DNS Stats Collection

In this second part, I offer another solution for collecting DNS client query statistics on the fly using commercial off-the-shelf tools that will provide a bit more flexibility.

OVERVIEW

In this blog article, I explore a different way of gathering and reporting DNS Client Resolver statist...

Read More...

BIND 9 logo

The ISC has issued an Operation Notification for BIND 9.16.0 - An error in handling TCP client quota limits can exhaust TCP connections.

Description

In the previous blog article announcing BIND 9.16.0, it was discussed that significant work was done to modernize BIND's networking framework...

Read More...

misdirection sign

DNS Response Policy Zones (DNS RPZ) is a method that allows a name server to be configured with information on top of the global DNS to provide alternate responses to queries.

One of the original purposes for DNS RPZ was to provide "DNS Firewall" capabilities. DNS RPZ was originally created...

Read More...

ISC Bind 9 Logo

ISC releases BIND 9.16.0 as a stable release - Here's an inside look at what's new, changed and dropped from the latest stable version of BIND.

Bind 9.16.0 was recently released by the ISC and announced Feb. 19, 2020. The BIND 9.15 experimental branch of code has been deemed complete,...

Read More...

Compare DNS Zones

Learn how to compare DNS zones as a post DNS migration task.

Having performed hundreds of DNS migrations of all sorts of size and shape, I can't overemphasize the importance of performing post-migration zone-by-zone resource record validation and verification. Customers used to be amazed at the...

Read More...

GSS-TSIG on ISC Bind

A demonstration of how to successfully configure GSS-TSIG or secure dynamic updates on ISC Bind.

After several hours of trying to get this to work, perhaps this article would have been better named "GSS-TSIG on ISC Bind -- The Missing Manual".  I know in working with others, we experienced m...

Read More...

ISC Logo

In-depth details on the tools and "Smart Sign" functionality in Bind 9.7.0

The last article discussed the basics of the BIND 9.7.0 "Smart Sign" feature. In this article, we expose additional functionality that has been incorporated into the software to make it much simpler to sign, operate,...

Read More...

ISC Logo

DNSSEC keys are now automatically imported directly into the zone using the new Smart Signing feature introduced in BIND 9.7.0

In our previous article, we covered how BIND 9.7.0 embeds timing metadata directly in DNSSEC keys as its method for DNSSEC key lifecycle management. In this article,...

Read More...