BIND (Berkeley Internet Name Domain), an open-source DNS server that is the backbone of much of the Internetโs domain name resolution service, has released its latest version, 9.20. Hereโs a breakdown of the key improvements.
This new version comes after thorough testing and is slated for Extended Support Version (ESV) status by late 2024 or early 2025.
The application core infrastructure, essential for DNS operations, has been completely rewritten using libuv asynchronous event loops, reducing resource consumption by minimizing the need for context switching among processing threads.
Moreover, BIND 9.20 introduces the QP-trie as the default database for storing DNS zone and cache data, replacing the older RBTDB. This switch allows for better scalability on systems with multiple CPUs using the Userspace RCU library, reducing the reliance on traditional POSIX locking mechanisms.
This release also does not overlook security enhancements. DNSSEC, which secures DNS data against unauthorized modifications, sees significant updates in BIND 9.20. The auto-dnssec feature has been removed, favoring a singular DNSSEC policy management approach.
Additionally, support for DNSSEC multi-signer model 2 and the latest OpenSSL 3.0 Engine API enhances security handling, especially in high-security environments using Hardware Security Modules.
Lastly, BIND 9.20 supports the latest standards for managing complex DNS setups, such as Catalog Zones schema version 2 and Extended DNS Errors.
According to devs, performance tests indicate a marked improvement in memory usage and latency compared to previous versions, with BIND 9.20 offering more efficient handling of DNS queries and lower resource usage overall.
BIND 9.20’s branch will be supported for four years. For more information, visit ICS’s announcement. The release notes provide an in-depth look at all novelties.
