===== Install and configure Bind9 ===== BIND has been around for a while, and the nice thing about that is the good documentation. It even has a 200+ PDF you can download from [[https://www.bind9.net/bind-9.10.8-manual.pdf]]. ===== Basic Install ===== We use Devuan Linux for a lot of applications. The following code will install Bind9 on a Devuan server. # install the bind9 package on a Devuan (Debian) server apt install -y bind9 bind9utils bind9-doc bind9-host dnsutils # verify the running version (just for fun) named -v # set localhost to be a nameserver for this system echo 'nameserver 127.0.0.1' >> /etc/resolv.conf Note the last line. If this machine has a static IP address, it probably is pointing to a DNS server that is not internal. However, we have a fully functional name server right here, so why not use it? ===== Hardening ===== BIND9 is pretty tried and true, so there are fewer attack vectors for it. However, it is fairly simple to harden the server by setting BIND9 to run in a chroot jail. In this case, even if someone does find a vulnerability, you limit what can be done. ===== Links ===== * https://www.linuxbabe.com/debian/dns-resolver-debian-10-buster-bind9 * https://www.bind9.net/bind-9.10.8-manual.pdf * https://tldp.org/HOWTO/Chroot-BIND-HOWTO-4.html