Installing the BIND DNS Server From Source

Compiling the BIND DNS server from source is easy to perform. We will assume that the reader has no prior knowledge of compiling from source but has root privileges and the basic skills required to operate their Linux server. There are several reasons why you may want to compile BIND from source, your chosen distribution may not have support for apt or rpm packages or you may simply require a higher level of control over the level of functionality is needed and where things are installed.

Get the Latest BIND Source Code

To compile your BIND DNS server you will require the latest source distribution from The Internet Systems Consortium Website. The easiest way to get the source distribution onto your Linux server is by using wget but alternately you may prefer to download the source elsewhere and FTP it to your server or copy it to disk or USB drive. Once you have the source distribution you should unpack it using tar and gzip into a directory on your Linux server so that you can start working with it. BIND must be installed as root but you can compile it as an ordinary user. This is what the process of downloading, unpacking and installing BIND looked like on our Slackware Linux server. Please note that the $ and # simply indicate that there is a prompt and what type of prompt it is, they should not be typed in.

First it is wise to create a working directory for the source code, I like to compile things in my home directory on my own user account and su to root for the installation.

$ mkdir /home/john/bind $ cd /home/john/bind

Next we must download the source distribution for the DNS server onto our Linux server. I usually secure shell into my Linux servers using Putty from a Windows computer and this can make it very easy to download the source. Locate the link to download BIND source code on the ISC website but instead of left clicking on it to download it to your Windows computer right click on it and select copy shortcut. Go to your Putty terminal, type wget and a space then right click to paste the copied shortcut into the terminal. Press enter and you are downloading the source directly to your Linux server! Too easy?

$ wget http://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz

Once the source code has been retrieved by wget it needs to be uncompressed before you can work on it. We can use gzip and tar to perform these tasks. We use gzip to perform the first stage of decompression. The | redirects the output of gzip from stdout to tar, which completes the decompression $ gzip -cd bind-9.6.1-P1.tar.gz | tar xvf - Compile the BIND DNS Server Source Code The configure script performs a series of checks that determine what compiler is being used, what operating system the software is being installed on and what additional options you require so that it may prepare the makefile used by the make program to compile your software. If no additional options are used the configure scripts will fall back to defaults which will generally allow the program to compile successfully but it may be installed somewhere other than where you prefer and lack some functionality you might require. For example without the --prefix= option specified BIND will likely automatically default to installing in /usr/local. Please consult our list of BIND Compile Options for further information. The make command will compile the source code for you and prepare it for installation, which is completed by typing make install. If you are not logged in as root you must change to the root user using the su command or you will not have suitable permission to install BIND. Alternately you may need to use the sudo command, ie sudo make install if this is the preferred method for your chosen Linux distribution. $ ./configure $ make $ su Password: # make install The above steps will install the BIND DNS server onto your Linux server but there are still a few steps we may need to take to make the installation functional. It is likely that a named.conf file is still not present on your Linux server, there will be no hints file to tell your DNS server the IP addresses of the root servers and we may elect to have a specific working directory somewhere on /var for zone files etc.

Named.conf for a Caching Nameserver

A caching nameserver is a DNS server that performs lookups on behalf of client computers and stores the results in a cache. This can result in faster lookup times and less DNS traffic if there are a reasonable number of computers using the nameserver that have a tendency to go to the same sites. The example named.conf file below is commonly found on BIND installations that come with your Linux distribution and its purpose is to provide a basic caching nameserver. As configuring a caching nameserver is documented elsewhere in this section we shall focus on making it work rather than what everything does.

Starting by creating your /etc/named.conf file as shown below.

options { directory "/var/named"; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; }; // // a caching only nameserver config // zone "." IN { type hint; file "named.root"; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; };

The Root Cache and Basic Zone files

The named.conf file above specifies /var/named as the DNS servers working directory. We must make sure it exists and create it if it doesnt. Change to the /var/named directory once you have created it.

# mkdir /var/named # cd /var/named

Any DNS server that performs recursive DNS lookups must be aware of the location of the parent nameservers. This is provided by a file that contains the parent nameservers names and IP addresses that is usually called named.root, named.cache or root.zone. Download this file as described in How and Where to Download a New named.root and make sure it is present in /var/named with the filename as named.root as specified in our named.conf.

There are two other files specified in our named.conf and they must be present for your nameserver to be working 100% as it should. These two files are present to allow clients of the DNS server to resolve their loopback address. Your Linux server needs to be able to do that too so this is generally considered to be a necessity, regardless of the final configuration of your DNS server.

named.local looks like this-

$TTL 86400 @ IN SOA localhost. root.localhost. ( 1997022700 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN NS localhost. 1 IN PTR localhost.

localhost.zone looks like this-

$TTL 86400 $ORIGIN localhost. @ 1D   IN SOA @ root ( 1997022700 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum 1D IN NS @ 1D IN A 127.0.0.1

You should now be able to start your nameserver simply by typing named at the command prompt. The nameserver will start using the configuration we have just created. You can check for any errors by typing tail -f /var/log/messages. Test your nameserver using the dig command-

# dig www.google.com ; <<>> DiG 9.6.1-P1 <<>> www.google.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31003 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.google.com. IN A ;; ANSWER SECTION: www.google.com. 604800 IN CNAME www.l.google.com. www.l.google.com. 300 IN A 66.102.11.99 www.l.google.com. 300 IN A 66.102.11.104 ;; AUTHORITY SECTION: google.com. 172799 IN NS ns2.google.com. google.com. 172799 IN NS ns1.google.com. google.com. 172799 IN NS ns3.google.com. google.com. 172799 IN NS ns4.google.com. ;; Query time: 707 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Oct 27 11:47:56 2009 ;; MSG SIZE rcvd: 156