Skip to main content

BIND

BIND

BIND is a widely-used, ISC standard DNS Internet software. It is available for most UNIX-type systems.

  • It can be run inside of a chroot
  • DNSSEC (Domain Name System Security Extensions) - security extensions
  • It allows for different views - different DNS answers, depending on the source IP address
  • It has IPv6 support
  • It includes the rndc (Remote Name Daemon Control) utility.

Configuration

Settings for the BIND configuration file are stored in /etc/named.conf in CentOS/OpenSUSE or /etc/bind/named.conf in Ubuntu.

Some popular configuration options include:

  • listen-on- Port and IP to listen for connections.
  • listen-on-v6
  • allow-query - Controls hosts which can make queries of the server.
  • recursion - Controls the server acting as a recursive resolver.
  • forwarders - When acting as a recursive resolver, controls which nameservers we should query first.
  • forward-first - Controls where the first recursive query happens (forwarders or 'root' domain).

To check the configuration file for proper syntax, use the named-checkconf command. When named is running in a chroot, use the syntax named-checkconf -t <CHROOTDIR>.

The named-checkconf command can also test load any defined master zone files by using the -z switch.

BIND as a Caching Nameserver

Notice the location and names are different, but the configuration has the same elements; they just may be moved into different files. The key configuration file is named.conf.

To set up a caching nameserver:

  1. Install the package:
apt-get install bind9
  1. Change the configuration to listen on a public interface (listen-on, listen-on-v6, allow-query):
/etc/bind/named.conf
  1. Start the BIND daemon:
systemctl start bind9

BIND Zone Configuration

When it comes to the BIND zone configuration, each authoritative zone needs a definition in named.conf. Slave zones also are defined in named.conf.

A zone definition for a master zone in named.conf looks like this:

zone "example.com." IN {
   type master;
   file "example.com.zone";
};

A zone definition for a slave zone in named.conf looks like this:

zone "foo.example." IN {
   type slave;
   masters { 192.168.122.11; 192.168.131.45; };
};