Table of Contents

Install and configure Bind9

BIND has been around for a while, and the nice thing about that is the good documentation. It even has a 200+ PDF you can download from https://www.bind9.net/bind-9.10.8-manual.pdf.

Basic Install

We use Devuan Linux for a lot of applications. The following code will install Bind9 on a Devuan server.

# install the bind9 package on a Devuan (Debian) server
apt install -y bind9 bind9utils bind9-doc bind9-host dnsutils
# verify the running version (just for fun)
named -v
# set localhost to be a nameserver for this system
echo 'nameserver 127.0.0.1' >> /etc/resolv.conf

Note the last line. If this machine has a static IP address, it probably is pointing to a DNS server that is not internal. However, we have a fully functional name server right here, so why not use it?

Hardening

BIND9 is pretty tried and true, so there are fewer attack vectors for it. However, it is fairly simple to harden the server by setting BIND9 to run in a chroot jail. In this case, even if someone does find a vulnerability, you limit what can be done.