This chapter describes HOWTO install BIND 9.x on a variety of OS Platforms as well as BIND's command line arguments. Finally - BIND runs as the daemon named on *nix systems and named.exe under Windows.
FreeBSD differentiates between a base DNS install and a normal DNS install. There are some serious choices to be made when installing from the ports system. We assume the theory behind this is to enable experimentation with the new software but with the ability to return to the original DNS software by changing configuration options in the rc.conf file if things get a bit wobbly.
You can either install an updated BIND 9 as well as the default BIND 9 installation or you can replace the base version. The base version is installed in /usr/sbin (and the tools in /usr/bin) whereas a normal (non-base) ports installation is made to /usr/local/sbin (and the tools to /usr/local/bin). Finally the base version assumes the named.conf file in /etc/namedb/named.conf whereas a non-base install assumes /usr/local/etc/named.conf.
Assuming you have updated the ports-dns collection proceed as normal:
cd /usr/ports/dns/bind9 make install clean
The above sequence installs BIND9 in /usr/local/sbin and the tools in /usr/local/bin and assumes the named.conf file is in /usr/local/etc.
If you want to run BIND9 at startup you must edit /etc/rc.conf as follows:
# add following line if not present named_enable="YES" # the line below must replace the line named_program="/usr/sbin/named' if present # otherwise add it named_program="/usr/local/sbin/named"
Either copy your named.conf file from /etc/namedb to /usr/local/etc before you restart Bind or create a new version of the file in this directory.
To use the BIND9 tools you must precede the command with the BIND9 tool directory path:
# this will run the newly installed Bind9 version /usr/local/bin/dig example.com any # but this command dig example.com # this will run the base dig version dig example.com
This assumes you either want to run the latest version of BIND as the base system - replacing the exiting BIND - or a new install with Bind 9 as the base system. Assuming you have updated the ports-dns collection proceed as follows:
cd /usr/ports/dns/bind9 make WITH_PORT_REPLACES_BASE_BIND9=yes install clean
The above sequence installs BIND9 in /usr/sbin and the tools in /usr/bin.
If you want to run BIND9 at startup you may need to edit /etc/rc.conf as follows:
# add following line if not present named_enable="YES" # add the line following line if not present named_program="/usr/sbin/named"
No special action is required to run BIND9 tools:
# this will run the Bind9 dig version dig example.com
By default FreeBSD installs Bind 9 as the default (or base) version but with the following wrinkles:
Bind9 defaults to run in a chroot jail or a sandbox (which nows seems the "in" term for a jail) in which all BIND9 files are maintained under /var/named - including named.conf, log files and pid files (hard links are provided so you can continue to find the files where you thought they would be). To disable the sandbox add to /etc/rc.conf the following line(s):
named_chrootdir="" # disables jail/sandbox named_pidfile="/var/run/named/pid" # Must set this in named.conf as well named_chroot_autoupdate="NO" # Automatically install/update chrooted # components of named. See /etc/rc.d/named. named_symlink_enable="NO" # Symlink the chrooted pid file
The default value of these parameters in /etc/defaults/rc.conf are:
named_enable="YES" # Run named, the DNS server (or NO). named_program="/usr/sbin/named" # path to named, if you want a different one. named_flags="-u bind" # Flags for named named_pidfile="/var/run/named/pid" # Must set this in named.conf as well named_chrootdir="/var/named" # Chroot directory (or "" not to auto-chroot it) named_chroot_autoupdate="YES" # Automatically install/update chrooted # components of named. See /etc/rc.d/named. named_symlink_enable="YES" # Symlink the chrooted pid file
As always you should not update the /etc/defaults/rc.conf file but rather edit /etc/rc.conf which will replace entries already defined in /etc/defaults/rc.conf.
This information was seriously out of date so we will update it - One day real soon now™
This section describes the various command line options for BIND. You can get these using man named but reproduced here for consistency.
|-c||/path/to/config-file||Absolute path to the config file (named.conf). This allows you to both change the location and the name of this file. Default depends of OS (Linux = /etc/named.conf, BSD = either /etc/namedb/named.conf or /etc/local/etc/named.conf, Windows = c:\winnt\system32\dns\etc\named.conf.|
|-f||-||run in foreground (don't run as daemon) - normally only for de-bug purposes.|
|-g||-||run in foreground (don't run as daemon) and log to stderr (console) - normally only for de-bug purposes.|
|-n||#cpus||Create #cpus worker threads to take advantage of multiple CPUs. If not specified, named will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created.|
|-p||port-no||Listen on defined port number. Default is 53. Normally only used for debugging purposes since queries are received on port 53.|
|-t||directory||The path to the a directory to be used when named is run in a sandbox (a chroot jail). This is conventionally set to /var/named/chroot in most systems which offer this service as a standard configuration or option (BSD and FC2 do) but can be set to anything you want. Must be used in conjunction with the -u argument below to provide any meaningful security.|
|-u||user||Cause bind to suid() (change user name) after creating sockets on port 53 (which is in the privileged range of < 1024). If not present runs as user root. Generally used only with chroot options (-t above) but most start-up scripts now use -u named argument even if not chrooted which means that log files files will have to have appropriate permissions set.|
|-v||-||Displays the bind version number to stdout (console) and exit.|
There are two further arguments (-s and -x) which should only be used by developers and have been omitted.
Problems, comments, suggestions, corrections (including broken links) or something to add? Please take the time from a busy life to 'mail us' (at top of screen), the webmaster (below) or info-support at zytrax. You will have a warm inner glow for the rest of the day.
3 reverse map
4 dns types
5 install bind
8 zone records
12 bind api's
13 dns security
bits & bytes
notes & tips
This work is licensed under a Creative Commons License.
If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C STANDARDS COMPLIANT browser such as Firefox