Configuring and Running named (BIND DNS Server) Print

  • bind, dns server, DNS
  • 214

???? What is named?

named (short for Name Daemon) is the DNS server daemon for BIND (Berkeley Internet Name Domain), responsible for translating human-readable domain names into IP addresses and vice versa. It can act as an authoritative server, caching resolver, or forwarder.

???? Key Features

  • Authoritative DNS for zones
  • Recursive DNS resolution
  • Caching mechanism for performance
  • Logging and debugging capabilities
  • Configurable via zone and configuration files

???? Requirements

  • Operating System: UNIX/Linux (tested on Solaris, CentOS, Debian, Ubuntu)
  • Packages:

    • BIND (named)
    • Utilities: dig, nslookup, rndc
  • Permissions: Root or sudo privileges

???? Installation (If not already installed)

Debian/Ubuntu:

sudo apt update
sudo apt install bind9 bind9utils bind9-doc dnsutils

RHEL/CentOS/Fedora:

sudo dnf install bind bind-utils

???? Key Configuration Files

File Description
/etc/named.conf or /etc/bind/named.conf Main configuration file
/var/named/ or /etc/bind/zones/ Zone file storage location
/etc/rndc.conf Remote control config (optional)
/etc/resolv.conf DNS resolver configuration

????️ Basic Configuration Steps

Step 1: Configure named.conf

sudo nano /etc/named.conf

A basic named.conf:

options {
    directory "/var/named";
    allow-query { any; };
    recursion yes;
};

zone "." IN {
    type hint;
    file "named.ca";
};

zone "example.com" IN {
    type master;
    file "example.com.zone";
    allow-update { none; };
};

zone "0.168.192.in-addr.arpa" IN {
    type master;
    file "192.168.0.rev";
};

????️ Sample Zone Files

example.com.zone

Stored at: /var/named/example.com.zone

$TTL 86400
@   IN  SOA ns1.example.com. admin.example.com. (
        2025062701 ; Serial
        3600       ; Refresh
        1800       ; Retry
        604800     ; Expire
        86400 )    ; Minimum TTL

    IN  NS      ns1.example.com.
    IN  NS      ns2.example.com.

ns1 IN  A       192.168.0.1
ns2 IN  A       192.168.0.2
www IN  A       192.168.0.10

192.168.0.rev

Stored at: /var/named/192.168.0.rev

$TTL 86400
@   IN  SOA ns1.example.com. admin.example.com. (
        2025062701 ; Serial
        3600       ; Refresh
        1800       ; Retry
        604800     ; Expire
        86400 )    ; Minimum TTL

    IN  NS      ns1.example.com.
1   IN  PTR     ns1.example.com.
2   IN  PTR     ns2.example.com.
10  IN  PTR     www.example.com.

???? Starting and Enabling the Service

Systemd-based systems:

sudo systemctl enable named
sudo systemctl start named

Check status:

sudo systemctl status named

???? Verifying Configuration

Check config syntax:

sudo named-checkconf

Check zone files:

sudo named-checkzone example.com /var/named/example.com.zone

???? Testing DNS Server

Test forward lookup:

dig @localhost www.example.com

Test reverse lookup:

dig -x 192.168.0.10 @localhost

Using nslookup:

nslookup www.example.com 127.0.0.1

???? Secure Your DNS Server (Optional)

  • Disable recursion for public servers:

    recursion no;
    
  • Allow only trusted IPs to query:

    allow-query { 192.168.0.0/24; };
    
  • Use TSIG for dynamic DNS updates and rndc control.

???? Common Maintenance Tasks

Reload configuration without restarting:

sudo rndc reload

Flush cache:

sudo rndc flush

View statistics:

sudo rndc stats

Stats file will usually appear in /var/named/named.stats.

⚠️ Logs and Troubleshooting

  • Log file location:

    • /var/log/messages
    • /var/log/syslog

Check logs for errors:

tail -f /var/log/messages

Common errors:

  • Serial number not incremented
  • Incorrect zone syntax
  • Permissions issues on zone files

???? Updating Serial Number Format

Use this format:

YYYYMMDDnn  (e.g., 2025062701)

Increment the nn part on multiple changes in the same day.

???? File Permissions

Ensure named can read zone files:

sudo chown root:named /var/named/*.zone
sudo chmod 640 /var/named/*.zone

???? Resources

???? Summary

named is a powerful, flexible, and widely used DNS server. With the right configuration, it can provide robust name resolution services for internal networks or public domains. Always ensure your zone files are valid and secure your DNS server appropriately.


Was this answer helpful?

« Back