BIND DNS Server on a Local Network:  Part 4

Downloading and Authenticating BIND

posted: 2020-07-17 | updated: 2020-08-15

page 1 of 2

Model sailing ship seen through wood-framed window

Internet Software Consortium, Inc. (ISC) digitally signs its downloadable files and provides a PGP Signature to verify their authenticity and integrity. You’ll need a program, such as GNU Privacy Guard (GnuPG), to carry out the verification process.

Steps to be completed in Part 4:

  1. Verify and Install GnuPG for Windows
  2. Download BIND 9, the Signature File, and ISC’s OpenPGP key
  3. Verify the authenticity and integrity of the BIND Zip File with GnuPG

Step 1: Verify and Install GnuPG for Windows

GnuPG is available under the GNU General Public License for Windows, and other operating systems. There are three versions available for Windows: 1) Gpg4win, a “Full featured Windows version of GnuPG” which sports a GUI and comes packaged with additional utilities; 2) a command line only “simple” version; and 3) GpuPG 1.4 which is no longer being maintained. I’ve opted for the simple command line version.

  1. Download GnuPG for Windows

    Go to Scroll down to the GnuPG Binary Releases heading. In the Windows section, click the download link beside the description Simple installer for the current GnuPG. Save the file gnupg w32 2.2.20_20200320.exe, at the time of writing, in a convient location such as:

    C:\downloads\GnuPG\gnupg w32 2.2.20_20200320.exe
  2. Get the GnuPG file hash

    SHA1 hashes (checksums) are available here: Scroll down to the heading List of SHA-1 CHECK-SUMS. In the right hand column of table, find the name of the GnuPG install file that you’ve just downloaded. Copy the corresponding checksum and save it in a text file—you’ll need to refer to it in the next step.

  3. Verify the Integrity of the GnuPG Install File

    Here’s the plan: Use Windows PowerShell to generate an SHA1 hash of the downloaded file and then compare it with the SHA1 hash provided on the GnuPG website. Here’s how:

    1. At the command prompt, type:


      Press Enter.

    2. At the Windows PowerShell prompt, type:

      PS C:\>Get-FileHash C:\downloads\GnuPG\gnupg-w32-2.2.20_20200320.exe -Algorithm SHA1 | Format-List 

      Press Enter.

      If you want the pretty colors, search for PowerShell in the Windows search box and launch it from there.

      Windows Powershell: Generating SHA1 hash of GnuPG installation file
    3. Compare the generated checksum with the checksum provided on the GNU Privacy Guard website. They should match.

      Note that Windows PowerShell displays the hash using uppercase letters while the GNU Privacy Guard checksum uses lowercase.

      hash generated in Windows PowerShell:


      hash supplied from GnuPG website:


      This is not a problem for a visual comparison. But if this case mismatch offends your sensibilities you can convert the hash to lowercase letters like this:

      At the Windows Powershell prompt, type:

      PS C:\>$hash = Get-FileHash C:\downloads\GnuPG\gnupg-w32-2.2.20_20200320.exe -Algorithm SHA1 | % hash; $hash = $hash.ToLower(); $hash 

      Press Enter.

      Windows PowerShell: Generating SHA1 hash of GnuPG installation file and converting output to lowercase

      Another option would be to write a quick and dirty script using the PHP hash_file() function:

  4. Installing GnuPG for Windows

    1. Double click the installer file:

    2. The Welcome screen appears, click Next >

      GNU Privacy Guard Setup: welcome screen
    3. Read the License agreement, click Next >
      GNU Privacy Guard Setup: license screen
    4. Choose the components to install. The simple version includes GnuPG only, so there’s nothing else to select, click Install.

      GNU Privacy Guard Setup: Choose Components screen
    5. Installation complete, click Next >

      GNU Privacy Guard Setup: Installation Complete
    6. Installation is complete, click Finish

      GNU Privacy Guard Setup: Completing GNU Privacy Guard Setup

page 1 of 2

«  »

⛵ top ⛵

No comments yet…

Expound upon: BIND DNS Server on a Local Network:  Part 4

Your email address will not be published. Required fields are marked *