This article will guide you step by step to get Bind DNS running.
Install Dependencies:
root@dns:~# apt-get update root@dns:~# apt-get upgrade root@dns:~# apt-get install build-essential openssl libssl-dev libdb5.1-dev
Download Bind:
root@dns:~# wget ftp://ftp.isc.org/isc/bind9/9.9.7/bind-9.9.7.tar.gz
Unpack Bind:
root@dns:~# tar zxvf bind-9.9.7.tar.gz
Configure and then compile Bind9 source pre:
root@dns:~# fakeroot ./configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --sysconfdir=/etc/bind --localstatedir=/var --enable-threads --enable-largefile --with-libtool --enable-shared --enable-static --with-openssl=/usr --with-gnu-ld --with-dlz-postgres=no --with-dlz-mysql=no --with-dlz-bdb=yes --with-dlz-filesystem=yes --with-dlz-stub=yes CFLAGS=-fno-strict-aliasing --enable-rrl --enable-newstats
If compile success, you will see below screen:
======================================================================== Configuration summary: ------------------------------------------------------------------------ Optional features enabled: Multiprocessing support (--enable-threads) Response Rate Limiting (--enable-rrl) New statistics (--enable-newstats) Print backtrace on crash (--enable-backtrace) Use symbol table for backtrace, named only (--enable-symtable) Dynamically loadable zone (DLZ) drivers: Berkeley DB (--with-dlz-bdb) Filesystem (--with-dlz-filesystem) Stub (--with-dlz-stub) Features disabled or unavailable on this platform: GSS-API (--with-gssapi) PKCS#11/Cryptoki support (--with-pkcs11) Allow 'fixed' rrset-order (--enable-fixed-rrset) Automated Testing Framework (--with-atf) XML statistics (--with-libxml2) ========================================================================
Compile and install bind9:
root@dns:~# make install
Last step, we need to manually create the /var/cache/bind directory:
root@dns:~# mkdir /var/cache/bind
Start the service:
root@dns:~# sudo /etc/init.d bind9 start
Hopefully, bind9 will start just fine.
Explanation:
Tell Bind9 to utilize DLZ (Dynamically Loadable Zones) using BDB.
--with-dlz-postgres=no --with-dlz-mysql=no --with-dlz-bdb=yes --with-dlz-filesystem=yes
Enable Response Rate Limiting, to limit DNS answer and help mitigate DNS amplification attacks
--enable-rrl
Readings:
https://kb.isc.org/article/AA-01000/0/A-Quick-Introduction-to-Response-Rate-Limiting.html
https://nlnet.nl/project/bind-dlz/200205-sane/paper.html
http://bind-dlz.sourceforge.net/