to it, then get to know it inside and out and start offering commercial support for it. If the product is stable, you never have to answer the phone. If you charge $500 per year for support, 100 customers makes for a tidy income. And, honestly, most midsize corporations wouldn't even blink at $500 per year for support on something that goes on a server, unless it was in astonishment at how cheap it was.
          • Places I've been, it's taken Oracle Support *days* to get systems up and running - and at as often as not, the in-house DBA or database programmers who worked around the problem _before_ Oracle Support came through.

            ROI calculations are easy, though. If your website might be down for 18 hours while your in-house support guy finishes sleeping, wakes up, and reconfigures BIND; and your web site makes $1000/hour; and the chance of this happening is 10% each year; it's very easy to translate to dollars.

            How much business do you lose in those 30-seconds?

            I think more .com's died because they overdesigned their "zero-downtime incase California sinks in an earthquake, so let's have our database mirror'd around the world"; rather than think through the (modest) implications of a couple hours downtime.

          • It's worth the money for me to be able to get someone on the phone 30 seconds after it crashes to get my business running again.

            30 seconds??

            Wow... you've never had to deal with support from Monolithic Corporation Inc., have you? ;-)

          • It's not about whether it works or not. It's about being able to call somebody at 2:00AM when a critical machine goes down, as opposed to waiting for your Usenet post to get propogated, then hoping that l334G33k425 responds to your message in a timely manner and gives you the correct answer. Case in point... my retail businesses have a POS system that I paid for. Granted, there aren't any truly viable OSS ones out there yet, but assume there are. It's worth the money for me to be able to get someone on the
        • Have you ever known a PHB that didn't get the extended Circuit City warranty?

          I have found that making people understand why they don't need to buy extended warranties is fairly easy: you just have to pitch it right.

          The key is to get them to agree that the warranty is merely insurance and then point out that they can self-insure. In other words, that they could put the warranty money in an account that is only used to buy replacements for broken products.

          Put in those terms, even PHB's usually get it.

    • there's no guarantee that the version installed today will not be completely dropped next month.

      As far as I know, that doesn't stop a whole lot of software companies from doing just that every year, forcing their customers to either upgrade at 80% of the full price or watch support for their current version dwindle down to the eventual EOLing in a year or two, maybe three. That is two or three years/version down the road of said product.

      Also, what kind of support are we talking about here? REAL s

      • Re:This is a simple reality in corporate use (Score:5, Interesting)

        by Martin Blank ( 154261 ) on Thursday April 22, 2004 @07:53PM (#8945169) Homepage Journal
        In my experience, it doesn't matter if support is 24/7 or three hours a day on odd days of the week every other month. So long as there's a support contract involved, that will get it in over something that has no formal support. I've seen companies buy one product over another solely because, while both are commercial software, one of them offers an option for a support contract and the other does not, whether or not the other one is paid support.

        Where I'm at now, it's not uncommon to see support contracts for one product (and not anything from or as ubiquitous as Microsoft, either) reach a quarter of a million dollars a year or more. It's insane.
        • Yup. It's amazing what happens when you pay US$1.5M for software, then the "standard annual maintenance fee" of 17% (plus or minus 2%).
          • I just remembered one place I was at where the software we bought had a support contract that was a downsell. The annual contract was for $5000 or so a year. Sending a tech out cost $400 per hour. Travel time and travel cost -- from New Jersey to California -- were paid by the customer. Minimum charged onsite time was eight hours. One day could (and usually would) easily outstrip the annual costs.

            I once asked the justification out of curiosity. I was told that they REALLY hated it when people made th
      • As far as I know, that doesn't stop a whole lot of software companies from doing just that every year, forcing their customers to either upgrade at 80% of the full price

        Where the customer is also likely to wind up with a large bill for "consequential costs"

        or watch support for their current version dwindle down to the eventual EOLing in a year or two, maybe three. That is two or three years/version down the road of said product.

        This is a technique proprietary software vendors appear to have hit on as
    • Why would a coporation be worried about it being dropped? If anything, Open Source projects seem to be a haven for ancient code where it can linger on forever and ever, continually being tweeked and improved over the ages.

      On the other hand, I suppose if some huge IT company wanted to give me money for something I did for free in the community-based support forums alredy availiable, I'd take it too.
    • I know the corporate world requires service contracts, but this still makes no sense. Since almost all *nix vendors ship BIND, you can already get commercial support from your vendor, whether it's Redhat, Sun or HP. The only scenario I can think of where you'd might want commercial support from ISC is if your vendor shipped some old version like BIND 8 and you absolutely need some feature in the latest and greatest BIND 9.
    • I dunno about that, look at covalent, they basicaly sell and support apache (and keep much of apache's core team employed). At the same time I don't see netcraft reporting tons of "covalent server" or whatever they are calling it these days.

  • Finally (Score:4, Funny)

    by Anonymous Coward on Thursday April 22, 2004 @07:22PM (#8944926)
    I've been waiting forever for them to get this resolved.

  • Why is this a surprise?! (Score:3, Insightful)

    by Da Fokka ( 94074 ) on Thursday April 22, 2004 @07:24PM (#8944948) Homepage
    If you are running any kind of critical operation, support has to be guaranteed. And in our capitalist world, that means paying for it. No matter how good it is, free software has no guarantees whatsoever. And companies need those guarantees. Simply because in court a 'we'll do our best to support our l33t software' is just not good enough

    • Read your EULA please. (Score:5, Insightful)

      by Moderation abuser ( 184013 ) on Thursday April 22, 2004 @07:33PM (#8945021)
      Then come back and start telling us about the guarantees that you get. Oh, and have a look at your support contracts as well to see exactly you are guaranteed.

      I think you'll find they amount to little more than "we'll do our best to support our l33t software".

      • Re:Read your EULA please. (Score:4, Insightful)

        by NineNine ( 235196 ) on Thursday April 22, 2004 @07:43PM (#8945112)
        At the very least, you can tell a company that if it doesn't get fixed, you won't buy another piece of software from them, and neither will anybody else you know. An OS person will tell you to fuck off. I'm the leader of a user group for a specialized piece of software, and the company knows that if I'm not happy, most of their customer base is gonna hear about it. There's incentive for them to get it fixed. There's zero incentive for an OS person to fix your problem.
        • You are, loudly, shooting yourself in the foot.

          If you had a critical software problem, and you told the vendor you "won't buy another piece of software from them" you know what you still have?

          Your same broken ass software, and a worse relationship with your vendor.

          Read your EULAs, ask your lawyer about them, and then go do a little research on the reliability and fix times for problems in BIND, Postfix, Apache, OpenSSL/SSH, etc etc etc.

          You'll find that you're better off in many cases with OSS, with many
          • You'll find that you're better off in many cases with OSS, with many less dollars lost.
            Yes, but how does megacorp have its cake and eat it too? How does megacorp take advantage of the inherent efficiencies of OSS? OSS can be had cheap, very cheap, but the real advantage is on the high end.

            You've paid good money for whatever. That entitles your manager to call your salesman's manager and give him/her an earful. Not that it will do a lot of good, but at least it's something. The vendor has certain responsib
        • That's the primary thing that keeps many OS people going. I ain't saying it's much, but it's there quite often. :)
          • It might be partly ego, but that ego is derived from good software craftsmanship. Praise and recognition from thier programming peers is what keeps many of the Open Source projects going. Doing something worth while with thier skill is another. If they write good code it is recognized and admired by the community of thier peers. Not to mention the warm fuzzy you get from contributing back to the community.

            Not everyone is in it for the EGO rush, they like doing good things, and some like the recognition.

        • of course you can also rely on the very catty nature of the OSS community. post to usenet the problem, how to repeat it, that the maintainers refuse to acknowledge it, and if it's at all important it'll make headlines on every geek blog around.
        • Yes tell MS you'll never buy anything from them again. I hope you don't hear the snickers coming in when the tech yells that out in the helpdesk room and everybody starts cracking up.
        • At the very least, you can tell a company that if it doesn't get fixed, you won't buy another piece of software from them

          Isn't it a bit late by then?

        • At the very least, you can tell a company that if it doesn't get fixed, you won't buy another piece of software from them, and neither will anybody else you know.

          I'll tell that to Microsoft next time I have a bug with any of their software.

    • Nobody says that support can't come from a third party. I'm sure there a many consultants/groups (many of whom may be contributors to the project) available that can provide the necessary support.
    • The monstrous beast of a company I work for let me set up a linux box running apache/nagios network monitor, unofficially. When I was done, my manager came by to inspect it and and was quite impressed, but I cringed when the launch screen came up with the usual "Not guaranteed for fitness or any purpose" or whatever.

      Then he notices the note at the bottom of the browser about Free Software, he asks me how much it would cost to buy licenses, and my stupid answer is "It doesn't cost anything, (yeah yeah my

      • His reply: "I don't trust free."

        That's completely reasonable. Would you take a hamburger from a guy on a street corner that was giving them away, even if he assured you that they were perfectly good... he just made them himself this morning?

        Exactly.

        • Re:Why is this a surprise?! (Score:4, Insightful)

          by po_boy ( 69692 ) on Thursday April 22, 2004 @09:34PM (#8945775)
          Free Porn. Period. [ninenine.com]


          Would you take porn from a guy on street corner that was giving it away, even if he assured you that it was perfectly good...

          Perhaps some analogies are flawed, I guess.

        • Or how about when you go around to a new colleages house for a BBQ, to get to know them. Do you eat the free food there ?

          Or go to a party where everybody has to bring food or drinks. Do you eat the free food there ? Would you be offended if other people don't eat the free food that you brought ? If they don't, aren't they saying that you are untrustworthy ?

          Free doesn't mean you can't trust something.

          You are overlooking social and reputational consequences of providing something at no cost that has int

      • Re:Why is this a surprise?! (Score:4, Informative)

        by operagost ( 62405 ) on Thursday April 22, 2004 @08:16PM (#8945340) Homepage Journal
        but I cringed when the launch screen came up with the usual "Not guaranteed for fitness or any purpose" or whatever.
        Guess what? The Microsoft EULA (along with most other companies') says the same thing in other words. And you DO pay hordes of money for those without getting any real support, until you pay hordes more. Might as well get the right free product and buy competent support and save one horde.
      • That frigging Not guaranteed for any purpose thing has somehow got to go, although I know that it's fundamental to the GPL.

        Read your (Microsoft|Sun|Oracle|Intuit|etc.) EULA some time; it says the same damn thing

    • Suprised by opportunity (Score:3, Insightful)

      by Sloppy ( 14984 ) *

      If you are running any kind of critical operation, support has to be guaranteed. And in our capitalist world, that means paying for it. No matter how good it is, free software has no guarantees whatsoever.

      Free software has whatever guarantee the vendor wants to sell with it -- and the vendor can be anyone! You just happening to be thinking of the case that most of of nerds are in, where we use the software without there being any vendor at all. Thus, there's no guarantee. But it doesn't have to be tha

  • Good to see they're 'getting it' (Score:5, Insightful)

    by mgkimsal2 ( 200677 ) on Thursday April 22, 2004 @07:27PM (#8944971) Homepage
    Not specifically the BIND folks, but it's good to see that people are more and more waking up to this fact. Hopefully the fact that something is 'open source' and people are 'making money' from it won't be a newsworthy item in the near future.

    What I think many programmers don't understand is that most people will often choose a so-so product from a well-run business over a better product from a poorly run business or organization. Having no guaranteed support mechanism for BIND (and other projects) does hurt adoption of those projects in many organizations. Option support is essentially the best of both worlds, as long as the prices aren't cost prohibitive. If pricing is too high, there's much less incentive to switch, because people will usually settle for 'good enough' when 'way better' costs a whole lot more.

  • The best software? (Score:3, Insightful)

    by ybmug ( 237378 ) on Thursday April 22, 2004 @07:27PM (#8944975)
    Hopefully that wasn't in reference to Bind. I know a few people who might take issue with that...

  • <PHB>Who needs competent sysadmins? (Score:5, Insightful)

    by GypC ( 7592 ) on Thursday April 22, 2004 @07:28PM (#8944982) Homepage Journal
    We bought support. The god-like powers of software vendors are obviously much superior to those of anyone that would work for us, even if the source code is open. </PHB>

  • BlIND? (Score:4, Funny)

    by chipster ( 661352 ) on Thursday April 22, 2004 @07:28PM (#8944990)
    Either I am BlIND, or the only release of 9.3 available is 9.3.0beta2.

  • In technical terms... (Score:4, Funny)

    by Rosco P. Coltrane ( 209368 ) on Thursday April 22, 2004 @07:30PM (#8945001)
    "About every year or so they declare it complete, and then implementation begins and we discover that it's actually not complete," Vixie told

    Given what Paul Vixie is famous for [zawodny.com], I'd say the lines are:

    0 0 1 1 * /bin/sh -c "echo it's complete"
    5 0 1 1 * /bin/sh -c "echo nevermind..."
  • Bind: I am the only daddy you got! I'm the damn paterfamilias!

    Suit: But you ain't bona fide!

  • Todo (Score:5, Funny)

    by T-Ranger ( 10520 ) <jeffw@cheMENCKENbucto.ns.ca minus author> on Thursday April 22, 2004 @07:32PM (#8945017) Homepage
    1. Do a business name search on "BIND Support International".
    2. Register it
    3. Ditto for good domain name
    4. Get letterhead printed
    5. Randomly invoice big companies
    6. ??
    7. Profit!

  • You know what? (Score:4, Funny)

    by Neil Blender ( 555885 ) <neilblender@gmail.com> on Thursday April 22, 2004 @07:33PM (#8945024)
    I really dig them root name servers.

  • Good move... (Score:3, Insightful)

    by Trolling4Dollars ( 627073 ) on Thursday April 22, 2004 @07:33PM (#8945026) Journal
    ...in way. At least it keeps the crappy proprietary DNS products from infiltrating the net to an extent. Since the asshat suits who think it's better to have commercial support for something are wailing about thi issue, at least it's addressed now. They can go sit and spin.

  • hilarious (Score:4, Interesting)

    by Tumbleweed ( 3706 ) * on Thursday April 22, 2004 @07:34PM (#8945027)
    All of a sudden, that commercial comes to mind, "The _stapler's_ down! The _stapler's_ DOWN!"

    They'd best make sure they have a support contract for their staplers. And for their pens & pencils, etc. Critical items, all.

    Maybe this explains why it's so expensive to do business here, and jobs have to be shifted overseas. Then we can get our stapler support from India!

    Symmetry. I like it.

  • NOT "Time for net admins to update" (Score:5, Informative)

    by strabo ( 58457 ) on Thursday April 22, 2004 @07:46PM (#8945128) Homepage

    I really hope that most net admins know better than to update until after the beta is over, and the release version comes out.

    BIND 9.3.0 is not released yet. It is at beta 2, which was released two days ago.

  • Hope they don't go the way of redhat, as some others have said.. otherwise we'll be in a very large bind.... ha ha ahem..

  • How the BIND company makes money (Score:5, Informative)

    by amacleod98 ( 757451 ) on Thursday April 22, 2004 @08:34PM (#8945462) Homepage
    D. J. Bernstein has a few things to say about this [cr.yp.to] Also see here [cr.yp.to] And here [cr.yp.to]

  • Well, that's convenient... (Score:3, Insightful)

    by Angst Badger ( 8636 ) on Thursday April 22, 2004 @09:22PM (#8945700)
    In other words we were told that having the best software wasn't good enough [...]

    That works out well, because BIND isn't anywhere near the best software, at least not for name serving. It is, however, an exceedingly reliable source of serious vulnerabilities, and considering how relatively simple DNS is, that's a monumental achievement in its own right.

  • Support? why? (Score:4, Insightful)

    by blanks ( 108019 ) on Thursday April 22, 2004 @09:59PM (#8945905) Homepage Journal
    Isn't this why companies will pay so much money for IT that know what their doing. If your paying for the best of the best, support should not be a high priority. If you have to use lower quality products just for support, then someone in the chain of command shouldn't have a job.
  • Taco:

    I trust you already have the Slashdot article entitled "Vulnerability found in BIND 9.3" queued up for Saturday, right ?

  • baffled by obsession with "official" support (Score:3, Interesting)

    by Bob the Hamster ( 705714 ) on Friday April 23, 2004 @12:54AM (#8946872) Homepage Journal
    I work in IT for an aerospace manufacturer, and I am baffled by other company's obsession with commercial support. I feel lucky to work for an employer who isn't a stickler for it.

    By far the best support I get is from newsgroups, mailing list archives, or simple RTFM'ing

    A company with a boiler-room full of telephone techs simply isn't capable of providing better support than the support that the open source community already puts at my fingertips.
  • I think if open-source software is to gain popularity (particularly in the enterprise environment), they must all provide corporate support.

    Regardless of what you think, corporations are all about minimizing risk and shifting blame onto someone else. Having a support contract is almost a minimum at many large corporations. If there is a problem, management would like to have the confidence that some specialist outside the organization will be helping--or more likely, blamed for the problems. It is much easier for management to blame another company than themselves. Which seems more easy to defend:
    "hmm... my team is working as much as they can on it. It'll be resolved soon"

    OR

    "The problem is being dealt with. Our vendor (insert name; say Novell) is providing a resolution."

    Sivaram Velauthapillai

Slashdot Top Deals

The Tao is like a glob pattern: used but never used up. It is like the extern void: filled with infinite possibilities.

Close