===== Install and configure Bind9 =====

BIND has been around for a while, and the nice thing about that is the good documentation. It even has a 200+ PDF you can download from [[https://www.bind9.net/bind-9.10.8-manual.pdf]].

===== Basic Install =====
We use Devuan Linux for a lot of applications. The following code will install Bind9 on a Devuan server.

<code bash>
# install the bind9 package on a Devuan (Debian) server
apt install -y bind9 bind9utils bind9-doc bind9-host dnsutils
# verify the running version (just for fun)
named -v
# set localhost to be a nameserver for this system
echo 'nameserver 127.0.0.1' >> /etc/resolv.conf
</code>

Note the last line. If this machine has a static IP address, it probably is pointing to a DNS server that is not internal. However, we have a fully functional name server right here, so why not use it?

===== Hardening =====

BIND9 is pretty tried and true, so there are fewer attack vectors for it. However, it is fairly simple to harden the server by setting BIND9 to run in a chroot jail. In this case, even if someone does find a vulnerability, you limit what can be done.

===== Links =====
  * https://www.linuxbabe.com/debian/dns-resolver-debian-10-buster-bind9
  * https://www.bind9.net/bind-9.10.8-manual.pdf
  * https://tldp.org/HOWTO/Chroot-BIND-HOWTO-4.html