Important: You are required to change your passwords used for Gentoo services and set an email address for your Wiki account if you haven't done so. See the full announcement and Wiki email policy change for more information.

BIND

From Gentoo Wiki
Jump to: navigation, search
External resources

BIND, or the Berkeley Internet Name Daemon, is a popular free software DNS server, and also one of the most frequently used name servers on the Internet.

With BIND, users are able to set up a name server for managing their own DNS records, for caching DNS or acting as a slave DNS server. The software supports DNSSEC (which provides cryptographic signatures on the DNS records as a means to authenticate the integrity and ownership of the records) natively.

Installing BIND

BIND is offered through the net-dns/bind package. Please check the USE flags before installing. As BIND is a popular name server software, it is also a popular target for hackers and malicious groups, so it is wise to securely configure BIND - which includes building in support for only those features you are planning to use.

Use Flags

→ Information about USE flags
USE flag Default Recommended Description
berkdb No Adds support for sys-libs/db (Berkeley DB for MySQL)
dlz No Enables dynamic loaded zones, 3rd party extension
ipv6 No Adds support for IP version 6
ldap No Adds LDAP support (Lightweight Directory Access Protocol)
multilib No On 64bit systems, if you want to be able to compile 32bit and 64bit binaries
python No Adds optional support/bindings for the Python language
ssl No Adds support for Secure Socket Layer connections
static-libs No Build static libraries
threads No Adds threads support for various packages. Usually pthreads
xml No Add support for XML files
caps No Use Linux capabilities library to control privilege
doc No Adds extra documentation (API, Javadoc, etc). It is recommended to enable per package instead of globally
filter-aaaa No Enable filtering of AAAA records over IPv4
geoip No Add geoip support for country and city lookup based on IPs
gost No Enables gost OpenSSL engine support
gssapi No Enable gssapi support
idn No Enable support for Internationalized Domain Names
mysql No Adds mySQL Database support
odbc No Adds ODBC Support (Open DataBase Connectivity)
postgres No Adds support for the postgresql database
rpz No Enable response policy rewriting (rpz)
rrl No Response Rate Limiting (RRL) - Experimental
sdb-ldap No Enables ldap-sdb backend
selinux No  !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
urandom No Use /dev/urandom instead of /dev/random

Emerge

root # emerge --ask net-dns/bind

add bind to the boot scripts to automatically start bind upon boot.

root # rc-update add named default

If you are planning on using BIND in a chrooted environment, edit /etc/conf.d/named and set the CHROOT variable accordingly. Check the comments as well, as they provide information on automatically creating the chrooted environment using emerge --config.

Managing BIND

Most management of BIND is done through its rndc command, although you can use the /etc/init.d/named init script as well. Next to the default start/stop/restart routines, it also offers the following functionality:

  • checkconfig validates the configuration file /etc/bind/named.conf for correct syntax
  • checkzones validates the zone files for correct syntax
  • reload reloads the zone files without restarting the named daemon itself

Bind-tools

Use flags

→ Information about USE flags
USE flag Default Recommended Description
ipv6 No Adds support for IP version 6
readline No Enables support for libreadline, a GNU line-editing library that almost everyone wants
ssl No Adds support for Secure Socket Layer connections
xml No Add support for XML files
doc No Adds extra documentation (API, Javadoc, etc). It is recommended to enable per package instead of globally
gssapi No Enable gssapi support
idn No Enable support for Internationalized Domain Names
urandom No Use /dev/urandom instead of /dev/random

Emerge Bind-tools

root # emerge --ask net-dns/bind-tools

Recipes

Easy Caching DNS

root # echo "dns_servers="127.0.0.1" >> /etc/conf.d/net

As root edit /etc/bind/named.conf add your internet services dns where the x.x.x.x are.

File/etc/bind/named.conf

	forwarders {
		x.x.x.x;	// Your ISP NS
		x.x.x.x;	// Your ISP NS
		4.2.2.1;		// Level3 Public DNS
		4.2.2.2;		// Level3 Public DNS
		8.8.4.4;		// Google Open DNS
		8.8.8.8;		// Google Open DNS
	};
root # rc-service named restart
user $ dig google.com

Other resources