Difference between revisions of "Tutorial BIND9"
| Line 2: | Line 2: | ||
=== Features === | === Features === | ||
| − | * | + | Important features of BIND 9 include: |
| + | * TSIG | ||
| + | * nsupdate | ||
| + | * IPv6 | ||
| + | * RNDC (remote name daemon control) | ||
| + | * views | ||
| + | * multiprocessor support | ||
| + | * Response Rate Limiting (RRL) | ||
| + | * DNSSEC, and | ||
| + | * Broad portability | ||
| + | |||
| + | RNDC enables remote configuration updates, using a shared secret to provide encryption for local and remote terminals during each session. | ||
=== TL;DR === | === TL;DR === | ||
Revision as of 17:18, 25 July 2024
BIND is a suite of DNS software. Its most prominent component, named (pronounced name-dee, short for name daemon), performs both of the main DNS server roles, acting as an authoritative name server for DNS zones and as a recursive resolver in the network. Also contained in the suite are various administration tools such as nsupdate and dig, and a DNS resolver interface library.
Features
Important features of BIND 9 include:
- TSIG
- nsupdate
- IPv6
- RNDC (remote name daemon control)
- views
- multiprocessor support
- Response Rate Limiting (RRL)
- DNSSEC, and
- Broad portability
RNDC enables remote configuration updates, using a shared secret to provide encryption for local and remote terminals during each session.
TL;DR
sudo apt install -y bind9
Step-by-step Tutorial
- Login to your server
- Install package Unbound
sudo apt install -y bind9
Testing
Checking configuration:
sudo unbound-checkconf
If the output is not like this, there is some error:
unbound-checkconf: no errors in /etc/unbound/unbound.conf
Run a few queries, eg.:
dig @127.0.0.1 yahoo.com
Go through the output:
labuser@labmachine:~$ dig @localhost yahoo.com ; <<>> DiG 9.18.24-1-Debian <<>> @localhost yahoo.com ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26347 ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;yahoo.com. IN A ;; ANSWER SECTION: yahoo.com. 1428 IN A 74.6.143.25 yahoo.com. 1428 IN A 74.6.231.21 yahoo.com. 1428 IN A 98.137.11.164 yahoo.com. 1428 IN A 98.137.11.163 yahoo.com. 1428 IN A 74.6.143.26 yahoo.com. 1428 IN A 74.6.231.20 ;; Query time: 0 msec ;; SERVER: ::1#53(localhost) (UDP) ;; WHEN: Thu Jul 25 11:01:56 UTC 2024 ;; MSG SIZE rcvd: 134
Additional Config
By default, it only allows query from localhost. To enable query from your networks, setup appropiately in /etc/unbound/unbound.conf.d/local.conf file:
$ cat local.conf
server:
# specify the interface to answer queries from by ip-address.
interface: 0.0.0.0
# interface: ::0
# addresses from the IP range that are allowed to connect to the resolver
access-control: 10.0.0.0/8 allow
# access-control: 192.168.0.0/16 allow
# access-control: 2001:DB8/64 allow
