Knowledge Base ISC Main Website Ask a Question/Contact ISC
Quick Jump Menu
Categories
There are no subcategories in this category.
1 What to do with a misbehaving BIND server Featured

Sometimes a named process will appear to behave abnormally - for example it uses more CPU or memory than usual (or less), emits unexpected error messages, doesn't respond to queries, or responds negatively or late. It's tempting just to restart named or to…

2 What to do if your BIND or DHCP server has crashed Featured

If your BIND or DHCP server crashes (i.e. the daemon terminates unexpectedly), collecting the evidence available and submitting to us is vital if we are to help diagnose the problem and provide a solution. Below is a list of files/information to collect after…

3 pkcs_C_Login: Error = 0x00000005 - what does it mean?

Question: Using BIND with DNSSEC and keys managed within an HSM (Hardware Security Module), the following error is occasionally encountered (using BIND 9.10): 2015 Jun 25 12:52:08 dns-server pk11.c:648: fatal error: 2015 Jun 25 12:52:08 dns-server pkcs_C_Login:…

4 Root hints - a collection of operational and configuration FAQs

This collection of FAQs (and links to other related articles) aims to de-mystify for new DNS administrators, what the root hints are and how they are used. What are the root hints? The root hints are a list of the servers that are authoritative for the root…

5 nsupdate in BIND 9.9.6, 9.10.0 and 9.10.1 fail to resolve the SOA MNAME in some cases

A minor bugfix added to BIND 9.9.6, 9.8.8 and 9.10.0 introduced a regression that makes the nsupdate(8) utility fail to resolve (and thus fail to send updates to) the SOA MNAME host in some cases. (The MNAME or master name is the first text value in a zone's…

6 What causes "refresh: failure trying master ...: operation canceled" error messages?

Problem: Multiple operators have reported to us that on some Linux systems running BIND as a slave, their zones can get behind and the following messages are logged: zone my.example.zone/IN: refresh: failure trying master 10.1.2.3.4#53 (source 0.0.0.0#0):…

7 Why does dig report one more record in the additional section of a query response than I am seeing?

This is not a bug, and it is not new behavior, although those newly upgrading to BIND 9.9 from earlier versions may have encountered it for the first time there. From BIND 9.9.0 and newer, dig has changed its defaults: dig now defaults to using options "+adflag"…

8 How do I flush or delete incorrect records from my recursive server cache?

Sometimes a recursive server may have incorrect records in its cache. These may be as a result of an error made by a zone administrator, or as a result of a deliberately engineered cache poisoning attack. For cache problems relating to DNSSEC validation,…

9 Why does my authoritative-only nameserver try to query the root nameservers?

Check first that recursion really is disabled: recursion no; This will prevent your nameserver from performing iterative queries on behalf of any client queries that it receives, but it won't prevent your server from needing to make queries of its own in…

10 When does rndc reconfig flush the cache?

Why does rndc reconfig flush the cache sometimes but not on other occasions? Usually when issuing rndc reconfig to make changes to a running BIND 9 nameserver, you expect it to retain the current working cache of learned RRsets. However, there are a few changes…

1 2 3 Next