Re: Frequent timeout

Hi, Alex-- On Aug 31, 2018, at 3:49 PM, Alex wrote: > The interface does show some packet loss: > > br0: flags=4163 mtu 1500 > [ ... ] >RX packets 1610535 bytes 963148307 (918.5 MiB) >RX errors 0 dropped 5066 overruns 0 frame 0 > > Is some packet loss such as the above to

Re: DNS64 & nslookup

On Apr 11, 2018, at 4:26 PM, Mark Boolootian wrote: >>> As far as I know, a host with on an IPv6 address is only ever >>> going to perform lookups. I'd be very interested to know >>> if there are cases where that isn't true. >> >> Well, if you run nslookup or dig -t a,

Re: DNS64 & nslookup

On Apr 11, 2018, at 3:49 PM, Mark Boolootian wrote: > >>> I'll give those tools a try, but I don't understand how my client is >>> requesting >> an A record. It only has IPv6 networking. DNS64 should be requesting an >> A record, but that the client should see is the converted

Re: DNS64 & nslookup

On Apr 11, 2018, at 3:32 PM, Rick Tillery wrote: > I'll give those tools a try, but I don't understand how my client is > requesting an A record. It only has IPv6 networking. DNS64 should be > requesting an A record, but that the client should see is the converted

Re: DNS64 & nslookup

On Apr 11, 2018, at 3:09 PM, Rick Tillery wrote: > I appear to have my NAT64+DN64 IPv6 -> IPv4 network configured correctly, as > I can access IPv4 only Internet sites, e.g. from my browser. But some tools > don't seem to work the way I think they should. > > One

Re: global server load balancing with the domain name

On Apr 14, 2017, at 2:40 PM, McDonald, Daniel (Dan) wrote: > Setting up global server load balancing seems easy enough – just add ns > records pointing at the load balancer and away you go: > > example.com. 38400INSOAns20.example.net.

Re: Few questions on Bind

On Jan 4, 2017, at 4:11 PM, Debarghya Mandal wrote: > Hi, > I am kind of new to bind. I have a few queries about it. > > 1. Is there a way to load custom DNS record from zone file? Yes; that's exactly what zone files are for. > I have some schematized data that I

Re: reverse resolution failing

Hi-- On Apr 10, 2013, at 1:07 PM, Jim Pazarena wrote: So I have another domain which will not reverse resolve for me: mail.tysers.com which also appears to be: mail.tyser.co.uk 80.169.188.226 the IP, will not reverse resolve (for me) yet, once again, google (8.8.8.8) CAN RESOLVE IT.

Re: How to minimize the downtime in my case

Hi-- On Mar 14, 2013, at 12:04 PM, Manish Rane wrote: I right now have NS server hosted with ISP and I am planning to set up my own BIND servers. Now I would like to understand that I need to ask my Registrar to populate the entry of my new NS server which would take 4-6 hours to propagate

Re: cname record

Hi, Dwayne-- On Mar 1, 2013, at 10:29 AM, Dwayne Hottinger wrote: I would like for users inside my network to not be able to do ssl searches with google, because of cipa compliance issues. OK, so you should block port tcp/443 to Google's network addresses (approximately 173.194.79.0/24) on

Re: broken ISP in china

Hi-- On Feb 18, 2013, at 2:07 PM, Lyle Giese wrote: Recently I moved this domain(lcrcomputer.net) to a registrar that suports DNSSEC and inserted the DS record for this domain. I checked DNSSEC via http://dnsviz.net and http://dnssec-debugger.verisignlabs.com. Both show DNSSEC is

Re: MNAME not a listed NS record

On Jan 16, 2013, at 12:40 PM, Dave Warren wrote: Is there anything technically wrong with having a SOA MNAME field that isn't listed as a NS record? Sure. The SOA MNAME is expected to be the primary master nameserver for the zone; it's where things like dhcpd and such send dynamic updates

Re: MNAME not a listed NS record

On Jan 16, 2013, at 1:42 PM, Barry Margolin wrote: In article mailman.1077.1358370123.11945.bind-us...@lists.isc.org, Chuck Swiger cswi...@mac.com wrote: On Jan 16, 2013, at 12:40 PM, Dave Warren wrote: Is there anything technically wrong with having a SOA MNAME field that isn't listed

Re: MNAME not a listed NS record

On Jan 16, 2013, at 4:30 PM, Barry Margolin wrote: [ ... ] On Jan 16, 2013, at 12:40 PM, Dave Warren wrote: Is there anything technically wrong with having a SOA MNAME field that isn't listed as a NS record? Sure. The SOA MNAME is expected to be the primary master nameserver for the

Re: Find all authoritative domains for a nameserver?

Hi-- On Dec 3, 2012, at 3:30 PM, Novosielski, Ryan wrote: I don't know if there's an easy, or even moderately easy way to do this, but can one somehow figure out/get a list of all domains for which the nameserver is set to a given IP/server name? It's easy enough to test whether a specific

Re:

Hi-- On Nov 29, 2012, at 3:00 PM, Jose Manuel Delgado G. wrote: I have the following problem in resolving my DNS using Bind 9, sends me an error connection time out, no servers Could be reached. that way I can avoid giving these errors and how I can reduce the time of the response? this

Re:

On Nov 29, 2012, at 3:34 PM, Jose Manuel Delgado G. wrote: about the other question, as to reduce the response time of my server when the domain does not exist? BIND implements negative caching of NXDOMAIN responses: % dig www.does.not.exist. @localhost [ ... ] ;; -HEADER- opcode: QUERY,

Re: Performance tuning

Hi-- On Nov 26, 2012, at 10:12 AM, Adamiec, Lawrence wrote: The report must also address these two specific questions: • Why does www.kentlaw.iit.edu load quicker than kentlaw.iit.edu in any browser? • What happens if we remove the forwarders option from named.conf? I can't

Re: transparent DNS load-balancing with a Cisco ACE

Hi-- On Oct 19, 2012, at 11:25 AM, John Miller wrote: Hello everyone, Perhaps a Cisco list is a better destination for this, but I've seen a similar post here in the past couple of months, so posting here as well. I'm trying to get our Cisco ACE set up appropriately to handle DNS

Re: transparent DNS load-balancing with a Cisco ACE

Hi-- On Oct 19, 2012, at 1:04 PM, John Miller wrote: IMO, the only boxes which should have IPs in both public and private netblocks should be your firewall/NAT routing boxes. That's how we usually have our servers set up--the load balancer gets the public IPs, the servers get the private

Re: Possible DDoS?

Hi-- On Oct 17, 2012, at 11:17 AM, Manson, John wrote: From time to time I notice a large number of queries like these to one of my external dns servers: 14:14:40.01407 121.10.105.66 - 143.231.1.67 DNS C gop.gov. Internet * ? [ ... ] 14:14:40.98668 121.10.105.66 - 143.231.1.67 DNS C

Re: DNS BIND Failover Setup (High Availability)

On Sep 14, 2012, at 4:37 AM, Kaushal Shriyan wrote: Can someone please point me to setup High Availability BIND DNS Server on CentOS Linux version 5.8? Sure; read the fine BIND ARM: http://www.isc.org/software/bind/documentation Setup and register as many nameservers for your domains as

Re: DNS BIND Failover Setup (High Availability)

On Sep 14, 2012, at 4:36 PM, Kaushal Shriyan wrote: Thanks for the reply. Basically i am setting up Internal DNS Server within the same DC. Will Master Slave Replication suit the need? Yes. (Oh, there are other ways of doing replication, but AFXR works fine.) and any step by step guide and

Re: disabling Any requests

On Jul 12, 2012, at 2:27 AM, Dns Administrator wrote: Hi bind-users, please excuse my ignorance being a novice to dns, but is there some way of disabling or choking Any type requests? Sure-- a firewall or even taking a pair of wire-cutters to the ethernet cable will accomplish that. :-)

Re: disabling Any requests

On Jul 12, 2012, at 7:16 AM, Lightner, Jeff wrote: Your answer was clearly meant to be tongue in cheek but I'm not sure you understood. Please allow me to reassure you that I understood the intent of the question. :-) The point was that if one isn't clear about what one should allow and

Re: CNAME Rules

On Jun 25, 2012, at 2:13 PM, Srinivas Krishnan wrote: The RFC rules on CNAMEs is fairly tight but I am seeing an increasing amount of traffic with misconfigured CNAMEs some of which are accepted by BIND as valid responses. The examples capture three trends, note these are actual responses:

Re: CNAME Rules

On Jun 25, 2012, at 2:34 PM, Srinivas Krishnan wrote: You are using a caching resolver to check the responses and you only see response after its been resolved by Google's DNS server. The overwhelming majority of Internet users are using caching resolvers running at their ISP, employer, etc.

Re: OT: cached memory

On Jun 13, 2012, at 3:02 PM, Dan Letkeman wrote: I understand the concept, as I have read many documents like that. I am more interested in a real world example of how much free memory for caching is recommended for an average server. The OS likes to keep a few megabytes of prezeroed pages

Re: Problem with recursive name server

Hi-- On Jun 8, 2012, at 1:08 PM, Mike Bobkiewicz wrote: we are running an authorative name server for some domains. After some time our ISP has now delegated the reverse name lookups to our server. We are running bind 9.7.3 on Mac OS X 10.6 and are not able to bring the reverse name

Re: Question

On Apr 12, 2012, at 3:38 PM, Dustin Moon wrote: Any Reason people could see why this config would not allow remote systems that can ping this server to do lookups on it? Why, yes-- see the following line: allow-query { localhost; }; ...? Regards, -- -Chuck

Re: Update

On Apr 12, 2012, at 3:52 PM, Dustin Moon wrote: #allow-query { any; }; Commenting it out entirely is *not* the same thing as changing it to a setting which allows remote clients to make queries. Regards, -- -Chuck ___ Please visit

Re: DNS faileover

On Apr 11, 2012, at 10:26 AM, mfla wrote: We use 3 BIND each is configured as Master. Each domain is configure with 3 NS records according to the above 3 BIND. What happens for end users when tthey try to access the domain but one of the BIND server is down ? Assuming all of the clients were

Re: troubleshooting bind

Hi-- On Apr 9, 2012, at 9:55 AM, Marseglia, Michael wrote: [ ... ] When configuring BIND for an internal corporate network with a thousand clients should any of the default values be tweaked? I’ve searched for tuning guidance but I haven’t found any yet. I’ve taken interest in the

Re: Apple OS and DNS resolution (._dns-sd.udp. requests)

On 4/5/2012 5:08 AM, Matus UHLAR - fantomas wrote: Hello, our customer (an ISP) reported that his clients have problems resolving sites like facebook, youtube, aplestores and that the problems only affect apple computers. I notice many requests for dns service discovery: Apr 5 09:47:20 t03

DSN for Matus...

Hi, Matus-- Your anti-spam measures block direct delivery. ab...@codefab.com works fine (it goes to me, as does postmaster@); I don't know why you would try to do an RFC-ignorant lookup on the hostname in the PTR record Regards, -- -Chuck begin forwarded message This is the

Re: BIND Lameness

On 4/2/2012 10:37 PM, Keith Burgoyne wrote: [ ... ] I've recently replaced the master server at 24.222.7.11, and am now running bind 9.7.3. My question is: I keep seeing log entries like Apr 2 23:24:17 clementine named[5870]: lame server resolving 'comuna.silverorange.com' (in

Re: BIND Lameness

On 4/3/2012 10:14 AM, Barry Margolin wrote: In articlemailman.419.1333434497.63724.bind-us...@lists.isc.org, Chuck Swigercswi...@mac.com wrote: [ ... ] Does the following help: http://www.dnsvalidation.com/reports/4f7a96b37d79ee376912

Re: How to reset the serial number?

On Mar 26, 2012, at 11:30 AM, Carlos Ribas wrote: I accidentally changed the serial number to one bigger than 32 bits and now I'm trying to reset the serial number. Following the manual of Bind9 I tried to add 2147483647 (2ˆ31-1) to the number and reload the server, but my slave is not

Re: DNS requests error sending response: host unreachable

On Mar 12, 2012, at 8:09 AM, Romgo wrote: Dear community, I do have many error in my Bind's log file such as : client 192.168.201.1#29404: error sending response: host unreachable It seems that I have an iptables issue as each time I shut iptables I don't have anymore this message

Re: DNS requests error sending response: host unreachable

On Mar 12, 2012, at 1:24 PM, Romgo wrote: Here is my Iptables configuration for bind : # prod.dns.in $IPTABLES -t filter -A INPUT -j LOGACCEPT -p udp --dport 53 -i eth1-d 192.168.201.2 -s 0/0 $IPTABLES -t filter -A INPUT -j LOGACCEPT -p tcp --dport 53 -i eth1 -d 192.168.201.2 -s 0/0

Re: what's wrong with the e.hushpuppies-australia.com delegation @ns.domainnetwork.se ?

Hi-- On Feb 27, 2012, at 12:14 PM, M. Meadows wrote: But dig e.hushpuppies-australia.com +nssearch @8.8.8.8 Yields no nameserver list. +nssearch does SOA lookups for each of the nameservers, but ns.domainnetwork.se (and so forth) only returns an SOA record for

Re: Query Regarding AKAMAI Working Model

Hi, Gaurav-- On Feb 17, 2012, at 11:15 AM, Gaurav kansal wrote: I want to know how AKAMAI works They work well. :-) May be this is not the right forum to ask but I am asking this here because AKAMAI heavily depend on its HL-DNS and LL-DNS AND these DNS Servers answer the query based

Re: Efficacy of using short timeout values for an A record

On Feb 14, 2012, at 11:11 AM, Alan Clegg wrote: On 2/14/2012 1:42 PM, Chuck Swiger wrote: ISC's BIND has (or had) a MINTTL value of 5 minutes / 300 seconds. It's probably unreasonable to expect other platforms to refetch DNS records faster than that. Uh... no. BIND has always respected

Re: Efficacy of using short timeout values for an A record

On Feb 14, 2012, at 2:16 PM, Mark Andrews wrote: ISC's BIND has (or had) a MINTTL value of 5 minutes / 300 seconds. It's probably unreasonable to expect other platforms to refetch DNS records faster than that. To the best of my knowlege this is just plain wrong. Look at BIND-4.8.3 and

Re: Forward Domain

On Jan 15, 2012, at 8:41 AM, Markus Braun wrote: DNSMASQ is basically a DNS forwarder but it has a bunch of other features. Check the Wikipedia page on it and if you have questions please ask on their mailing list or forum. Regarding BIND, if you have issues with your server returning

Re: best practices for two-location DDNS for a single domain

Hi-- On Jan 12, 2012, at 5:04 PM, Chris McCraw wrote: But those aren't an option here - they both need to serve the same domain and both need to allow local DDNS updates visible from both sides, and work in the absence of a network between the two. I've done some searching and it does not

Re: About root zones

On Jan 3, 2012, at 11:13 AM, Peter Andreev wrote: Unfortunately as I learning BIND more, I understand that it is not very suitable for my requirements. Which are? I've been trying to understand what the actual problem you are trying to solve might be. Regards, -- -Chuck

Re: About root zones

On Jan 2, 2012, at 2:16 PM, Barry Margolin wrote: If the system resolver is good enough for every other application running on the system, it should be good enough for BIND. Why not at least allow this as an option? The system resolver will happily provide answers based upon data from

Re: intermittent bad horizontal referral?

Hi-- On Oct 17, 2011, at 3:37 PM, Karl Auer wrote: To see it, do (for example): dig+trace biplane.com.au ns Some such queries return correctly, some end up in a BHR loop. I don't see a bad horizontal referral being returned anywhere, but I do get errors against ppsdns6.pps.com.au since

Re: fallback to forwarder if master zone does not have requested record

On Oct 13, 2011, at 7:57 AM, Moser, Stefan (SIDB) wrote: in customer migrations, when we shift customers from an old DNS environment to a new DNS environment, there are sometimes situations where we have to keep the same domain (let’s say “example.com”) both on the old DNS-server and on the

Re: One IP in multiple zones

On Sep 21, 2011, at 12:56 PM, Adamiec, Lawrence wrote: Is it possible to have one IP in multiple zone files for forward lookups? Yes. What type of troubles would be encountered? None. This sort of thing is very commonly done, for example with shared/virtual webservers. Regards -- -Chuck

Re: blacklisting replies, was: Proper CNAME interpretation

On Sep 14, 2011, at 5:09 PM, Ronald F. Guilmette wrote: In message cf550bd6-ba85-4cb3-8b03-e4e1b0829...@mac.com, you wrote: Sigh: your mail server is blacklisting email from mac.com. Yes. Sorry about that. Too much spam from there and no indication that anybody there gives a damn that that

Re: Proper CNAME interpretation

On Sep 14, 2011, at 2:27 PM, Ronald F. Guilmette wrote: The second part however seems to go more to my question, which is What is the resolver supposed to do when some knucklehead breaks the rules and puts a CNAME in with some other stuff? Depends on which query one issued. The very next

blacklisting replies, was: Proper CNAME interpretation

fields: Message-id: 2be47d87-8417-4055-8466-f47cd7fdb...@mac.com Date: Wed, 14 Sep 2011 14:52:34 -0700 From: Chuck Swiger cswi...@mac.com To: Ronald F. Guilmette r...@tristatelogic.com Subject: Re: Proper CNAME interpretation Your message cannot be delivered to the following recipients

Re: Memory utilisation problem on busy bind resolver

Hi, Dennis-- On Aug 9, 2011, at 7:31 AM, Dennis Perisa wrote: We are running a number of BIND 9.7.3-p3 caching nameservers. In the last couple of months, we've observed the memory utilisation of named increasing at a steady rate of 1-2% per day on our busiest resolver with no indication of

Re: epza.gov.tw. MX

Hi-- On Aug 8, 2011, at 1:15 PM, Mark K. Pettit wrote: My resolvers, running BIND 9.7.3P3, are having a difficult time resolving the MX record for the zone epza.gov.tw.. [ ... ] But if I query any of [abc].twnic.net.tw. directly for the IP address of dns.epza.gov.tw, I get an answer.

Re: DNS Caching Issue

On Jul 21, 2011, at 3:02 PM, Sathyan Arjunan (sarjunan) [CONTRACTOR] wrote: Recent days, I am facing frequent caching issues with my DNS servers which are responsible for recursive lookup to external queries. As a temporary solution, we used to refresh the named daemon to clear the cache. To

Re: Reverse lookup flood from a single host

On Jul 15, 2011, at 12:24 PM, Joshua Beard wrote: Greetings, I've noticed a specific client machine doing a crap load of reverse lookups in my named logs. It's just reverse lookups for our internal network, and just from that machine. I can't see that this machine is looking up anything

Re: Clients get DNS timeouts because ipv6 means more queries for each lookup

On Jul 11, 2011, at 1:25 PM, Jonathan Kamens wrote: Even if PowerDNS is the only source of this issue, and even if the new version of PowerDNS is released tomorrow, I'm sure there will still be sites running the old version a year from now. So just relying on a PowerDNS release to fix this

Re: Logging Response Results

On Jun 23, 2011, at 12:16 PM, Stefan Certic wrote: Does anyone have idea on following... Apart from bind9 query log, is it possible to log response returned to client? Sure: use tcpdump, wireshark, or another network sniffer of your choice and observe DNS responses to the clients you're

Re: Logging Response Results

On Jun 23, 2011, at 1:27 PM, Stefan Certic wrote: Thanks Chuck Yes, that would be a solution, but i need logs processed through syslog and stored into database (matching the initial query from query log). Why do you need to send this information via syslog to a database? Pharsing tcpdump

Re: Logging Response Results

On Jun 23, 2011, at 2:28 PM, Stefan Certic wrote: It is Enum server, and logging is taking care of billing process. I don't see why you need to preserve queries and responses, unless you plan to charge differently for different DNS requests. Can't you just track traffic per client using

Re: Bind9 Random Whois and Dig Fails

On Jun 7, 2011, at 11:07 AM, Sri Harsha Yalamanchili wrote: Not much luck using tcpdump either. We know, from both the query_log and tcpdump logging, that the queries are going out. But we never get a reply back. That's the confusing part. The Google DNS server replies back but not our own

Re: dnssec-keygen with different activation date

On May 20, 2011, at 4:41 PM, Noel Rocha wrote: # Showing activate date $ cat Kmydomain.com.+005+48738.key | grep Activate ; Activate: 20110520203500 (Fri May 20 17:35:00 2011) This (20110520203500)2011/05/20 20:35:00 isn't Fri May 20 17:35:00 2011. :( Anyone have idea how to solve this

Re: Empty CNAME chain, should getaddrinfo() return EAI_NONAME or EAI_FAIL?

On Apr 28, 2011, at 3:23 AM, Havard Eidnes wrote: www.apple.com. 281 IN CNAME www.isg-apple.com.akadns.net. www.isg-apple.com.akadns.net. 60 IN CNAME www.apple.com.edgekey.net. www.apple.com.edgekey.net. 17295 IN CNAME e3191.c.akamaiedge.net. ... As a matter of terminology, in the quoted

Re: Empty CNAME chain, should getaddrinfo() return EAI_NONAME or EAI_FAIL?

On Apr 28, 2011, at 11:52 AM, Doug Barton wrote: Agreed. Akamai's EdgeSuite doesn't provide IPv6 records at this time, but e3191.c.akamaiedge.net does have an A record. I understand what you're saying, but I've always referred to such a thing as an empty CNAME chain because it

Re: BIND9 fails resolving after connecting to VPN

Hi-- On Apr 8, 2011, at 10:27 AM, kapetr wrote: After connect to them (new network device created - tun or tap and default route changes) my BIND is not able to reach other (root) nameservers. And resolve requests fails. This is due to how you are operating your VPN. Change it to only add a

Re: BIND9 fails resolving after connecting to VPN

On Apr 8, 2011, at 1:07 PM, kapetr wrote: I absolutely do not understand your answer. OK. I use the VPT to anonymisation. I need all traffic to go over the VPN. OK. That's not the usual method of operation for a routed VPN, but is more commonly used when doing bridging. The VPN must be

Re: BIND9 fails resolving after connecting to VPN

On Apr 8, 2011, at 2:23 PM, kapetr wrote: What does: dig +short rs.dns-oarc.net txt ...do when your VPN tunnel is up? After VPN up and restart of BIND: hugo@duron650:~$ dig +short rs.dns-oarc.net txt ;; connection timed out; no servers could be reached hugo@duron650:~$ Hmm. Your

Re: Best ipfw Rules for DNS-SEC

On Mar 15, 2011, at 11:08 AM, Martin McCormick wrote: Is there a recommended set of firewall rules that insure that all necessary DNS traffic can enter and leave, even the larger packets that result from dns-sec? # allow UDP DNS queries out to the world, and in to your nameservers ## It's

Re: Some hosts not resolving from No-IP by our DNS servers

Hi-- On Mar 9, 2011, at 10:25 AM, Frank Pikelner wrote: I'm having a problem resolving several hosts from NO-IP. When I attempt to resolve them from our DNS servers I get no reply (we can resolve other hosts). I'm not certain why the resolution stops. If I force a resolution using external

Re: BIND9 SERVFAIL on some .gov addresses

On Feb 10, 2011, at 11:26 AM, Ryan Novosielski wrote: dig: isc_socket_create: address family not supported I've read that I shouldn't let this error message lead me anywhere in particular. Does anyone have some advice for where to start troubleshooting? The error message you mention is

Re: BIND9 SERVFAIL on some .gov addresses

On Feb 10, 2011, at 12:39 PM, Ryan Novosielski wrote: health.nyc.gov query-errors: 10-Feb-2011 15:32:30.682 query-errors: debug 1: client 130.219.34.129#55935: query failed (SERVFAIL) for health.nyc.gov/IN/MX at query.c:4630 10-Feb-2011 15:32:30.682 query-errors: debug 2: fetch completed at

Re: bind Bind or BIND?

On Jan 26, 2011, at 6:02 PM, p...@mail.nsbeta.info wrote: When talk to others, I never describe it clearly for naming bind. is it bind or Bind or BIND? is bind an abbreviation word? Yes, BIND is an acronym for Berkeley Internet Name Daemon. Regards, -- -Chuck

Re: named: high memory usage under FreeBSD-7...?

Hi, Dough-- On Dec 21, 2010, at 2:22 PM, Doug Barton wrote: On 12/16/2010 14:48, Chuck Swiger wrote: Hi, bind-users-- I'd recently updated a machine to FreeBSD 7-STABLE, and I've noticed that named from the base system (which claims to be BIND 9.4-ESV-R4) is using more than twice as much

Re: named: high memory usage under FreeBSD-7...?

On Dec 21, 2010, at 4:34 PM, Doug Barton wrote: You're combining too many variables. Whilst on the same platform (presumably FreeBSD 7) install dns/bind94, run your tests. Then deinstall that, and install dns/bind96; then run your tests. I suspect that what you're seeing is actually a

named: high memory usage under FreeBSD-7...?

Hi, bind-users-- I'd recently updated a machine to FreeBSD 7-STABLE, and I've noticed that named from the base system (which claims to be BIND 9.4-ESV-R4) is using more than twice as much memory as it used to: PID USERNAME THR PRI NICE SIZERES STATETIME WCPU COMMAND 706