What is BIND?

BIND is a very prominent DNS Server (Domain Name System) that translates domain names (e.g. Google.ca) into their respective IP addresses. This allows your computer to locate a website or remote service on the internet. BIND is by far the most widely used DNS server and has become the standard for almost all ISPs in the world. BIND is currently maintained and developed by the Internet Systems Consortium (ISC), an open-source software developer and distributor. ISC operates and maintains one of the thirteen “Root” DNS servers for the entire internet. ISC is a non-profit, public benefit corporation.

Brief History of BIND

BIND was originally created by four graduate students at the University of California, Berkeley. BIND was originally released with the BSD 4.3 Unix operating system in the early 1980’s. BSD actually stands for Berkeley Software Distribution. BIND was originally written under a DARPA (Defense Advanced Research Projects Agency) grant. In the mid 1980’s, BIND development was taken over by DEC (Digital Equipment Corporation), most notably Paul Vixie, who continued developing BIND after leaving DEC and eventually helped start ISC. BIND 9 was developed with a combination of commercial and military contracts. Most of BIND 9’s features were directly funded by Unix vendors who wanted to ensure BIND stayed competitive with Microsoft’s DNS offerings.

Benefits of using BIND

BIND uses a distributed architecture allowing many DNS servers to communicate with one another to share data. Using BIND locally on a network allows you to assign simple names to servers for quick and easy access (e.g. MyServer = 192.168.0.100). BIND allows you to specify internal IP addresses for systems that are available both internally and externally, restricting traffic to the local network only, therefore increasing security and limiting external network bandwidth. BIND is well documented and simple, yet extremely robust. BIND caches DNS requests, allowing for faster name resolution for commonly used sites or systems.

Zones

BIND servers use “Zones” to describe servers of systems. Zones are defined in a file called named ‘.conf.’  These definitions point to specific zone files stored in the BIND folder.  These zone files store details about the specific domain like:
A records: Specifies an IP address for a name, also used for subdomians
CNAME records: maps one name to another, like an alias
MX records: These define where the main servers for a specific domain are located
NS records: Define what DNS server is the authority for this domain, updates to the Zone will be pulled from this server
SOA (Start of Authority) Record: Proclaims important authoritative information regarding the zone (e.g. the primary name server, the zone revision number, the refresh time, the expiry time for the record and the amount of time to cache the record)

Example Zone File:

$ORIGIN example.com

$TTL 86400

@     IN     SOA    dns1.example.com.     hostmaster.example.com. (

2001062501 ; serial

21600      ; refresh after 6 hours

3600       ; retry after 1 hour

604800     ; expire after 1 week

86400 )    ; minimum TTL of 1 day

IN     NS     dns1.example.com.

IN     NS     dns2.example.com.

IN     MX     10     mail.example.com.

IN     MX     20     mail2.example.com.

IN     A       10.0.1.5

server1      IN     A       10.0.1.5

server2      IN     A       10.0.1.7

dns1         IN     A       10.0.1.2

dns2         IN     A       10.0.1.3

ftp          IN     CNAME   server1

mail         IN     CNAME   server1

mail2        IN     CNAME   server2

www          IN     CNAME   server2

Load Balancing Through DNS

BIND allows you to specify multiple IP addresses to a single domain name.  Whenever the domain name is looked up, it will randomly return one of the IP’s. This allows you to have a cluster of servers with the same job sharing the load. An example would be an enterprise class mail cluster, with ten different mail servers sharing the same set of storage. These servers would share all of the SMTP, POP and IMAP requests, splitting the load between them.

Google uses this technique:

~$ nslookup mail.google.com

Server:	localhost

Address:	localhost#53

Non-authoritative answer:

mail.google.com	canonical name = googlemail.l.google.com.

Name:	googlemail.l.google.com

Address: 72.14.204.83

Name:	googlemail.l.google.com

Address: 72.14.204.17

Name:	googlemail.l.google.com

Address: 72.14.204.18

Name:	googlemail.l.google.com

Address: 72.14.204.19

Other BIND Features

Multiple Views

Define restrictions of what IP addresses see what information
External network requests will see the outside IP, internal will see the internal IP

Security

DNSSEC (DNS SECurity) allows zones file to be cryptographically signed with a zone “key”

TSIG (Transaction Signatures) allows verification of transactions between master and slave servers

IPv6

BIND 9 fully supports IPv6 environments

BIND 10?

BIND 9 was released in 1998
ISC is currently working on BIND 10 development, creating a new code-base.  BIND 9’s original architecture has withstood the test of time for over a decade but ISC feels in order to meet the demands of the next decade, they need a major overhaul. The major focus areas of BIND 10 are modularity, customizability, clusterization, integration, resilience and runtime control.

All of these are defined on the BIND 10 project page: https://www.isc.org/bind10/project