Holding the Internet Together With BIND
March 8, 2001
DNS can easily be described as the Rodney Dangerfield of the Internet; it doesn't get any respect! The DNS is so key that without it, the Internet would likely come to a screeching and moaning halt. Yet few people know how it works and how it functions.
By far, the most heavily used DNS server on the Internet is the Berkley Internet Name Domain system (BIND). BIND is open source and available from the Internet Software Consortium for free. It is the most simple of DNS Servers, yet the most robust, and the most widely used on all the net.
The ISC Web site states that in order to run BIND, you must be running a Unix-based system with an ANSI C compiler, basic POSIX support, and a good pthreads implementation. The following operating systems have been successfully configured in the past by ICS to run BIND:
Because BIND is Unix-based, installation can be a nightmare. Downloading BIND, however, is easy. Visiting www.ics.org and going through the process of downloading the latest version of BIND is the best (and usually only) way to get the program. All you have to do is download the install file to an empty directory; then enter the following command into the prompt:
gunzip < bind-src.tar.gz | tar xf -
This will extract the BIND source code into the current directory. After extraction is complete, you will need to compile the source code. It would be nearly impossible to explain how to install it on every given machine that it can be installed on, so your best bet is to check out the src/INSTALL file for instructions straight from ICS.
Believe it or not, BIND is also available for Windows NT. It comes uncompiled though, so you'll need a C++ compiler such as Visual C++ 6.0 to compile it into a functional binary. The NT version can be downloaded from ftp://ftp.isc.org/isc/bind/src/8.2.2-P5/bind-src.tar.gz. The source that needs to be compiled should be in src/port/winnt.General information about BIND is difficult to come by. If you are serious about learning BIND, the best thing to do is pick up what is often referred to as the "BIND Bible." The BIND Bible is a well-written book by two BIND developers, Paul Albitz and Cricket Liu, and published by O'Reilly. Its actual name is "DNS and BIND."
There is also a BIND mailing list, which you can sign up for at http://www.isc.org/services/public/lists/bind-lists.html. It is recommended that you search through the list archives before submitting any questions to prevent getting flamed and having your question go unanswered.
Don't get me wrong, just because BIND is the most frequently used DNS server does not mean it's perfect and everyone should run it. The older BIND 4 and the more recent BIND 8 have been found to have major security flaws. Although it would take a few hardcore hackers several months to find this hack, it has the potential to bring down most of the ISPs' DNS servers, and therefore most users' Internet connections. Versions 4.9.8, 8.2.3, and 9.1 of BIND do not have this flaw, and it is recommended that users upgrade to this version of the software.
By reading this tutorial, you now know a majority of the information out there on BIND without actually installing the product and playing with it. It is now up to you to install it or get the book and learn more.
If you still want to run BIND, the most recommended way to get it is via ISC. There are no other major versions of BIND like there are of Linux. ISC BIND is the only one in the eyes of many people.
BIND, as well as other DNS server packages, doesn't just store translation information between domain names and IP address. (More can be found out about how DNS works here.) Aside from the "A" record, which translate a host name into an IP address, there are many other types of records in a DNS database. Below are a few, with a quick rundown of each, and their function.
As said before, DNS is one of the most least understood and most important aspects of the Internet. If it weren't for DNS names, the world of dot-coms wouldn't be known by such names as "amazon.com" but rather by numbers like, 220.127.116.11. That would lead to some very interesting stock market trading, not to mention some rather confused Internet users. Because of DNS, Internet use is easier, and therefore more attractive, for simpler users. In fact, in many cases the best way to keep a server from the general public is to not give it a domain name.
If we start using DNS as a tool instead of taking it for granted, maybe the system won't feel so much like Rodney Dangerfield after all. An understanding of BIND is one way to take the first step.