DNS Stats Collection

In this second part, I offer another solution for collecting DNS client query statistics on the fly using commercial off-the-shelf tools that will provide a bit more flexibility.

OVERVIEW

In this blog article, I explore a different way of gathering and reporting DNS Client Resolver statist...

Read More...

Picture of guy holding head

A common task for decommissioning or moving a name server is figuring out which clients are querying our particular name server. In this article, I discuss how you can parse syslog messages and build a DNS Top Talkers list.

OVERVIEW

I recently worked with a customer on a project to help th...

Read More...

BIND 9 logo

The ISC has issued an Operation Notification for BIND 9.16.0 - An error in handling TCP client quota limits can exhaust TCP connections.

Description

In the previous blog article announcing BIND 9.16.0, it was discussed that significant work was done to modernize BIND's networking framework...

Read More...

misdirection sign

DNS Response Policy Zones (DNS RPZ) is a method that allows a name server to be configured with information on top of the global DNS to provide alternate responses to queries.

One of the original purposes for DNS RPZ was to provide "DNS Firewall" capabilities. DNS RPZ was originally created...

Read More...

ISC Bind 9 Logo

ISC releases BIND 9.16.0 as a stable release - Here's an inside look at what's new, changed and dropped from the latest stable version of BIND.

Bind 9.16.0 was recently released by the ISC and announced Feb. 19, 2020. The BIND 9.15 experimental branch of code has been deemed complete,...

Read More...

Compare DNS Zones

Learn how to compare DNS zones as a post DNS migration task.

Having performed hundreds of DNS migrations of all sorts of size and shape, I can't overemphasize the importance of performing post-migration zone-by-zone resource record validation and verification. Customers used to be amazed at the...

Read More...

GSS-TSIG on ISC Bind

A demonstration of how to successfully configure GSS-TSIG or secure dynamic updates on ISC Bind.

After several hours of trying to get this to work, perhaps this article would have been better named "GSS-TSIG on ISC Bind -- The Missing Manual".  I know in working with others, we experienced m...

Read More...

End to End DNSSEC using Unbound

Configure the high-performing recursive Unbound DNS server with DNSSEC validation on Linux.

Given all the hoopla surrounding the topic of DNSSEC, it's definitely time to get prepared for it. After all, the last of the root name servers ( J-ROOT ) will all be serving a Deliberately Unvalid...

Read More...