Knowledge Base ISC Main Website Ask a Question/Contact ISC
Quick Jump Menu
Categories
There are no subcategories in this category.
1 DNSSEC in 6 minutes! Featured

The original presentation written by Alan Clegg and as published on ISC's website was DNSSEC in 6 minutes. That article, along with a more recent presentation (taking advantage of improvements in automation and key management) are both made available here…

2 UDP Listeners - choosing the right value for -U when starting named

BIND 9.9.0 introduced a new feature to improve performance in multi-threaded environments, particularly those with a large number of processors. The reasons for this are documented here: Performance: Multi-threaded I/O (https://kb.isc.org/article/AA-00629)…

3 Refinements to EDNS fallback behavior can cause different outcomes in Recursive Servers

Recursive DNS Servers administrators have for many years been advised to ensure that both the servers that they are running and the network environments wherein those servers reside are RFC-compliant. This is to ensure the best possible outcome when handling…

4 Gathering Information on BIND9 Memory Usage

Some problems that can occur with a program are (relatively) easy to isolate. A log message may indicate what the server was doing when a crash occurred, or the stack trace printed when a crash occurs may point to a certain section of the code. However problems…

5 How do I answer for a specific hostname in a zone, but resolve all its other names normally?

Problem A common wish among many sites with internal-only nameservers is the desire on an otherwise caching-only resolver to override one (or more) single name[s] from the Internet. Suppose your company is "example.com" and your authoritative DNS is hosted…

6 Linux connection tracking and DNS

Question: My busy Linux-based nameserver is giving unreasonably slow responses. How do I know if Linux connection tracking is causing the problem I am having? Answer: If you are seeing slow responses and timeouts from your nameserver, check its kernel log…

7 Case-Insensitive Response Compression May Cause Problems With Mixed-Case Data and Non-Conforming Clients

BIND releases beginning with BIND 9.9.5, 9.8.7, and 9.6-ESV-R11 include a fix which we would like to highlight for your attention, as one customer has experienced an operational issue as a result of what might look, from the notes, like a completely innocuous…

8 DNSSEC validation and BIND9 cache

This KB article discusses some of the problems that can be encountered by BIND9 validating recursive servers due to intermittent problems with authoritative servers providing DNSSEC-signed zones. BIND has competing objectives when handling validation. On…

9 Understanding views in BIND 9, by example

Views in BIND have a bad reputation, with some people advocating that they should not be used. It is true that views add complexity to a BIND configuration, but this article will explain how that complexity can be managed and allow views to be used effectively.…

10 Automatic empty zones (including RFC 1918 prefixes)

BIND provides a number of empty zones that are automatically configured and loaded (for each view) when named starts. The purpose of these zones is to prevent recursive servers from sending meaningless queries to Internet servers that cannot handle them (thus…

1 2 3 Next