BIND DNS Server on a Local Network:  Part 5

Installing and Configuring BIND

disclaimer
posted: 2020-07-17 | updated: 2020-10-26

page 3 of 6

Model sailing ship seen through wood-framed window

Step 4:  Install BIND

Note: Occasionally I’ll quote from the BIND 9 Administrator Reference Manual: BIND 9.16.1 (Stable Release). For brevity I’ll refer to the manual by its filename, Bv9ARM.pdf, which is included in the BIND 9 distribution and is also available here: downloads.isc.org/isc/bind9/9.16.1/doc/arm/Bv9ARM.pdf

In Part 4 we downloaded and then authenticated the BIND zip file, BIND9.16.1.x64.zip, using GNU Privacy Guard (GnuPG). Enough already, let’s install BIND. Finally! It’s amazingly quick and easy…

  1. Unzip BIND9.16.1.x64.zip to a temporary folder such as C:\Downloads\BIND9\files

  2. Right click the installation file, C:\Downloads\BIND9\files\BINDInstall.exe, and click “Run as Administrator”—this is important.

    Windows File Explorer showing BINDInstall.exe selected with "Run as administrator" highlighted

    The BIND 9 installer window appears, time to make a few simple choices.

    BIND 9 Installer window with user selections made
  3. Target Directory
    The default install directory is C:\Program Files\ISC BIND 9. I like to put all my server applications under one roof, C:\webserver, and I’ve simplified the install directory to plain, old “bind”: C:\webserver\bind.
  4. Service Account Name
    This is the service name that BIND runs as, the default is named. Seems like a good choice, so I left it unscathed.
  5. Service Account Password
    Enter a stellar password and confirm it. This is required for the named service account. Write down the password, you may need it if the named account goes sideways.

  6. Options

    • Tools Only – leave unchecked
    • Automatic Startup – uncheck this. I start BIND only when I want to use it. (I’ve included some natty desktop shortcuts for starting and stopping BIND in Step 9.)
    • Keep Config Files After Uninstall – leave checked. It’s handy to keep your configuration files. If you update BIND, you can reuse your configuration files.
    • Start BIND Service After Install – uncheck this. BIND is nowhere ready to run yet.

  7. Click Install

  8. During the install process, you may see a pop-up box for installing or repairing a Microsoft Visual C++ Redistributable. Click Install or Repair as your case requires. If you have the same or newer version of the required Redistributable already installed, click Close.

    Microsoft Visual C++ Redistributable install window

  9. BIND installation is complete. Wow, that was fast. Click OK.

    BINDInstall window: "BIND installation completed successfully"

  10. Click Exit to finish.

    BIND 9 Installer window showing completed installation steps

Step 5:  Add bin folder to the Path System Variable

The install process creates two subfolders: the bin folder, located here c:\webserver\bind\bin, containing named.exe, the BIND executable, along with various tools and other files; and the etc folder, located here c:\webserver\bind\etc, which is initially empty.

  1. Add BIND’s bin folder to the Windows path system variable

    1. To open the System Properties window, at the command prompt, type:

      C:\>sysdm.cpl

      Press Enter.

    2. Select the Advanced tab, and then click the Environment Variables button

      Windows System Properties > Advanced tab with Environment Variables button highlighted

    3. Select the Path variable in the System Variables section of the Environment Variables window, and then click Edit

      Environment Variables window showing the Path System Variable
    4. Click New in the Edit environment variable window, and then type: C:\webserver\bind\bin in the blank space. Click OK
  2. Create a folder for log files: C:\webserver\bind\logs
  3. Create a folder for zone files: C:\webserver\bind\zones

Step 6:  Create a key file for the rndc tool

Remote Name Daemon Control (rndc) is a command line administrative tool that “controls the operation of a name server…[It] communicates with the name server over a TCP connection [port 953 is the default], sending commands authenticated with digital signatures.”— Bv9ARM.pdf, p. 298.

rndc can connect locally or remotely to a name server. For this project, connecting locally will do the job, and the configuration is simple. rndc requires a key file to communicate with the name server, here’s how to create it:

At the command prompt, type:

C:\>rndc-confgen -a

Press Enter.

BIND responds with:

wrote key file "C:\webserver\bind\etc\rndc.key"

The rndc-key file is the first file added to the etc folder and contains something like this: 

key "rndc-key" {
algorithm hmac-sha256;
secret "kuWoltOmdOn35gFI7VuSySoXb8TkNYdZCBsfM2gTtdA=";
};

And that’s it. Now you can use rndc on the local machine.

If this fast-tracked approach to rndc configuration doesn’t satisfy your desire to type obscure text in mono-spaced fonts, or if you just want to learn a more about rndc configuration, you may wish to investigate using the rndc-confgen tool (without the -a option)— Bv9ARM.pdf, p.12.

page 3 of 6

«

⛵ top ⛵

No comments yet…

Expound upon: BIND DNS Server on a Local Network:  Part 5

Your email address will not be published. Required fields are marked *

*