mail us  |  mail this page

contact us
training  | 
tech stuff  | 

Chapter 5. BIND (Berkeley Internet Name Domain)

This chapter describes HOWTO install BIND 9.x on a variety of OS Platforms as well as BIND's command line arguments. Finally - BIND runs as the daemon named on *nix systems and named.exe under Windows.

FreeBSD Installation

FreeBSD differentiates between a base DNS install and a normal DNS install. There are some serious choices to be made when installing from the ports system. We assume the theory behind this is to enable experimentation with the new software but with the ability to return to the original DNS software by changing configuration options in the rc.conf file if things get a bit wobbly.

You can either install an updated BIND 9 as well as the default BIND 9 installation or you can replace the base version. The base version is installed in /usr/sbin (and the tools in /usr/bin) whereas a normal (non-base) ports installation is made to /usr/local/sbin (and the tools to /usr/local/bin). Finally the base version assumes the named.conf file in /etc/namedb/named.conf whereas a non-base install assumes /usr/local/etc/named.conf.

BIND 9 non-base install

Assuming you have updated the ports-dns collection proceed as normal:

cd /usr/ports/dns/bind9
make install clean

The above sequence installs BIND9 in /usr/local/sbin and the tools in /usr/local/bin and assumes the named.conf file is in /usr/local/etc.

If you want to run BIND9 at startup you must edit /etc/rc.conf as follows:

# add following line if not present
named_enable="YES"
# the line below must replace the line named_program="/usr/sbin/named' if present 
# otherwise add it
named_program="/usr/local/sbin/named"

Either copy your named.conf file from /etc/namedb to /usr/local/etc before you restart Bind or create a new version of the file in this directory.

To use the BIND9 tools you must precede the command with the BIND9 tool directory path:

 
# this will run the newly installed Bind9 version
/usr/local/bin/dig example.com any
# but this command
dig example.com
# this will run the base dig version
dig example.com

BIND 9 replace base install

This assumes you either want to run the latest version of BIND as the base system - replacing the exiting BIND - or a new install with Bind 9 as the base system. Assuming you have updated the ports-dns collection proceed as follows:

cd /usr/ports/dns/bind9
make WITH_PORT_REPLACES_BASE_BIND9=yes install clean

The above sequence installs BIND9 in /usr/sbin and the tools in /usr/bin.

If you want to run BIND9 at startup you may need to edit /etc/rc.conf as follows:

# add following line if not present
named_enable="YES"
# add the line following line if not present
named_program="/usr/sbin/named"

No special action is required to run BIND9 tools:

 
# this will run the Bind9 dig version
dig example.com

FreeBSD Issues

By default FreeBSD installs Bind 9 as the default (or base) version but with the following wrinkles:

  1. Bind9 defaults to run in a chroot jail or a sandbox (which nows seems the "in" term for a jail) in which all BIND9 files are maintained under /var/named - including named.conf, log files and pid files (hard links are provided so you can continue to find the files where you thought they would be). To disable the sandbox add to /etc/rc.conf the following line(s):

    named_chrootdir=""	               # disables jail/sandbox 
    named_pidfile="/var/run/named/pid" # Must set this in named.conf as well
    named_chroot_autoupdate="NO"       # Automatically install/update chrooted
                                       # components of named. See /etc/rc.d/named.
    named_symlink_enable="NO"	         # Symlink the chrooted pid file
    

    The default value of these parameters in /etc/defaults/rc.conf are:

    named_enable="YES"                 # Run named, the DNS server (or NO).
    named_program="/usr/sbin/named"	   # path to named, if you want a different one.
    named_flags="-u bind"              # Flags for named
    named_pidfile="/var/run/named/pid" # Must set this in named.conf as well
    named_chrootdir="/var/named"       # Chroot directory (or "" not to auto-chroot it)
    named_chroot_autoupdate="YES"      # Automatically install/update chrooted
                                       # components of named. See /etc/rc.d/named.
    named_symlink_enable="YES"         # Symlink the chrooted pid file
    

    As always you should not update the /etc/defaults/rc.conf file but rather edit /etc/rc.conf which will replace entries already defined in /etc/defaults/rc.conf.

  2. The system does not ship with localhost or localhost.ca (localhost.rev in our terminology) files instead there is a script /etc/namedb/named.sh which will help you define these files.

up icon

Linux Installation

This information was seriously out of date so we will update it - One day real soon now™

up icon

BIND Command Line Arguments

This section describes the various command line options for BIND. You can get these using man named but reproduced here for consistency.

Arg Param Notes
-c /path/to/config-file Absolute path to the config file (named.conf). This allows you to both change the location and the name of this file. Default depends of OS (Linux = /etc/named.conf, BSD = either /etc/namedb/named.conf or /etc/local/etc/named.conf, Windows = c:\winnt\system32\dns\etc\named.conf.
-d de-bug level
-f - run in foreground (don't run as daemon) - normally only for de-bug purposes.
-g - run in foreground (don't run as daemon) and log to stderr (console) - normally only for de-bug purposes.
-n #cpus Create #cpus worker threads to take advantage of multiple CPUs. If not specified, named will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created.
-p port-no Listen on defined port number. Default is 53. Normally only used for debugging purposes since queries are received on port 53.
-t directory The path to the a directory to be used when named is run in a sandbox (a chroot jail). This is conventionally set to /var/named/chroot in most systems which offer this service as a standard configuration or option (BSD and FC2 do) but can be set to anything you want. Must be used in conjunction with the -u argument below to provide any meaningful security.
-u user Cause bind to suid() (change user name) after creating sockets on port 53 (which is in the privileged range of < 1024). If not present runs as user root. Generally used only with chroot options (-t above) but most start-up scripts now use -u named argument even if not chrooted which means that log files files will have to have appropriate permissions set.
-v - Displays the bind version number to stdout (console) and exit.

There are two further arguments (-s and -x) which should only be used by developers and have been omitted.

up icon

Install on Windows



Problems, comments, suggestions, corrections (including broken links) or something to add? Please take the time from a busy life to 'mail us' (at top of screen), the webmaster (below) or info-support at zytrax. You will have a warm inner glow for the rest of the day.

Pro DNS and BIND by Ron Aitchison

Contents

tech info
guides home
dns articles
intro
contents
1 objectives
big picture
2 concepts
3 reverse map
4 dns types
quickstart
5 install bind
6 samples
reference
7 named.conf
8 zone records
operations
9 howtos
10 tools
11 trouble
programming
12 bind api's
security
13 dns security
bits & bytes
15 messages
resources
notes & tips
registration FAQ
dns resources
dns rfcs
change log

Creative Commons License
This work is licensed under a Creative Commons License.

If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C STANDARDS COMPLIANT browser such as Firefox

Search

web zytrax.com

Share

share page via facebook tweet this page

Page

email us Send to a friend feature print this page Decrease font size Increase font size Display full width page

Resources

Systems

FreeBSD
NetBSD
OpenBSD
DragonFlyBSD
Linux.org
Debian Linux

Software

LibreOffice
OpenOffice
Mozilla
GitHub
GNU-Free SW Foundation
get-dns

Organizations

Open Source Initiative
Creative Commons

Misc.

Ibiblio - Library
Open Book Project
Open Directory
Wikipedia

Site

CSS Technology SPF Record Conformant Domain
Copyright © 1994 - 2017 ZyTrax, Inc.
All rights reserved. Legal and Privacy
site by zytrax
Hosted by super.net.sg
web-master at zytrax
Page modified: January 25 2017.