Knowledge Base ISC Main Website Ask a Question/Contact ISC
Quick Jump Menu
Categories
There are no subcategories in this category.
1 Classless in-addr.arpa subnet delegation

This article is a worked example of one of the simpler cases of of classless in-addr.arpa subnet delegation, as described in RFC2317 (BCP 20): https://tools.ietf.org/html/rfc2317 Requirements You are the owner of subnet 192.0.2.0/24 for which you maintain…

2 DNSSEC validation - how can I tell if my server is doing it?

System administrators sometimes need a quick answer to the question 'Is my DNS server doing DNSSEC validation or not?' Usually this is because they've just received notification of a BIND security advisory and aren't sure if it is applicable to their production…

3 BIND Logging - some basic recommendations

BIND9 logging configuration is very flexible, and the default settings are designed to make sure that you are collecting all of the basic administrator information as well as 'doing the right thing' when there are problems and you are advised to run with…

4 Root hints - a collection of operational and configuration FAQs

This collection of FAQs (and links to other related articles) aims to de-mystify for new DNS administrators, what the root hints are and how they are used. What are the root hints? The root hints are a list of the servers that are authoritative for the root…

5 UDP Listeners - choosing the right value for -U when starting named

BIND 9.9.0 introduced a new feature to improve performance in multi-threaded environments, particularly those with a large number of processors. The reasons for this are documented here: Performance: Multi-threaded I/O (https://kb.isc.org/article/AA-00629)…

6 Refinements to EDNS fallback behavior can cause different outcomes in Recursive Servers

Recursive DNS Servers administrators have for many years been advised to ensure that both the servers that they are running and the network environments wherein those servers reside are RFC-compliant. This is to ensure the best possible outcome when handling…

7 How do I answer for a specific hostname in a zone, but resolve all its other names normally?

Problem A common wish among many sites with internal-only nameservers is the desire on an otherwise caching-only resolver to override one (or more) single name(s) from the Internet. Suppose your company is "example.com" and your authoritative DNS is hosted…

8 Using the 'map' zone file format in BIND

What is a zone file format? A zone file is used to store the resource records for a zone. On a master server, the zone file is created externally to BIND, and is usually kept in text format for convenience and flexibility in maintaining it. A master server…

9 How do I enable Response Rate Limiting (RRL) on BIND 9.9.4?

BIND 9.9.4 (and higher) provides support for Response Rate Limiting (RRL). However, it is not enabled by default when building BIND. The reason for this is that BIND 9.9 is an Extended Support Version of BIND and per our policy on mangement of ESVs, we do…

10 Why does my authoritative-only nameserver try to query the root nameservers?

Check first that recursion really is disabled: recursion no; This will prevent your nameserver from performing iterative queries on behalf of any client queries that it receives, but it won't prevent your server from needing to make queries of its own in…