Knowledge Base ISC Main Website Ask a Question/Contact ISC
Quick Jump Menu
Categories
There are no subcategories in this category.
31 Using Access Control Lists (ACLs) with both addresses and keys

Question: How can I configure allow-update to permit updates, only if BOTH of the following are true: They hold the secret key (TSIG) They're in the 'permitted' subnet Answer: Here's the long version: acl address_allow { 10/8; }; acl address_reject { !address_allow;…

32 In-line Signing With NSEC3 in BIND 9.9+ -- A Walk-through

Introduction As of version 9.9, the BIND package supports three different methods of signing zones. Manual signing, initiated by the name server administrator from the command line, has been supported since BIND first added support for DNSSEC. BIND 9.7 added…

33 How can I check the default option values in named.conf?

There isn't any command for bind that will list all named.conf options and their default settings, but checking the defaults can sometimes be helpful in understanding why BIND is doing something that you didn't expect it to, particularly if you've recently…

34 Installing and upgrading BIND - some challenges and options

In a test environment, building and installing BIND is pretty simple - you just download and unpack the source code tarball, run the configure script (with the options of your choice, or just using the defaults) and then use make install to compile and install…

35 Performance: Multi-threaded I/O

Starting in BIND 9.9.0, ISC has made some important changes regarding performance of BIND on multi-core machines. Among these is internal scaling of network traffic. This article describes this change. This feature is not available on the Windows version…

36 Inline Signing in ISC BIND 9.9.0 -- Examples

When DNSSEC was first introduced, the only way to sign DNS data was using the 'dnssec-signzone' utility; this would take an unsigned zone file and generate a new zone file containing signatures. This file would be loaded by named and served the same as any…

37 Changes to NS RRset caching strategy in BIND 9.6-ESV-R6, 9.7.5, 9.8.2 and 9.9.0

Introduction: In the DNS a parent zone is authoritative for the presence of a delegation (NS RRset in the parent zone) but the child zone is authoritative for the contents of the NS RRset. These NS RRsets are supposed to be loosely synchronised with both…

38 BIND9 Knowledge Articles

Are you looking for more technical information about BIND9? The BIND9 Knowledge Articles category contains more in-depth information about BIND9 than is found in our FAQs - but the majority of this content is only available once you have registered (registration…

39 Filter AAAA option in BIND 9

AAAA Filtering When acting as a resolver, BIND 9 has an option to filter AAAA (IPv6 address) records returned to the client, based on the transport used for the query (IPv4 or IPv6) and other filtering conditions. This filtering does not affect the recursive…

40 Performance testing of recursive servers using queryperf

This is an article about testing recursive DNS server performance. Testing recursive servers is intrinsically more challenging than testing authoritative server performance because the server under test isn't providing the DNS query responses from authoritative…