Knowledge Base ISC Main Website Ask a Question/Contact ISC
Quick Jump Menu
Categories
There are no subcategories in this category.
1 Response Policy Zone (RPZ), NSIP rules, and nsip-wait-recurse

Problem: You, or your security team, want to use RPZ NSIP rules to filter results and provide protection for your users. Unfortunately, there are domains that you need to resolve names for that are served by ill-behaved servers that you are unable to resolve…

2 What is dyndb and how is it better than DLZ?

Question: What is dyndb? Answer: dyndb is a new plug-in interface for BIND for custom zone data providers. Question: Isn't there already DLZ for that? Why should I port my provider from DLZ to dyndb? Answer: While both DLZ and dyndb allow for custom zone…

3 What does 'rndc nta' do and when should I use it?

Question: I've heard that there's a new rndc command in BIND 9.11.0 - 'rndc nta'. What does it do? Answer: 'rndc nta' is used to temporarily disable DNSSEC validation for a domain, allowing unsigned and/or non-validating signed data to be returned by an otherwise-validating…

4 A short introduction to Catalog Zones

Catalog Zones is a new BIND feature allowing easy provisioning of zones to slave servers. A "catalog zone" is a special DNS zone that contains a list of other zones to be served, along with their configuration parameters. The zones listed in a catalog zone…

5 DNS Cookies in BIND 9.10 and 9.11

DNS COOKIE is an Extended DNS (EDNS) option which, when both the client and server support it, allows the client to detect and ignore off-path spoofed responses, and the server to determine that a client's address is not spoofed. It is supported as an experimental…

6 IPv6 Changes in BIND 9.11.0, BIND 9.10.4 and BIND 9.9.9.

BIND 9.11.0, BIND 9.10.4 and BIND 9.9.9 introduces two IPv6 related changes. The first change is to the preferred-glue option. Preferred-glue now defaults to the transport that the query was received over. If named receives a query over IPv6 and there is…

7 Using DNSTAP with BIND 9.11

Introduction dnstap is a fast, flexible method for capturing and logging DNS traffic. Developed by Robert Edmonds at Farsight Security, Inc., it is supported by several DNS implementa tions, including BIND. Some information about it can be found on its website…