Knowledge Base ISC Main Website Ask a Question/Contact ISC
Quick Jump Menu
Categories
There are no subcategories in this category.
21 How can I disable global forwarding for delegated subdomains?

When a nameserver receives a recursive query, it will first look to see if it has the answer in cache or is authoritative for the domain in which the answer for the name being queried should reside. Otherwise it will need to iterate - this means that it will…

22 What is DNS Cache snooping?

DNS cache snooping is a technique that can be employed for different purposes by those seeking to benefit from knowledge of what queries have been made of a recursive DNS server by its clients. Uses of this information vary, ranging from planning which mis-typed…

23 What does 'maximum number of FD events ... received' mean?

Question: In my named logs, I'm frequently seeing maximum number of FD events (64) received - is this cause for concern? Answer: maximum number of FD events means that when checking to see if any sockets are ready to be read from, there were more than 64…

24 What's the difference between allow-query-cache and allow-recursion?

allow-query governs who can send any query to the server, not just queries against authoritative data. If a query is blocked by this ACL, the response sent back is empty (no records), with the RCODE set to REFUSED. allow-query-cache was added in BIND 9.4…

25 How do I prevent BIND from stopping listening on an interface when it's temporarily down?

By default, BIND will scan the network interface list every 60 minutes and will stop listening on any interfaces that it finds unavailable when it runs this scan. However, it's possible to configure the scanning interval and disable this functionality altogether…

26 My access controls using default ACL localhost don't do quite what I expect.

The built-in BIND Access Control List (ACL) localhost matches the IPv4 and IPv6 addresses of all network interfaces on the system - it doesn't mean 127.0.0.1 only. The ACL localnets matches any host on an IPv4 or IPv6 network for which the system on which…

27 Limiting the Size of Journal Files

I am using BIND to serve information for dynamic zones. After running for some time the journal files can get quite large. Is there a way to limit their growth within BIND? Yes, you can use the max-journal-size configuration option to specify a maximum size…

28 How do I change the version that BIND reports when queried for version.bind?

BIND servers respond to queries for name version.bind with record type TXT and class CHAOS. By default this is set to the version of BIND that has been installed. dig @127.0.0.1 version.bind chaos txt ; <<>> DiG 9.11.0 <<>> @127.0.0.1…

29 Can I have a TXT or SPF record longer than 255 characters?

You may have more than 255 characters of data in a TXT or SPF record, but not more than 255 characters in a single string. If you attempt to create an SPF or TXT record with a long string (>255 characters) in it, BIND will give an error (e.g. "invalid…

30 I can query the nameserver from the nameserver but not from other machines. Why?

This may be the result of the firewall configuration stopping the queries and/or the replies. Also check the 'allow-query', 'allow-recursion', 'allow-query-cache' options as well as any 'listen-on' statements in your nameserver's configuration. The default…