Knowledge Base ISC Main Website Ask a Question/Contact ISC
Quick Jump Menu
Categories
There are no subcategories in this category.
1 prefetch performance in BIND 9.10 Featured

Our new feature Early refresh of cache records (cache prefetch) in BIND 9.1 unfortunately came with a design defect that was not spotted until recently, and which can cause performance degradation in some situations. If you are experiencing surprising and…

2 --with-tuning=large - about using this build-time option Featured

In BIND 9.10 (and earlier in the stable preview edition) we added a built-time option --with-tuning=large. This option allows operators to tune BIND for better performance in high-memory machines, by setting various constants and defaults to values more appropriate…

3 DNSSEC in 6 minutes! Featured

The original presentation written by Alan Clegg and as published on ISC's website was DNSSEC in 6 minutes. That article, along with a more recent presentation (taking advantage of improvements in automation and key management) are both made available here…

4 Windows zip files for BIND 9

ISC now ships three (3) sets of Windows zip files for BIND 9 split into two categories, production and debug. Windows 64 bit for win64 built using Microsoft Visual Studio 2012 (.x64.zip) Windows 32 bit for x86 built using Microsoft Visual Studio 2012 (.x86.zip)…

5 DNS Cookies in BIND 9.10 and 9.11

DNS COOKIE is an Extended DNS (EDNS) option which, when both the client and server support it, allows the client to detect and ignore off-path spoofed responses, and the server to determine that a client's address is not spoofed. It is supported as an experimental…

6 DNS over TLS

RFC 7858 specifies DNS over TLS (Transport Layer Security). This article explains how to provide a DNS over TLS service using bind9 and stunnel (https://www.stunnel.org). The setup of a privacy aggregator is at the end. bind9 configuration: nothing special…

7 Using DNSTAP with BIND 9.11

Introduction dnstap is a fast, flexible method for capturing and logging DNS traffic. Developed by Robert Edmonds at Farsight Security, Inc., it is supported by several DNS implementa tions, including BIND. Some information about it can be found on its website…

8 serial-query-rate, notify-rate and startup-notify-rate: how they impact zone transfers in different versions of BIND

serial-query-rate (default 20) is a rate-limiter, that has been used to for a long time to control both the rate of notifies and of zone refresh (SOA queries). Although the limit is expressed as a per-second rate, it is the actions that are being limited,…

9 Root hints - a collection of operational and configuration FAQs

This collection of FAQs (and links to other related articles) aims to de-mystify for new DNS administrators, what the root hints are and how they are used. What are the root hints? The root hints are a list of the servers that are authoritative for the root…

10 UDP Listeners - choosing the right value for -U when starting named

BIND 9.9.0 introduced a new feature to improve performance in multi-threaded environments, particularly those with a large number of processors. The reasons for this are documented here: Performance: Multi-threaded I/O (https://kb.isc.org/article/AA-00629)…

1 2 3 4 Next