Knowledge Base ISC Main Website Ask a Question/Contact ISC
Quick Jump Menu
1 What is a DNS Amplification Attack?

A DNS Amplification Attack is a Distributed Denial of Service (DDOS) tactic that belongs to the class of reflection attacks -- attacks in which an attacker delivers traffic to the victim of their attack by reflecting it off of a third party so that the origin…

2 Nameserver Basics: What is an Authoritative Server? What is a Recursive Server?

On occasion, when a security defect is found in BIND, ISC issues a security advisory. Sometimes the "Impact" section of these advisories contains a qualification as to what kind of nameserver is affected by the defect, i.e. if the bug is known to affect only…

3 BIND's Support Model

BIND's Mix of Community Support, Professional Support, and the DDI Eco-System BIND is a managed open source solution. This support model provides the global community of users with the best of two worlds - the open source community of your colleagues using…

4 What do +EDC and other letters I see in my query log mean?

This is documented in the BIND Administrator Reference Manual (which you'll find both on our website and in the BIND source code tarball): https://www.isc.org/software/bind/documentation Look for the section that deals with logging categories, and specifically…

5 One of the ways ISC improves the quality of our code - "Introduction to Agile and Scrum"

Many people have asked what ISC does to improve software quality. This presentation was given at one of the BIND 10 meetings. "Agile Software Development is a group of software development methodologies based on iterative and incremental development, where…

6 What is BIND?

BIND is open-source software that implements the Domain Name System (DNS) protocols for the Internet. It is a reference implementation of those protocols, and it is also production-grade software, suitable for use in high-volume and high-reliability applications.…

7 Why do queries for NSEC3 records fail to return the NSEC3 record?

NSEC3 records are strictly meta data and can only be returned in the authority section. This is done so that signing the zone using NSEC3 records does not bring names into existance that do not exist in the unsigned version of the zone.

8 Why is named listening on UDP port other than 53?

Named uses a system selected port to make queries of other nameservers. This behavior can be overridden by using query-source to lock down the port and/or address. See also notify-source and transfer-source.

9 Please explain how BIND 9 uses memory to store DNS zones. Sometimes it seems to use several times the amount it needs.

When reloading a zone named may have multiple copies of the zone in memory at one time. The zone it is serving and the one it is loading. If reloads are ultra fast it can have more still. e.g. Ones that are transferring out, the one that it is serving and…

10 Is there a bugzilla (or other tool) database that mere mortals can have (read-only) access to for bind?

No. The BIND 9 bug database is kept closed for a number of reasons. These include, but are not limited to, that the database contains proprietary information from people reporting bugs. The database has in the past and may in future contain unfixed bugs which…

1 2 Next