Questions tagged [bind]
BIND is a free, open source software implementation of the Domain Name System (DNS) protocols. The name BIND stands for "Berkeley Internet Name Domain", because the software originated in the early 1980s at the University of California at Berkeley. BIND is currently maintained and developed by the Internet Systems Consortium, a non-profit public benefit corporation with a mission to support a free and open internet.
2,293
questions
64
votes
8
answers
113k
views
Overriding some DNS entries in BIND for internal networks
I have an internal network with a DNS server running BIND, connected to the internet through a single gateway. My domain "example.com" is managed by an external DNS provider. Some of the entries in ...
- 2,025
54
votes
4
answers
46k
views
What does the "IN" mean in a zone file?
Sometimes a record is listed as www IN A 192.168.1.1 and sometimes it is listed as www A 192.168.1.1.
What is the purpose of the IN and when is it required/not required?
- 1,015
53
votes
4
answers
70k
views
Bind to ports less than 1024 without root access [duplicate]
I would like to run applications I'm working on that binds to port numbers less than 1000 without requiring root access.
I'm using Linux Mint and have root access to set it up. I would ideally like ...
- 635
43
votes
10
answers
7k
views
Run antivirus software on linux DNS servers. Does it make sense?
During a recent audit we were requested to install antivirus software on our DNS servers that are running linux (bind9). The servers were not compromised during the penetration testing but this was ...
- 533
40
votes
8
answers
36k
views
DNS: trailing periods
When I edit my bind dns records, I need to add a trailing period for it to work. What is the point of this?
How come when I use everydns.net, they do not require me to add a trailing period?
Is this ...
- 1,705
34
votes
3
answers
133k
views
What is DNS Delegation?
In an answer to my previous question I noticed these lines:
It's normally this last stage of delegation that is broken with most
home user setups. They have gone through the process of buying a
...
- 475
28
votes
6
answers
75k
views
Why aren't our DNS records propagating out into the internet?
We run the name servers for our domain on our network. We use bind/named. Lets call the domain example.com. One thing I've noticed recently, when I goto a website like http://network-tools.com and run ...
- 8,884
27
votes
7
answers
132k
views
(network unreachable) error in my server logs
I'm getting lots of network unreachable lines in my Centos' messages log file. They seem they can't resolve to certain addresses which I do not have any ideas why my server has to resolve to them in ...
- 555
25
votes
2
answers
23k
views
SOA and Primary NS record (DNS)
The brunt of the question is this -- What is the relationship between the primary nameserver specified in the SOA record and the nameservers specified in the NS records. How are these things linked?
...
- 490
24
votes
3
answers
14k
views
Difference between Named and BIND
Can someone explain to me what the exact difference is between named and BIND?
- 11k
24
votes
4
answers
124k
views
How to properly configure BIND forward zone for an internal DNS server?
I have:
internal DNS server ns1.internal with IP 192.168.0.4.
external DNS server with an external TLD mydns.example.com and internal IP 192.168.0.5. It's accessible both from the Internet (via a ...
- 489
22
votes
1
answer
2k
views
My DNS server is pushing 20mbps, why?
I am running a DNS server in EC2, and it was pushing about 20mbps yesterday when I checked my billing dashboard and found 1.86 TB of used data this month. That's a big bill for my small project lab. I ...
- 223
20
votes
11
answers
9k
views
djbdns vs bind [closed]
I'm a newbie who wants to learn how to set up a DNS nameserver. Should I use djbdns, BIND, or something else?
Current network requirements include subdomain support, SSL, and mail service, all on ...
- 725
20
votes
1
answer
716
views
When I have a * entry in my zone file, how can I treat a specific name as nonexistent?
On our main domain, example.com we're hosting a lot of websites. So we just added a * A/AAAA record to our zone and pointed it at our webserver.
Sadly, this also causes Outlook to constantly hammer ...
- 4,647
20
votes
4
answers
59k
views
Wildcard DNS with BIND
I'm trying to setup BIND so that it catches any and all requests made to it, and points them to a specific set of NS servers, and a specific A record.
I have around 500 domains, and I'm adding new ...
- 203
19
votes
5
answers
133k
views
DNS - Any way to force a nameserver to update the record of a domain?
I am doing some work on some domain names. I'm updating them. By using dig I can query our nameserver and I can see that the correct name has been updated. However our office dns cache is still ...
- 31.9k
19
votes
1
answer
8k
views
What's the importance of the email address in the DNS SOA lookup?
Is there a real importance in this, except to publish the email address of the person responsible for some DNS zone?
In our BIND configuration, we put a mailling list as the responsible for our ...
- 5,540
18
votes
7
answers
45k
views
Listing all zones loaded in BIND
I'm trying to migrate a dns server that has several thousand zones loaded on it. The named.conf file has about 17 different includes, and some of those files also has includes in them, and lots of ...
- 418
17
votes
8
answers
91k
views
Dig returns "status: REFUSED" for external queries?
I can't seem to work out why my DNS isn't working properly, if I run dig from the nameserver it functions correctly:
# dig ungl.org
; <<>> DiG 9.5.1-P2.1 <<>> ungl.org
;; ...
Mikey
17
votes
1
answer
13k
views
How to setup a simple DNS server to answer just for one name and forward all the rest?
I would like to setup a small Linux (Ubuntu) server for a school project. This school server should forward all the request to the primary DNS server of the network and reply with an IPv6 address when ...
- 355
16
votes
1
answer
31k
views
What’s the difference between recursion and forwarding in bind
I’m trying to understand how bind works but have been unable to find definite information about the difference between recursive queries and “forwarding”.
I’ve read that globally allowing recursive ...
16
votes
1
answer
13k
views
How does DNS nameserver fall back work?
We have two DNS servers listed in our NS record. Last night, one of our DNS servers went down. As expected, some DNS servers were not resolving our hostnames. I assumed this would be temporary and ...
- 10.9k
16
votes
2
answers
35k
views
How does one point a domain to a load balancer that doesn't have a stable IP?
I'm trying to point mydomain.eu to an AWS load balancer, which, by its nature, does not have a stable IP, so I think I'm supposed to point the A record to a subdomain at Amazon, but as far as I can ...
- 263
15
votes
2
answers
50k
views
bind9 - forwarders are not working
I am experiencing an issue with bind. If i want to resolve any domain name that is on the zone file. It works fine. However, when I try to resolve anything that does not belong to the zone file. I ...
- 377
15
votes
1
answer
15k
views
What is the point of the zones.rfc1918 file for Bind9?
Using an Ubuntu 10.04 LTS server in a standalone environment and trying to use views to serve two different subnets of clients. Getting errors regarding the zones.rfc1918 file, so I'd like to know ...
- 3,332
15
votes
1
answer
19k
views
forward all subdomains to an ip in bind
I have a bind DNS server and i'd like to catch all requests for subdomains that don't have a specific record and point them to a specific IP.
This would be like *.domain.tld > 1.1.1.1 and www.domain....
- 513
15
votes
2
answers
5k
views
Non-dot-wildcard (*-foo.example.com) for bind?
It seems there's no way to tell bind that *-foo.example.com should resolve to eg. 10.1.2.3, while *-bar.example.com resolves to 10.2.3.4. Is there any workaround? Can some names eg. resolve with an ...
- 738
14
votes
4
answers
30k
views
Configure DNS server to return same IP for all domains
I would like to configure a nameserver that will return the same IP address ("A" record) for any arbitrary host name. For example:
example.com
subdomain.example.com
someotherdomain.com
anyotherdomain....
- 242
14
votes
8
answers
16k
views
bind: blackhole for invalid recursive queries?
I have a name server that's publicly accessible since it is the authoritative name server for a couple of domains.
Currently the server is flooded with faked type ANY requests for isc.org, ripe.net ...
- 443
13
votes
4
answers
15k
views
Read only bind-mount?
I use mount -o bind to mount directories inside chroots, which works really well. The problem is that I'd like some of these bind-mounted directories to be read only in chroot.
Is it possible? If not ...
user13185
13
votes
6
answers
16k
views
Should I use /etc/bind/zones/ or /var/cache/bind/?
Each tutorial seems to have a different opinion on this. For my ISC BIND zones, should I use /etc/bind/zones/ or /var/cache/bind/? In the last install, I used /var/cache/bind/ but only because I was ...
- 5,136
13
votes
2
answers
15k
views
How can I selectively override some A records on a Bind DNS Server? [duplicate]
I'm guessing there has to be a reasonable way to solve my issue but I'm trying to get some advice on a best practice to implement.
I have recently moved to a Web Design company and we need to be able ...
- 1,265
13
votes
3
answers
70k
views
bind would not work unless allow-query is "any"
I have this in /etc/named.conf, I commented the default values and set my own under it.
My domain would not load in browser unless I set allow-query to "any", is this OK, what should I edit? If is ...
- 1,139
13
votes
1
answer
22k
views
In BIND, forward DNS query for specific domain to specific nameserver
Windows Server 2003 has this feature where you can forward queries for domain "example.com" to specific nameserver (not the default DNS server).
How do i set this up in BIND? For example, i want to ...
- 1,595
12
votes
2
answers
26k
views
Binary zone file on BIND9
A DNS Master zone file has been transferred to a slave, but I cannot read the zone file:
> less db.example.com
"db.example.com "may be a binary file. See it anyway?
This happened after I used ...
- 139
12
votes
4
answers
12k
views
Why running named(bind) in chroot is so important for security? Or maybe it is not?
I'm playing with bind and started wondering why this software is, for example, in CentOS running in chroot. Don't misunderstand me, I know what bind is and what chroot (jail) is for. But my main ...
- 5,248
12
votes
3
answers
31k
views
BIND, Master, Slaves and Notify
It might seem like a very basic question, but, how is a master DNS server aware of its slaves?
I mean, does it parse the zone file and determine where to send the NOTIFY message?
And if that is the ...
- 832
12
votes
4
answers
7k
views
Changing DNS serial number to be in the past
I have some DNS servers for our organization that was setup by my predecessor. He did not use the standard format for serial numbers, instead he used an odd format starting with 2033. What I want to ...
- 1,322
12
votes
1
answer
13k
views
dns - BIND - how to return a different IP based on request's subnet
We have an intranet DNS server (system-config-bind on RHEL) serving office A, and a VPN connecting offices A and B. Office A has a server named "dev".
In office A, to access a server "dev" on the ...
- 269
12
votes
1
answer
27k
views
bind9 proper recursion setup
If I remove recursion then I can't resolve external domains but can still resolve domains that are on the DNS server.
What is the proper way to setup recursion correctly so external domains can still ...
- 303
12
votes
2
answers
6k
views
Can I delegate part of a zone to another server?
I guess I'm wondering something similar to Can I create DNS records for some hosts, delegate other queries in the same domain to another DNS server?, but I'm hoping I'll get a different answer with ...
- 341
12
votes
1
answer
11k
views
BIND9: Do forwarders have any priority?
I am just setting up my BIND9-Server and it works well so far. I decided to integrate a little gimmick into the abilities of my DNS. I want it to resolve IANA-compliant domains like *.com and *.net by ...
- 121
12
votes
2
answers
18k
views
Windows 2012 can't validate forwarders without a root zone?
(Disclaimer: I am not a Windows DNS admin. I do have a decent amount of DNS experience under my belt though, and this is not making any sense. I am working closely with the admins responsible for ...
- 32.8k
11
votes
2
answers
56k
views
Bind, force zone update on slave
I have two test servers master and slave:
Master is updating slave but very slowly. How to speed this up.
Master (192.168.0.122) /etc/named.conf
zone "domain.com." {
type master;
file "...
- 608
11
votes
7
answers
9k
views
Two name servers necessary?
I want to use my internet connection to host two personal websites (two different domains). I would also like to host mail for these domains.
This requires hosting my own name server. In the ...
Mike
11
votes
1
answer
3k
views
Amplified reflected attack on DNS servers
The term Amplified reflected attack is new to me, and I have a few questions about it.
I've heard it mostly happens with DNS servers - is that true?
How do you protect against it?
How do you know if ...
- 277
11
votes
1
answer
28k
views
Can one server do DNS for a domain and a subdomain?
I have a situation where I need to replace the nameservers for both a.b.c and b.c. I'd rather not have to dedicate two machines to this.
I've been reading about multi-homing but the examples all ...
- 2,369
11
votes
2
answers
3k
views
Can I completely remove the Windows DNS in favour of BIND9 in an AD network?
I would like to remove the DNS feature of Windows Domain Controllers and point the DNS servers to our BIND9 servers.
I know it's possible to setup coexistence but this requires a number of extra ...
- 5,540
11
votes
2
answers
16k
views
Check remaining TTL for nameserver
Is it possible to check how much time is left before a nameserver like 8.8.8.8 will update its records from my nameserver?
11
votes
2
answers
25k
views
Publishing long domain key records in bind9
I am setting up a mail system based on exim4. This system implements DKIM signing and checking (among other things).
Signing seems to work without problems but checking doesn't work and exim4 ...
- 1,630