Posts filed under ‘DNS and Bind’

How do I flush or delete incorrect records from my recursive server cache?

Sometimes a recursive server may have incorrect records in its cache.  These may be as a result of an error made by a zone administrator, or as a result of a deliberately engineered cache poisoning attack.

To identify the faulty records, by dumping and inspecting cache:

rndc dumpdb -all
grep problem.domain /var/named/data/cache_dump.db

(The location of the cache_dump.db may be varied based on the bind configuration)

Or you may be able to identify which records are incorrect by querying your server directly.

dig +norec <ip address of nameserver> <name> <type>

How to solve the problem?

rndc flushname name
  • Use the name of a domain if there are problems with the NS or MX records associated with it.
  • Use the server name, if there are problems with the addresses associated with that server name (for example a nameserver, a webserver or a mailserver).

Flush the cache for a specific name as well as all records below that name

rndc flushtree name
  • This will clear the cache, but it will not clear any names out of ADB, so may not be sufficient for some needs.

If you are not sure where the problem lies, or there are too many records to delete them individually, then you might prefer to:Flush the entire named cache

rndc flush && rndc reload


August 18, 2020 at 11:48 am Leave a comment

How to troubleshoot DNS Issues with Wireshark

Hi Folks

Until recently I was a big fan Microsoft Message Analyzer. Unfortunately , Microsoft deprecated the product.So I decided to switch to Wireshark. I will not be going through the basic operations of wireshark as there are plenty of good video tutorials on the Internet.

In this article , I will focus on how to capture DNS packets on a BIND server and filter the packets for known queries and the response codes.

Step1: Start the capture on the BIND server

Step2: After running sample queries , Press CTRL & C to end the capture and transfer the .pcap file to the wireshark.

Once you open the .pcap file in the Wireshark , you can use the below filters to display the required data.

** To filter based on the queried domain name ** == “”

** To filter MX queries **
dns.qry.type == 15

** To filter SERVFAIL response **
dns.flags.rcode == 2

You could use ! to exclude a filter in the search for example to exclude dns.qry.type == 15
!dns.qry.type == 15

For detailed list of DNS Response Codes & other DNS parameters refer the below URL’s.

Good Luck.

June 17, 2020 at 2:23 pm Leave a comment

Sub Domain Delegation using Bind

Hi All

When you are administrating the Bind you may come across to host a sub domain delegated to another DNS server from a different provider.These requests are usually from the Web Hosting Provider which helps them to modify the required records on their own using their Name Server.

In this scenario   open the zone file in for eg:- and add the following lines ( Adding Sub domain “”)

;Sub Doman delegation for the domain


@     NS (Other DNS Severs  , you could add multiple lines of DNS servers)





January 28, 2013 at 12:43 pm Leave a comment

How to force the DNS Propogation by changing the TTL Values


I am writing this tip for DNS Administrators who wants to speed up porpogation changes by playing with TTL (Time to live) values For Eg:-

Assuming that you are changing the IP Address of by default the Bind (Linux based DNS Server) the TTL Value is set for 7200 which is 2 hours as a global parameter.which will control the expiry time / refressh interval for your DNS records in other DNS servers cache .

Therefore if you want to change the TTL value only for the as 5 minutes you could edit the ZONE file as follows

www 300 A it with your Actual IP Address)

(here 300 denotes 5 Minutes )and restart the named services.

Same concept is applicable for the Windows based DNS Servers as well//

January 19, 2013 at 2:04 pm Leave a comment



Follow Hope you like it.. on

Blog Stats

  • 65,263 hits

%d bloggers like this: