Bind DNS Server: popular, open-source Domain Name Server
BIND is an open source implementation of the Domain Name System (DNS) of the Internet maintained by ISC (Internet Systems Consortium).
BIND 9 is intended to be fully compliant with the IETF DNS standards and draft standards. Important features of BIND 9 include: TSIG, nsupdate, IPv6, RNDC (remote name daemon control), views, multiprocessor support, Response Rate Limiting (RRL), DNSSEC, and broad portability. RNDC enables remote configuration updates, using a shared secret to provide encryption for local and remote terminals during each session.
Written in: C, C++
Download Bind: Source Code and Binaries
License: OpenSource Mozilla Public License (Version 2.0)
Project Website: isc.org/bind
Documentation: kb.isc.org/docs
Project Goals
- Bind is the de facto standard DNS server provided by ISC.
- Intended to be fully compliant with the IETF DNS standards and draft standards.
- To be a very flexible, full-featured DNS system.
Project Features
- BIND supports Incremental Zone Transfers (IXFR), where slave nameserver will only download the updated portions of a zone modified on a master nameserver.
- It allows you to configure a nameserver to answer queries for some clients in a different way than it answers them for others.
- Can provide nameservice in IP version 6 (IPv6) environments, through the use of A6 zone records.
- Response Rate Limiting (RRL) is an enhancement to named to reduce the problem of "amplification attacks" by rate-limiting DNS responses.
- The minimal-any option reduces the size of answers to UDP queries for type ANY.
- Provides a DNS authoritative system that can be composed of a primary with one or more secondary servers. Zone files are established and updated on a primary server. Secondaries maintain copies of the zone files and answer queries.
Project Design and Security
- DNSSEC - Short for DNS SECurity, this feature allows for zones to be cryptographically signed with a zone key.
- Supports the SIG(0) public/private key method of message authentication.
- Supports the TKEY, which is another shared secret key method of authorizing zone transfers.
- Dynamically-Loadable Zones (DLZ) enable BIND to retrieve zone data directly from an external database.
- Update the server zone files with the remote name daemon control (rndc) utility, without restarting the server.
- Fully supports DNSSEC and has a mature, full-featured, easy-to-use implementation.
Sample Configurations
;# Sample Configuration for Bind 9 @ /etc/bind/named.conf
options {
directory "/var/bind";
pid-file "/var/run/bind/bind_dns.pid";
statistics-file "/var/log/bind/bind_stats.log";
memstatistics-file "/var/log/bind/bind_mem_stats.log";
dump-file "/var/bind/bind_cache_dump.db";
allow-transfer { 1.2.3.4/25; };
recursion yes;
allow-recursion { 127.0.0.1; 169.254.0.0/16; };
listen-on { any; };
listen-on-v6 { none; };
};
key "rndc-key" {
algorithm hmac-md5;
secret "secret-key-goes-here...";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
logging {
channel b_log {
file "/var/log/bind/bind_dns_server.log" versions 5 size 2m;
print-time yes;
print-category yes;
print-severity yes;
severity info;
};
channel b_query {
file "/var/log/bind/bind_dns_query.log" versions 5 size 2m;
print-time yes;
severity info;
};
category config {
b_log;
default_stderr;
};
category default {
b_log;
};
category general {
b_log;
};
category security {
b_log;
};
category xfer-in {
b_log;
};
category xfer-out {
b_log;
};
category unmatched {
b_log;
};
category lame-servers {
b_log;
};
category queries {
b_query;
};
};
// Standard zones
zone "." {
type hint;
file "/etc/db.root";
};
zone "localhost" {
type master;
file "/etc/db.local";
allow-transfer { localhost; };
};
zone "127.in-addr.arpa" {
type master;
file "/etc/db.127";
allow-transfer { localhost; };
};
zone "0.in-addr.arpa" {
type master;
file "/etc/db.0";
allow-transfer { localhost; };
};
zone "255.in-addr.arpa" {
type master;
file "/etc/db.255";
allow-transfer { localhost; };
};
// Custom Zones
zone "5-4.3.2.1.in-addr.arpa" {
type master;
file "/etc/bind/domains/1.2.3.4-5.rev";
};
zone "example.com" {
type master;
file "/etc/bind/domains/example.com.hosts";
};
;# END
;# Sample Configuration for Bind 9 @ /etc/bind/domains/1.2.3.4-5.rev
$TTL 12H
5-4.3.2.1.in-addr.arpa. IN SOA ns1.example.com. admin.example.com. (
2022083101 ; serial (yyyymmdd##)
8H ; refresh (8 hours)
2H ; retry (2 hours)
7D ; expire (1 week)
12H ; minimum (12 hours)
)
IN NS ns1.example.com.
IN NS ns2.example.com.
$ORIGIN 5-4.3.2.1.in-addr.arpa.
5 IN PTR host2.example.com.
4 IN PTR host1.example.com.
;# END
;# Sample Configuration for Bind 9 @ /etc/bind/domains/example.com.hosts
$TTL 12H
example.com. IN SOA ns1.example.com. admin.example.com. (
2022083101 ; serial (yyyymmdd##)
8H ; refresh (8 hours)
2H ; retry (2 hours)
7D ; expire (1 week)
12H ; minimum (12 hours)
)
IN NS ns1.example.com.
IN NS ns2.example.com.
IN A 1.2.3.4
IN MX 1 example.com.
IN MX 2 mail.example.com.
ns1 IN A 1.2.3.4
ns2 IN A 1.2.3.5
www IN CNAME example.com.
;*.example.com IN CNAME example.com.
;# END
; Sample Configuration for Bind 9 @ /etc/bind/db.local
$TTL 12H
@ IN SOA localhost. root.localhost. (
2022083101 ; serial
8H ; refresh (8 hours)
2H ; retry (2 hours)
7D ; expire (1 week)
12H ; minimum (12 hours)
)
@ IN NS localhost.
@ IN A 127.0.0.1
@ IN AAAA ::1
; #END
; Sample Configuration for Bind 9 @ /etc/bind/db.127
$TTL 12H
@ IN SOA localhost. root.localhost. (
2022083101 ; serial
8H ; refresh (8 hours)
2H ; retry (2 hours)
7D ; expire (1 week)
12H ; minimum (12 hours)
)
@ IN NS localhost.
1.0.0 IN PTR localhost.
; #END
; Sample Configuration for Bind 9 @ /etc/bind/db.0
$TTL 12H
@ IN SOA localhost. root.localhost. (
2022083101 ; serial
8H ; refresh (8 hours)
2H ; retry (2 hours)
7D ; expire (1 week)
12H ; minimum (12 hours)
)
@ IN NS localhost.
; #END
; Sample Configuration for Bind 9 @ /etc/bind/db.255
$TTL 12H
@ IN SOA localhost. root.localhost. (
2022083101 ; serial
8H ; refresh (8 hours)
2H ; retry (2 hours)
7D ; expire (1 week)
12H ; minimum (12 hours)
)
@ IN NS localhost.
; #END
;# Sample Configuration for Bind 9 @ /etc/bind/db.root
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.cache
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: August 18, 2022
; related version of root zone: 2022081801
;
; FORMERLY NS.INTERNIC.NET
;
. 3600000 NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
;
; FORMERLY NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 199.9.14.201
B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b
;
; FORMERLY C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
;
; FORMERLY TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
;
; FORMERLY NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e
;
; FORMERLY NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
;
; FORMERLY NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d
;
; FORMERLY AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53
;
; FORMERLY NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
;
; OPERATED BY VERISIGN, INC.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
;
; OPERATED BY RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
;
; OPERATED BY ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42
;
; OPERATED BY WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
; End of file
;# END
