Instrumenting BIND 9 on Linux with BCC/eBPF

Presented by

Carsten Strotmann

About this talk

eBPF, the “extended Berkeley Packet Filter”, is a powerful technology to instrument the Linux Kernel and applications. It will probably replace the traditional Linux Firewall (netfilter/iptables/nftables) in the coming years, so if you are not using it yet, you should learn now. eBPF tools and scripts can be used to gain insight into a running processes, such as named. eBPF also provides valuable information for performance tuning on Linux. eBPF sees not only the network packets (like a traditional firewall), but also the syscalls and other kernel information. So it is possible to create richer firewall rules based on application data. This webinar gives an introduction into the eBPF/BCC toolset and shows how to use the tools to inspect a running BIND 9 process. We walk through the process of creating an eBPF script that logs BIND 9 forwarding actions (something that BIND itself doesn't do). --- Learn more at

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (28)
Subscribers (252)
Internet Systems Consortium is a non-profit corporation dedicated to developing software and offering services in support of the Internet infrastructure. ISC develops and distributes three open source Internet networking software packages: BIND 9, ISC DHCP, and Kea DHCP. BIND 9, ISC’s Domain Name System (DNS) software program, is widely used on the Internet by enterprises and service providers, offering a robust and stable platform on top of which organizations can build distributed computing systems. ISC DHCP and Kea implement the Dynamic Host Configuration Protocol for connection to an IP network. Kea DHCP is ISC newer DHCP software, and is designed for modular extension, dynamic reconfiguration, and high performance. In addition to our open source software, ISC also operates critical Internet infrastructure in the form of the F-Root server, one of the 13 Internet root name servers that power the global Internet. ISC is supported through the sale of annual support subscriptions for our open source software. These support services also include advance notification of security vulnerabilities, and in some cases, non-public software extensions. For more information please visit or email us at