BIND8 for NT home		  

 · Overview, Support, Keys
 · Downloads
 @ Installing
 · Configuration
 · Operations
 · Upgrade from BIND4
 · Run a Public DNS
 · Is My Reverse Perverse?
 · Is My DNS a Mess?
 · BIND News
 · CERT Advisory: BIND!
 · Resources
 · Bugs in BIND8 for NT


Other Sites by Len Conrad

 · IMGate
A site that shows how to build and configure, using Open Source software (FreeBSD and postfix), relay-only mail hubs to add aggressive anti-spam defenses and increased reliabiilty and througput to Imail sites. Note that the IMGate approach is not dependent on Ipswitch Imail and so is applicable to any other brand of mail server.


Copywright agreement:

The relationship between the topic of DNS and BIND and the images of a cricket and a locust are trademarks of O'Reilly & Associates, Inc. Used with permission.


 · Mail: Len Conrad
 Installation

BIND executables
  • Unzip BIND8.2.3.Zip to a temp directory

  • Run temp\BINDinstall.exe

  • Install places the files into: c:\winnt\system32\dns\bin

  • The files:

    • BINDctrl.exe  A little GUI control panel for BIND.
      • reload named, meaning reparse named.conf and all zone files.
      • start/stop named

    • named.exe  "nameserver daemon" is the program that provides the domain name service. named runs as an NT service.

    • named-xfer.exe  "nameserver daemon transfer" is a utility for performing zone transfers from another DNS to the local NT DNS.

    • nsupdate.exe  "nameserver update" ???

ISC DNS Tools
  • The DNS tools are not installed by BINDinstall.exe so copy them from your \temp dir to some program directory on your path, such as System32.

  • Read the ReadMe1st.txt file.

  • A note from Danny Mayer about a new tool in 8.2.3:

    "I've now included the DNSKeyGen tool so people can generate their own TSIG keys on NT/2K."

  • The files:

    • dig.exe  The best tool for detailed querying of nameservers. Not delivered by MS in preference for nslookup, dig is preferred by most DNS experts for DNS work.

    • nslookup.exe  The tool most common to Win32 users since MS delivers it with their OS.

    • named-xfer.exe  "nameserver daemon transfer" is a utility for performing zone transfers from another DNS to the local NT DNS.

    • nsupdate.exe  For performing dynamic DNS updates.

    • hosts.exe  Another DNS lookup tool.

  • Since BIND runs as "service", another "tool" you have is:

    NET START

    Then you can use the exact name of the DNS service in batch files like this:

    NET STOP "ISC BIND"
    NET START "ISC BIND"

BIND config files
  • Unzip BINDcfg.zip directly into: c:\winnt\system32\dns\etc

  • The files:

    • named.conf  The "name daemon" configuration file. named.conf is created and maintained manually on each namserver host. On a slave nameserver, unlike the slave's zone files, named.conf is not transferred from a master nameserver so you have to maintain it manually.

      • named.conf.master  named.conf example file where the zone statements are zone {type master;};

      • named.conf.slave  named.conf example file where the zone statements are zone {type slave;};

    • db.anydomain.com  The (forward) zone file for anydomain.com. One zone file is needed for every zone for which the local nameserver is authoritative. ie., If a namserver is authoritative for 200 zones, that means 200 db.zone files.

      A db.zone file is created and maintained exclusively on the zone's master authoritative nameserver. Slave authoritative nameserver(s) obtain their local copy of a db.zone by performing a zone transfer from the master authoritative nameserver.

    • db.ip.ad.re  The reverse zone file for a Class C network or less-than-Class C subnetwork.

      If the nameserver has not been delegated with authority for the reverse zone by an upstream authoritative DNS, then the reverse zone file will not be queried on this nameserver and therefore would be optional, although maintaining the local reverse zone file is useful for documentation.

      An actual db.ip.ad.re reverse zone file would be named db.212.73.210 for the 212.73.210.0/24 Class C network.

    • db.127.0.0  The reverse zone for localhost. See "the cricket book".

    • db.cache  "This file holds the information on root name servers needed to initialize cache of Internet domain name servers."
Installation Validation: "Honey, is it in?"
  • named.exe is installed as an NT service, so look in NT ControlPanel:Services for "ISC BIND".

  • The ISC BIND service should be started and have its startup mode set to automatic.

  • While in Services, verify that MS DNS is not running. If it is running, stop it, and set its startup mode to disactivated.

  • You should be able to see BIND in the list of services displayed with the NET command:

    NET START

  • Each time named starts up and/or finds errors, it writes to the NT Event Viewer:Applications log, so look in there for BIND log entries. You increase and remove levels of debugging info going to the NT Applications log by punching buttons on the BINDCtrl.exe control panel.

  • If named.exe cannot find named.conf and other config files, then named won't start.

  • If you port-scan the BIND machine with the tools listed on my Resources page, the scan should find "domain" or "DNS" service at port 53.

  • In NT DOS window, ...

    nslookup AnyDomain.com bind8nt.mydomain.com

    ... where the "bind8nt.mydomain.com" is the NT4 machine where you hope you've installed BIND8. If NT nslookup returns the ip address of both the NT4 DNS host and AnyDomain.com host, your BIND8/NT is working.

  • Finally, from a Unix machine or a Win machine with dig.exe run from a DOS window, the dig command:

    # dig @ms1.meiway.com txt chaos version.bind.

    ; <<>> DiG 8.2 <<>> @ms1.meiway.com txt chaos version.bind.
    ; (1 server found)
    ;; res options: init recurs defnam dnsrch
    ;; got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUERY SECTION:
    ;; version.bind, type = TXT, class = CHAOS

    ;; ANSWER SECTION:
    VERSION.BIND. 0S CHAOS TXT "Why do you ask, Curious Cat?"
    ;; Total query time: 4 msec
    ;; FROM: ls1.meiway.com to SERVER: ms1.meiway.com 212.73.210.73
    ;; WHEN: Sun Apr 23 21:55:02 2000
    ;; MSG SIZE sent: 30 rcvd: 64

    Yes, yes, for some reason, my BIND8/NT shows a version number of "Why do you ask, Curious Cat?" instead of "8.2.2-P5-NOESW", but BIND8/NT is shown to be running on that NT4 machine, ms1.meiway.com.