The Men & Mice Blog

DNS & DHCP spotlight: BIND 9.14 & Kea

Posted by Men & Mice on 7/4/19 11:33 AM

While we were at RIPE 78 in Reykjavik, we got to catch up with Matthijs Mekking, a software engineer at ISC tasked with working on BIND, DNSSEC and other projects. We made a podcast of our chat, but given just how important BIND is to everyday workflows, a blog post touching on some of the topics also seemed warranted.

BIND 9.14

BIND truly is one of the most fundamental pieces of software for anyone working with DNS. (It’s not for no reason that we call our training program DNS & BIND!)

Changing the BIND release scheme

Starting with BIND 9.13, ISC has changed the release schedule for BIND, where odd numbers represent development releases, and even numbers note the stable branch. Users welcomed the opportunity to test the development branch; and since many companies build on BIND's features, these versions offer a chance to strategize. It also allows ISC to gather valuable early feedback and enables them to better focus their resources or course correct where necessary. (Find out which version of BIND 9 suits you best)

What's new in BIND 9.14 

With BIND 9.14, ISC focused on making BIND a modern nameserver again. In addition to bug fixes, this includes responding to privacy and usability requests, including:

  • a lot of modernization and code refactoring
  • 12% performance increase 
  • QNAME minimization (and enabled by default in relaxed mode) for enhancing privacy
  • mirror zones (serving a transferred copy of a zone’s contents without acting as an authority for it)

What's coming in BIND 9.15

In BIND 9.15, ISC will continue to modernize BIND's codebase, in particular refactoring the networking code. This will allow them to streamline implementations such as DNS-over-TLS and DNS-over-HTTPS and make them easier to deploy.

Making DNSSEC in BIND more intuitive is also a priority. This includes making DNSSEC easy for signing purposes as well as providing support for offline and combined signing keys.

These roadmap plans should form a solid base for BIND 9.16, which is scheduled to be the next Extended Support Version (ESV) after BIND 9.11. 


As mature and robust as ISC DHCP is, it's also old. It was started in 1995, when networks were a lot smaller and network management a lot more straightforward, and perhaps not as integral to the success of business operations as it is today. ISC DHCP code was extended through the years, but that also made it harder to maintain.

Kea DHCP came alive as the natural successor to ISC DHCP, designed for modern mission-critical environments and destined to address these issues. It's a more scalable and better performing DHCP server, with a different architecture and a somewhat different feature set. (Such as new features coming with hooks and a rich API to configure users and subnets, radius integration, and support for several database backends.)

ISC recommends, particularly for new deployments, to use Kea instead of ISC DHCP. This is not only because Kea is better adapted to modern environments, but also because support for ISC DHCP will cease in the long term, most likely any time after 2020.

To learn more about Kea and how to migrate from ISC DHCP, take a look at this webinar from ISC:

Kea's modules vary from open source to paid (freemium and subscription) but the documentation for all modules is freely available for users to look at and evaluate. Beta versions are also freely available.

Where to from here?

As BIND and Kea shows, development in the network infrastructure (DNS, DHCP, IPAM) space is not only ongoing but vibrant. RIPE78 (as with all RIPE AGMs) provided a great opportunity for a glimpse at just how vibrant this sector is.

As a company wholly dedicated to DDI, we're following developments at ISC and other major developers continuously, and share what we learn along the way. For example, both our RIPE 78 blog coverage and our newly launched podcast focus on the details and implications of major changes that are happening or are expected to happen. Follow us here on our blog, on social, and subscribe to the podcast to stay in the know.

Topics: DNS, DHCP, BIND 9, ISC, Kea

A visit from an ISC BIND 10 team to Iceland

Posted by Dora Vigfusdottir on 4/26/12 12:36 PM

We here at Men & Mice have been playing host to a very happy and eager group of people from ISC this week. The purpose of their visit to Iceland has been to meet up, work together, learn from us and vice versa. 


I was able to lure Shane Kerr out of a meeting for a minute and asked him some questions!

So Shane, what exactly is BIND 10? 

BIND 10 is the next-generation DNS server currently being developed by ISC, with financial and coding support from several generous sponsors. It is intended not only to fix limitations found in all current DNS servers, but also to allow DNS administrators to better intigrate BIND into their operations and use the DNS in new and interesting ways. 

And how is the progress so far in the project?

We've gotten to the point where the server is useful as an authoritative server, but we've had to do quite a bit more refactoring of the code than I would have preferred. My feeling is that this is because we're trying to do things in ways that have never been attempted before, so it should not be surprising that we have made some imperfect decisions early on.

Some pioneer work going on then, exciting! But when should users download and test BIND 10 in their environment?

This depends on what each user does with DNS, and also how comfortable they are with experimental code.

Right now users interested in looking at BIND 10 from a software or system level should go ahead and download it immediately.

Users who are more interested in installing production software should wait until October 2012, when we are going to be putting out either a beta or alpha version of the authoritative server. (If we have completed feature work it will be a beta, otherwise it will be an alpha).

Users who run recursive resolvers should wait until mid-2013, when we hope to release the results of our recursive work. We have a basic resolver now, but we are looking at architectural changes needed to improve performance so we can run faster than any alternatives.

Makes sense, but is there a way for users to participate in or comment on the BIND 10 project?

Right now we have a user mailing list which is designed for people with operational questions or suggestions:

We also have a development mailing list where all of the development discussions happen. This is a bit high-volume, and probably only interesting for DNS developers, but it is open for all:

We periodically invite anyone interested to join us for a day of discussion with the developers, which we call the BIND Open Day. We've had two so far, and tend to have them around our face to face team meetings. These get announced on our mailing lists, as well as all the usual social media sites. We hope to see you at one! :)

Excellent, lots of ways to stay tuned. But how does the BIND 10 team like Iceland?

Well, a number of the team were really looking forward to the trip, and several have taken the opportunity to plan their holidays around the meeting. We generally like it so far and some of us are going on a day tour this weekend to see your geysers and other nature wonders. 


It's been a pleasure to have all these wonderful people gathered here at our offices.

Everyone hard at workHard at work and keeping busy!


Topics: Men & Mice, DNS, ISC, BIND

Why follow Men & Mice?

The Men & Mice blog publishes educational, informational, as well as product-related material for everyone and anyone interested in IP Address Management, DNS, DHCP, IPv6, DNSSEC and more.

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all