What is BIND DNS

Chapter 12. Berkeley Internet Name Domain (BIND)

When hosts on one network connect to another by their hostname, too fully qualified domain name (FQDN) called, connect, DNS is used to determine the IP addresses of the computers via their host names.

Using DNS and FQDN are also beneficial for system administrators. Thanks to these names, administrators have the flexibility to change IP addresses for individual computers without having to perform name-based queries of the computers. Conversely, the administrators can specify which computers handle a name-based query in a manner that is transparent to the user.

DNS is generally implemented using centralized servers that are authorized for some domains and refer to other DNS servers for other domains.

A client application usually connects to the name server via port 53 and queries information about it. The name server will try to resolve the FQDN with the help of a resolver library. This library can contain the information requested by the host or data about the name from a previous query. If the name server does not find the answer in its resolver library, it will use other name servers, the so-called Root name server to determine which name servers are authorized for this FQDN. With this information, this name is then queried from the authorized name servers in order to determine the IP address. The same procedure is carried out for a reverse lookup, but with the difference that an unknown IP address and not a name is queried here.

12.1.1. Name server zones

On the Internet, a host's FQDN can be divided into different areas. These areas are arranged in a hierarchy (similar to a tree) with main trunk, primary branches, secondary branches, and so on. Consider the following FQDN:

If you want to see how an FQDN resolved to find an IP address for a particular system, you need to read the name from right to left. Each level of the hierarchy is separated from one another by periods (). In this example the Top-level domain for this FQDN. The name is a subdomain of with as a subdomain of. On the far left of the FQDN is the host name, which identifies a particular computer.

Except for the host name, each realm is saved as a Zone denotes that a particular Namespace (Namespace). A namespace controls the designation of the subdomains on the left. In this example, although only two subdomains are given, an FQDN must contain at least one and many more subdomains, depending on how the namespace is organized.

The zones are created with the help of Zone files set in authorized name servers. The zone files describe the namespace of the zone, the mail server to be used for a particular domain or subdomain, and much more. The zone files are on primary name servers (also Master name server called), which are decisive for changes to files, as well as on secondary name servers (also Slave name server called), which get their zone files from the primary name servers. Each name server can be both primary and secondary name server for different zones at the same time. At the same time, they can also be decisive for several zones. This all depends on the configuration of the name server.

12.1.2. Nameserver types

Primary name servers can be configured in four different ways:

  • master - Stores the original and authoritative zones for a given namespace, and answers questions from other nameservers looking for answers for that namespace.

  • Slave - Also responds to queries from other nameservers regarding the namespace for which it is the authority. However, the slave name servers get their information via a namespace from master name servers.

  • Caching-only - Provides services for IP resolutions, but does not have authorization for all zones. Responses for all resolutions are usually cached in memory for a certain time, which is determined by the queried zone record.

  • Forwarding - Forwards requests for resolution to a special list of name servers. If none of the specified name servers can complete the resolution process, the process is aborted and the resolution fails.

A name server can belong to one or more of these types. For example, a name server can be the master for some zones and the slave for other zones and only forward resolutions for others.

12.1.3. BIND as a name server

BIND performs name resolution services through a daemon. BIND also includes an administrative utility called. More information on can be found under Section 12.4.

BIND stores its configuration files in the following two locations:

  • - The configuration file for the daemon.

  • directory - The working directory which contains the zone, statistics, and cache files.

The next two sections cover the BIND configuration files in more detail.