Holding the Internet Together With BIND

by M.A. Dockter

DNS can easily be described as the Rodney Dangerfield of the Internet; it doesn't get any respect! The DNS is so key that without it, the Internet would likely come to a screeching and moaning halt. Yet few people know how it works and how it functions.

DNS can easily be described as the Rodney Dangerfield of the Internet; it doesn't get any respect! The DNS is so key that without it, the Internet would likely come to a screeching and moaning halt. Yet few people know how it works and how it functions.

By far, the most heavily used DNS server on the Internet is the Berkley Internet Name Domain system (BIND). BIND is open source and available from the Internet Software Consortium for free. It is the most simple of DNS Servers, yet the most robust, and the most widely used on all the net.

The ISC Web site states that in order to run BIND, you must be running a Unix-based system with an ANSI C compiler, basic POSIX support, and a good pthreads implementation. The following operating systems have been successfully configured in the past by ICS to run BIND:

  • AIX 4.3
  • COMPAQ Tru64 UNIX 4.0D
  • COMPAQ Tru64 UNIX 5 (with IPv6 EAK)
  • FreeBSD 3.4-STABLE, 3.5, 4.0, 4.1
  • HP-UX 11
  • IRIX64 6.5
  • NetBSD current (with unproven-pthreads-0.17)
  • Red Hat Linux 6.0, 6.1, 6.2, 7.0
  • Solaris 2.6, 7, 8

Because BIND is Unix-based, installation can be a nightmare. Downloading BIND, however, is easy. Visiting www.ics.org and going through the process of downloading the latest version of BIND is the best (and usually only) way to get the program. All you have to do is download the install file to an empty directory; then enter the following command into the prompt:

gunzip < bind-src.tar.gz | tar xf - 

This will extract the BIND source code into the current directory. After extraction is complete, you will need to compile the source code. It would be nearly impossible to explain how to install it on every given machine that it can be installed on, so your best bet is to check out the src/INSTALL file for instructions straight from ICS.

Believe it or not, BIND is also available for Windows NT. It comes uncompiled though, so you'll need a C++ compiler such as Visual C++ 6.0 to compile it into a functional binary. The NT version can be downloaded from ftp://ftp.isc.org/isc/bind/src/8.2.2-P5/bind-src.tar.gz. The source that needs to be compiled should be in src/port/winnt.

General information about BIND is difficult to come by. If you are serious about learning BIND, the best thing to do is pick up what is often referred to as the "BIND Bible." The BIND Bible is a well-written book by two BIND developers, Paul Albitz and Cricket Liu, and published by O'Reilly. Its actual name is "DNS and BIND."

There is also a BIND mailing list, which you can sign up for at http://www.isc.org/services/public/lists/bind-lists.html. It is recommended that you search through the list archives before submitting any questions to prevent getting flamed and having your question go unanswered.

Don't get me wrong, just because BIND is the most frequently used DNS server does not mean it's perfect and everyone should run it. The older BIND 4 and the more recent BIND 8 have been found to have major security flaws. Although it would take a few hardcore hackers several months to find this hack, it has the potential to bring down most of the ISPs' DNS servers, and therefore most users' Internet connections. Versions 4.9.8, 8.2.3, and 9.1 of BIND do not have this flaw, and it is recommended that users upgrade to this version of the software.

By reading this tutorial, you now know a majority of the information out there on BIND without actually installing the product and playing with it. It is now up to you to install it or get the book and learn more.

If you still want to run BIND, the most recommended way to get it is via ISC. There are no other major versions of BIND like there are of Linux. ISC BIND is the only one in the eyes of many people.

BIND, as well as other DNS server packages, doesn't just store translation information between domain names and IP address. (More can be found out about how DNS works here.) Aside from the "A" record, which translate a host name into an IP address, there are many other types of records in a DNS database. Below are a few, with a quick rundown of each, and their function.

  • CNAME: CNAME is a pointer to another host. The use of the CNAME entry is very important if one wishes to refer to the same machine as mail.host.com, pop.host.com and even smtp.host.com. CNAME records generally point to a record defined by the "A" Record. An Entry looks like:
    Secondaryhost.domain.com. IN CNAME host.domain.com
  • SOA (Start of Authority): This holds some administrative information about the domain records for which the server has some authority. It is a must-have for all DNS databases. This record also holds the time to live information for all records in its database.

  • A: This is the record that makes everything possible. It is the record that actually maps the domain name to the IP address. An example entry would look something like:
    hostname.domain.com. IN A
  • MX (Mail Exchanger): If you want to offer e-mail, this is the record for you. MX defines which computer will act as the mail server for a certain domain. A sample entry would look like:
    Domain.com. 10 IN MX hostnameofmailserver.domain.com
    Domain.com is the name of the domain you wish to use for e-mail. Using this setup, the Webmaster's e-mail address would be webmaster@Domain.com. The Webmaster would log in to check his or her e-mail by using hostnameofmailserver.domain.com as a POP and SMTP server. The number "10" signifies the priority of the mail server. This comes in handy for large systems that have a back-up e-mail server or two.

  • PTR: Although PTR records can be used in many ways, they are most commonly used for reverse DNS look ups, also known as in-addr.arpa lookups. in-addr.arpa PTR records are the exact opposite of A records. The in-addr.arpa PTR record for the sample A record above would look like this: IN PRT hostname.domain.com.
    PTR in-addr.arpa records are used mainly for security issues, to verify that a computer actually is what it says it is.

  • NS (Name Server): NS records simply identify the authoritative name server for a domain. There must be at least two of these records for every domain. A sample entry looks like:
    Domain.com. IN NS nameserver.whereever.com.

As said before, DNS is one of the most least understood and most important aspects of the Internet. If it weren't for DNS names, the world of dot-coms wouldn't be known by such names as "amazon.com" but rather by numbers like, That would lead to some very interesting stock market trading, not to mention some rather confused Internet users. Because of DNS, Internet use is easier, and therefore more attractive, for simpler users. In fact, in many cases the best way to keep a server from the general public is to not give it a domain name.

If we start using DNS as a tool instead of taking it for granted, maybe the system won't feel so much like Rodney Dangerfield after all. An understanding of BIND is one way to take the first step.

This article was originally published on Thursday Mar 8th 2001
Mobile Site | Full Site