Before we install BIND DNS server, let us try to have a quick overview of the DNS protocol.
DNS Overview
In order to locate a certain service or a resource on the internet, a unique Internet Protocol (IP) address is assigned to the server providing the services and resources. We currently have two types or versions of IP addresses used, the IPv4 or Internet Protocol Version 4 and the IPv6 or Internet Protocol Version 6. These are numerical address representations assigned to each device that is connected to a computer network. The difference between these two versions of addresses is their length. IPv4 is a 32-bit numerical address representation, while IPv6 is an enhancement of IPv4 and has a 128-bit numerical address representation. Network devices will communicate with each other using these IP addresses.
DNS or the Domain Name System protocol is one of the major building blocks of the Internet. It was designed to assign or associate a name to a certain IP address since names are easier to memorize compared to numbers. Think of the DNS as a distributed database system of the names and IP addresses assignment of the entire internet. The name assigned or associated with the IP address is called the Domain Name, hence the name of the system or protocol: Domain Name System. Servers running a Domain Name System are called DNS servers. They will respond to lookup queries such as “What is the IP address of this particular domain name?” or vice versa, “What is the domain name assigned to this IP address?”. So basically, a DNS server provides a translation of domain name to IP address or IP address to the domain name.
We can generally categorize a DNS Server into two types: an Authoritative DNS server and a Recursive DNS server.
Authoritative DNS
The authoritative DNS server is the server that holds the actual record of assignment of the domain name to IP address. It serves as the owner of that particular record and with that, it is the only server that can give an authoritative answer to DNS queries related to that record.
Recursive DNS
A recursive DNS server on the other hand is the server that does the actual lookup or query. On behalf of the client (or the application) it is the one that sends out the question “What is the IP address of this particular domain name?”. The authoritative DNS server will then provide the recursive DNS server the answer, and it will forward the answer to the client that needs the information. The recursive DNS server will also save the answer into a cache for future use. Hence, a recursive DNS server is also commonly known as DNS Caching Server or Caching server for short.
Installing BIND DNS
BIND stands for Berkeley Internet Name Domain. This is a free and open-source implementation of DNS that was originally developed at the University of California, Berkeley. Currently, it is now developed and maintained by the Internet Systems Consortium or ISC. Although there are other implementations of DNS, BIND DNS is the most widely-used DNS server anywhere in the world.
In this article, we will be installing BIND DNS from source in a FreeBSD Operating System. We can get the latest stable version of BIND DNS at https://ftp.isc.org/isc/bind9/cur/9.16/. We will download the source code through FTP using anonymous as the username and an empty password. But before we start to download through FTP, we need to install first some BIND dependencies using FreeBSD package manager in order to avoid compilation errors.
$ pkg install openssl-1.1.1k_1,1 p5-ExtUtils-PkgConfig-1.16 python37-3.7.10 py37-pip-20.2.3 libuv-1.41.0
$ pip install ply
$ ftp ftp.isc.orgOnce you are in the FTP server, go to the isc/bind9/cur/9.16 directory. This is the location of the current stable version of BIND as of this writing. Download the source code tarball from here and exit from the FTP session using the bye command.
ftp> cd isc/bind9/cur/9.16
ftp> mget bind-9.16.16.tar.xz*
ftp> byeAfter downloading the source code package and other related files containing the hash data of the package, you can either check for the integrity of the source code package against any of those hash data files or you can extract the package right away.
$ tar xzvf bind-9.16.16.tar.xzBIND DNS source code will be extracted at the directory bind-9.16.16/. Go inside this directory and execute the configure script.
$ cd bind-9.16.16/
$ ./configure --with-opensslIf you don’t need DNSSEC support in the future for your DNS server, you may remove the –with-openssl parameter in the configure command.
Start to compile the source code by running make.
$ makeYou have to be a root user in order to successfully install BIND into your system. So before running make install, you need to run su first in order to switch to a root user. You will be asked a root password when running the su command.
$ su
# make installNow check if BIND was successfully installed into our system.
$ named -v
BIND 9.16.16 (Stable Release) <id:0c314d8>You must expect an output similar to the one shown above. It should show the correct BIND DNS version and release.
Conclusion
There is a lot of DNS server implementation available out there, but we choose BIND because it is the most widely used implementation by most System Administrators. It is also actively developed and maintained by ISC, so if there are any bugs or vulnerabilities found in the system, they will be fixed and patched right away.
We can also install BIND in many ways in our FreeBSD Operating System. We can install it easily through the FreeBSD package manager or through the ports collection. But in this article, we show you how to install it by compiling the source code itself. This way, when a code patch is available, it is easy for us to apply and recompile in our system.
If you have some questions or suggestions related to this article, please feel free to comment down below.
You can also find more articles related to FreeBSD here.
