$linuxjunkies
>

bind9(8)

BIND 9 is a DNS server and resolver that translates domain names to IP addresses on the Internet.

UbuntuDebianFedoraArch

Synopsis

named [OPTION]... [-c config-file] [-d debug-level] [-f] [-g] [-n threads] [-p port] [-s] [-S threads] [-t directory] [-u user] [-v] [-x cache-file]

Description

BIND 9 (Berkeley Internet Name Domain) is the reference implementation of DNS protocols. It provides authoritative DNS service, recursive resolution, and DNS query forwarding. The main daemon named reads configuration from a file (typically /etc/bind/named.conf) and serves DNS queries on port 53 (UDP and TCP).

BIND includes tools like dig for DNS queries, nslookup for name lookups, and nsupdate for dynamic DNS updates. It supports DNSSEC for cryptographic DNS validation, zone transfers, and view-based filtering for different DNS responses based on query source.

Modern BIND 9 versions require careful configuration and security hardening, including chroot jails, dropping privileges, and ACL restrictions to prevent DNS amplification attacks and unauthorized zone transfers.

Common options

FlagWhat it does
-c config-fileSpecify alternate configuration file (default: /etc/bind/named.conf)
-d debug-levelSet debug logging level (0-99; higher = more verbose)
-fRun in foreground (don't detach to background)
-gPrint configuration and exit without starting the server
-n threadsSet number of worker threads (default: auto-detected)
-p portListen on alternate port instead of default 53
-t directoryChroot to directory for security isolation
-u userDrop privileges and run as specified user (e.g., 'bind')
-vPrint version number and exit
-x cache-fileLoad cache from file on startup

Examples

Start the BIND 9 DNS server using systemd (Ubuntu/Debian)

sudo systemctl start bind9

Run BIND in foreground with debug level 3 for troubleshooting

sudo named -c /etc/bind/named.conf -f -d 3

Query the local BIND server for example.com's A record

dig @localhost example.com

Validate BIND configuration file syntax before applying

sudo named-checkconf /etc/bind/named.conf

Reload BIND configuration and zones without restarting the daemon

sudo rndc reload

Check the current status of the running BIND server

sudo rndc status

Query BIND for MX records of example.com in short format

dig @localhost +short example.com MX

Enable BIND 9 to start automatically on system boot

sudo systemctl enable bind9

Related commands

dignamed-checkconfnslookuprndc
← All commands