Knowledge Base ISC Main Website Ask a Question/Contact ISC
Quick Jump Menu
Categories
There are no subcategories in this category.
1 prefetch performance in BIND 9.10 Featured

Our new feature Early refresh of cache records (cache prefetch) in BIND 9.10 unfortunately came with a design defect that was not spotted until recently, and which can cause performance degradation in some situations. If you are experiencing surprising and…

2 --with-tuning=large - about using this build-time option Featured

In BIND 9.10 (and earlier in the stable preview edition) we added a built-time option --with-tuning=large. This option allows operators to tune BIND for better performance in high-memory machines, by setting various constants and defaults to values more appropriate…

3 DNSSEC in 6 minutes! Featured

The original presentation written by Alan Clegg and as published on ISC's website was DNSSEC in 6 minutes. That article, along with a more recent presentation (taking advantage of improvements in automation and key management) are both made available here…

4 CNAME at the apex of a zone

It is often asked, "why can't I have a CNAME at the zone apex?" This article explains why you can't do that, and then continues with a discussion of potential alternatives. The use case for wanting a CNAME at a zone apex is typically one where an organization…

5 Classless in-addr.arpa subnet delegation

This article is a worked example of one of the simpler cases of of classless in-addr.arpa subnet delegation, as described in RFC2317 (BCP 20): https://tools.ietf.org/html/rfc2317 Requirements You are the owner of subnet 192.0.2.0/24 for which you maintain…

6 Why is BIND re-priming the roots from hints more often than it should?

A quick recap on root priming: When handling a client query for which it has no answer, a recursive server needs to know which authoritative server is responsible for the domain of the name it has been asked to resolve. So for example, if a client queries…

7 Trust levels for RRsets in BIND cache

When a BIND resolver receives answers from authoritative servers, it must determine whether to accept them, whether to cache them, and whether to use them when sending responses to client queries. In some cases, more than one answer may be available, and…

8 Root KSK Rollover in BIND

In late 2017/early 2018 the root zone key-signing key will be changed. A new key will be introduced and used to sign the root zone's DNSKEY RRset, then the old key will be removed. This article describes how BIND will cope with that transition and what action…

9 How does BIND choose the master for a zone refresh (zone timer or notify)?

BIND slave servers update their zone content from one of the list of masters that they have configured in named.conf: zone “zone.test.com” IN { type slave; file “zone.test.com”; masters {192.0.2.10; 192.0.2.11; 192.0.2.12; }; }; 'masters' in this…

10 Address database dump (ADB) - understanding the fields and what they represent

BIND provides the administrator with feature that allows the current cache contents to be dumped to a text file for inspection. Using the '-all' suboption will cause named to dump everything in cache, including authoritative zone data that has loaded, and…