Knowledge Base ISC Main Website Ask a Question/Contact ISC
Quick Jump Menu
Categories
There are no subcategories in this category.
1 Choosing the right value for max-journal-size

BIND has several features that permit authoritative zones to be updated incrementally. These include master to slave incremental updates (IXFR), master zone dynamic updates and also in-line signing. In all of these situations, named maintains a journal (.jnl)…

2 CNAME at the apex of a zone

It is often asked, "why can't I have a CNAME at the zone apex?" This article explains why you can't do that, and then continues with a discussion of potential alternatives. The use case for wanting a CNAME at a zone apex is typically one where an organization…

3 Classless in-addr.arpa subnet delegation

This article is a worked example of one of the simpler cases of of classless in-addr.arpa subnet delegation, as described in RFC2317 (BCP 20): https://tools.ietf.org/html/rfc2317 Requirements You are the owner of subnet 192.0.2.0/24 for which you maintain…

4 DNSSEC validation - how can I tell if my server is doing it?

System administrators sometimes need a quick answer to the question 'Is my DNS server doing DNSSEC validation or not?' Usually this is because they've just received notification of a BIND security advisory and aren't sure if it is applicable to their production…

5 BIND Logging - some basic recommendations

BIND9 logging configuration is very flexible, and the default settings are designed to make sure that you are collecting all of the basic administrator information as well as 'doing the right thing' when there are problems and you are advised to run with…

6 Root hints - a collection of operational and configuration FAQs

This collection of FAQs (and links to other related articles) aims to de-mystify for new DNS administrators, what the root hints are and how they are used. What are the root hints? The root hints are a list of the servers that are authoritative for the root…

7 UDP Listeners - choosing the right value for -U when starting named

BIND 9.9.0 introduced a new feature to improve performance in multi-threaded environments, particularly those with a large number of processors. The reasons for this are documented here: Performance: Multi-threaded I/O (https://kb.isc.org/article/AA-00629)…

8 Refinements to EDNS fallback behavior can cause different outcomes in Recursive Servers

Recursive DNS Servers administrators have for many years been advised to ensure that both the servers that they are running and the network environments wherein those servers reside are RFC-compliant. This is to ensure the best possible outcome when handling…

9 How do I answer for a specific hostname in a zone, but resolve all its other names normally?

Problem A common wish among many sites with internal-only nameservers is the desire on an otherwise caching-only resolver to override one (or more) single name(s) from the Internet. Suppose your company is "example.com" and your authoritative DNS is hosted…

10 Using the 'map' zone file format in BIND

What is a zone file format? A zone file is used to store the resource records for a zone. On a master server, the zone file is created externally to BIND, and is usually kept in text format for convenience and flexibility in maintaining it. A master server…