Knowledge Base ISC Main Website Ask a Question/Contact ISC
Quick Jump Menu
Categories
There are no subcategories in this category.
11 Using DNSTAP with BIND 9.11

Introduction dnstap is a fast, flexible method for capturing and logging DNS traffic. Developed by Robert Edmonds at Farsight Security, Inc., it is supported by several DNS implementa tions, including BIND. Some information about it can be found on its website…

12 serial-query-rate, notify-rate and startup-notify-rate: how they impact zone transfers in different versions of BIND

serial-query-rate (default 20) is a rate-limiter, that has been used to for a long time to control both the rate of notifies and of zone refresh (SOA queries). Although the limit is expressed as a per-second rate, it is the actions that are being limited,…

13 Root hints - a collection of operational and configuration FAQs

This collection of FAQs (and links to other related articles) aims to de-mystify for new DNS administrators, what the root hints are and how they are used. What are the root hints? The root hints are a list of the servers that are authoritative for the root…

14 UDP Listeners - choosing the right value for -U when starting named

BIND 9.9.0 introduced a new feature to improve performance in multi-threaded environments, particularly those with a large number of processors. The reasons for this are documented here: Performance: Multi-threaded I/O (https://kb.isc.org/article/AA-00629)…

15 Refinements to EDNS fallback behavior can cause different outcomes in Recursive Servers

Recursive DNS Servers administrators have for many years been advised to ensure that both the servers that they are running and the network environments wherein those servers reside are RFC-compliant. This is to ensure the best possible outcome when handling…

16 Gathering Information on BIND9 Memory Usage

Some problems that can occur with a program are (relatively) easy to isolate. A log message may indicate what the server was doing when a crash occurred, or the stack trace printed when a crash occurs may point to a certain section of the code. However problems…

17 How do I answer for a specific hostname in a zone, but resolve all its other names normally?

Problem A common wish among many sites with internal-only nameservers is the desire on an otherwise caching-only resolver to override one (or more) single name[s] from the Internet. Suppose your company is "example.com" and your authoritative DNS is hosted…

18 Linux connection tracking and DNS

Question: My busy Linux-based nameserver is giving unreasonably slow responses. How do I know if Linux connection tracking is causing the problem I am having? Answer: If you are seeing slow responses and timeouts from your nameserver, check its kernel log…

19 Case-Insensitive Response Compression May Cause Problems With Mixed-Case Data and Non-Conforming Clients

BIND releases beginning with BIND 9.9.5, 9.8.7, and 9.6-ESV-R11 include a fix which we would like to highlight for your attention, as one customer has experienced an operational issue as a result of what might look, from the notes, like a completely innocuous…

20 Using DLZ in BIND 9.8

What is DLZ DLZ (Dynamically Loadable Zones) is a contributed extension to BIND 9 that allows zone data to be retrieved directly from an external database. There is no required format or schema. DLZ drivers exist for several different database backends including…