Compile and Install BIND 9.9.7 ESV in Debian

This article will guide you step by step to get Bind DNS running.

Install Dependencies:

[email protected]:~# apt-get update
[email protected]:~# apt-get upgrade
[email protected]:~# apt-get install build-essential openssl libssl-dev libdb5.1-dev

Download Bind:

[email protected]:~# wget ftp://ftp.isc.org/isc/bind9/9.9.7/bind-9.9.7.tar.gz

Unpack Bind:

[email protected]:~# tar zxvf bind-9.9.7.tar.gz

Configure and then compile Bind9 source pre:

[email protected]:~# fakeroot ./configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --sysconfdir=/etc/bind --localstatedir=/var --enable-threads --enable-largefile --with-libtool --enable-shared --enable-static --with-openssl=/usr  --with-gnu-ld --with-dlz-postgres=no --with-dlz-mysql=no --with-dlz-bdb=yes --with-dlz-filesystem=yes  --with-dlz-stub=yes  CFLAGS=-fno-strict-aliasing --enable-rrl --enable-newstats

If compile success, you will see below screen:

========================================================================
Configuration summary:
------------------------------------------------------------------------
Optional features enabled:
Multiprocessing support (--enable-threads)
Response Rate Limiting (--enable-rrl)
New statistics (--enable-newstats)
Print backtrace on crash (--enable-backtrace)
Use symbol table for backtrace, named only (--enable-symtable)
Dynamically loadable zone (DLZ) drivers:
Berkeley DB (--with-dlz-bdb)
Filesystem (--with-dlz-filesystem)
Stub (--with-dlz-stub)

Features disabled or unavailable on this platform:
GSS-API (--with-gssapi)
PKCS#11/Cryptoki support (--with-pkcs11)
Allow 'fixed' rrset-order (--enable-fixed-rrset)
Automated Testing Framework (--with-atf)
XML statistics (--with-libxml2)
========================================================================

Compile and install bind9:

[email protected]:~# make install

Last step, we need to manually create the /var/cache/bind directory:

[email protected]:~# mkdir /var/cache/bind

Start the service:

[email protected]:~# sudo /etc/init.d bind9 start

Hopefully, bind9 will start just fine.

Explanation:

Tell Bind9 to utilize DLZ (Dynamically Loadable Zones) using BDB.

--with-dlz-postgres=no
--with-dlz-mysql=no
--with-dlz-bdb=yes
--with-dlz-filesystem=yes

Enable Response Rate Limiting, to limit DNS answer and help mitigate DNS amplification attacks

--enable-rrl

Readings:
https://kb.isc.org/article/AA-01000/0/A-Quick-Introduction-to-Response-Rate-Limiting.html
https://nlnet.nl/project/bind-dlz/200205-sane/paper.html
http://bind-dlz.sourceforge.net/

Incoming search terms:

  • debian bind9