BIND

From Gentoo Wiki
Jump to: navigation, search
Resources

BIND, or the Berkeley Internet Name Daemon, is a popular free software DNS server, and also one of the most frequently used name servers on the Internet.

With BIND, users are able to set up a name server for managing their own DNS records, for caching DNS or acting as a slave DNS server. The software supports DNSSEC (which provides cryptographic signatures on the DNS records as a means to authenticate the integrity and ownership of the records) natively.

Installing BIND

BIND is offered through the net-dns/bind package. Please check the USE flags before installing. As BIND is a popular name server software, it is also a popular target for hackers and malicious groups, so it is wise to securely configure BIND - which includes building in support for only those features you are planning to use.

Use Flags

USE flag (what is that?) Default Recommended Description
berkdb Yes Add support for sys-libs/db (Berkeley DB for MySQL)
caps Yes Use Linux capabilities library to control privilege
dlz No Enables dynamic loaded zones, 3rd party extension
doc No Add extra documentation (API, Javadoc, etc). It is recommended to enable per package instead of globally
filter-aaaa No Enable filtering of AAAA records over IPv4
fixed-rrset No Enables fixed rrset-order option
geoip No Add geoip support for country and city lookup based on IPs
gost No Enables gost OpenSSL engine support
gssapi No Enable gssapi support
idn No Enable support for Internationalized Domain Names
ipv6 Yes Add support for IP version 6
json No Enable JSON statistics channel
ldap No Add LDAP support (Lightweight Directory Access Protocol)
mysql No Add mySQL Database support
nslint No Build and install the nslint util
odbc No Add ODBC Support (Open DataBase Connectivity)
postgres No Add support for the postgresql database
python No Add optional support/bindings for the Python language
rpz No Enable response policy rewriting (rpz)
seccomp No Enable seccomp for system call filtering
selinux No  !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
ssl No Add support for Secure Socket Layer connections
static-libs No Build static versions of dynamic libraries as well
threads No Add threads support for various packages. Usually pthreads
urandom No Use /dev/urandom instead of /dev/random
xml No Add support for XML files

Emerge

root #emerge --ask net-dns/bind

add bind to the boot scripts to automatically start bind upon boot.

root # rc-update add named default

If you are planning on using BIND in a chrooted environment, edit /etc/conf.d/named and set the CHROOT variable accordingly. Check the comments as well, as they provide information on automatically creating the chrooted environment using emerge --config.

Managing BIND

Most management of BIND is done through its rndc command, although you can use the /etc/init.d/named init script as well. Next to the default start/stop/restart routines, it also offers the following functionality:

  • checkconfig validates the configuration file /etc/bind/named.conf for correct syntax
  • checkzones validates the zone files for correct syntax
  • reload reloads the zone files without restarting the named daemon itself

Bind-tools

Use flags

USE flag (what is that?) Default Recommended Description
doc No Add extra documentation (API, Javadoc, etc). It is recommended to enable per package instead of globally
gost No Enables gost OpenSSL engine support
gssapi No Enable gssapi support
idn No Enable support for Internationalized Domain Names
ipv6 Yes Add support for IP version 6
readline Yes Enable support for libreadline, a GNU line-editing library that almost everyone wants
ssl Yes Add support for Secure Socket Layer connections
urandom No Use /dev/urandom instead of /dev/random
xml No Add support for XML files

Emerge Bind-tools

root #emerge --ask net-dns/bind-tools

Recipes

Easy Caching DNS

root #echo "dns_servers="127.0.0.1" >> /etc/conf.d/net

As root edit /etc/bind/named.conf add your internet services dns where the x.x.x.x are.

FILE /etc/bind/named.conf
forwarders {
		x.x.x.x;	// Your ISP NS
		x.x.x.x;	// Your ISP NS
		4.2.2.1;		// Level3 Public DNS
		4.2.2.2;		// Level3 Public DNS
		8.8.4.4;		// Google Open DNS
		8.8.8.8;		// Google Open DNS
	};
root #rc-service named restart
user $dig google.com

Other resources