# Why use BIND 9 DNS server?



## hockey97 (Jan 7, 2013)

Hi, I have a question. Why would someone want or need to install BIND 9? I mean it's a DNS server and I know what a DNS does however, I don't get how that would be useful if the domain name providers already have their own DNS servers? I mean it's not like you can use BIND 9 to host your own domain name.

The only thing I can think of is that if you get accredited by ICANN  they will forward domain name requests to your DNS server? Am I wrong? I just don't see any purpose in it unless you can to be a domain name provider. In that case you would have to have ICANN point all domain requests to your DNS server and everyone that is accredited with them.


----------



## kpa (Jan 7, 2013)

It's also a caching resolver meaning it will keep a cache of already resolved addresses. If you have a large LAN network with many clients it may reduce the DNS related network traffic quite a bit. There are other resolvers that can be used for that purpose as well if an authoritative DNS server is not needed, dns/powerdns-recursor and dns/unbound for example.


----------



## gkontos (Jan 7, 2013)

First of all you don't need to install any port. BIND is included in FreeBSD.

You want to run DNS if you have authority over a domain. ICANN is really irrelevant in this case. Example:

[CMD=""]core2duo:~ gkontos$ dig aisecure.net[/CMD]


```
; <<>> DiG 9.7.6-P1 <<>> aisecure.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18252
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 5

;; QUESTION SECTION:
;aisecure.net.			IN	A

;; ANSWER SECTION:
aisecure.net.		86400	IN	A	199.102.79.122

;; [B]AUTHORITY SECTION[/B]:
aisecure.net.		58023	IN	NS	ns2.aisecure.net.
aisecure.net.		58023	IN	NS	ns3.aisecure.net.
aisecure.net.		58023	IN	NS	ns1.aisecure.net.

;; ADDITIONAL SECTION:
ns1.aisecure.net.	57779	IN	A	199.102.79.125
ns1.aisecure.net.	57779	IN	AAAA	2607:fc50:1001:6d00::ffff:aa01
ns2.aisecure.net.	57779	IN	A	199.102.79.126
ns2.aisecure.net.	57779	IN	AAAA	2607:fc50:1001:6d00::ffff:aa02
ns3.aisecure.net.	57779	IN	A	174.129.135.73
```

See the above query. The TLD name servers know that my name servers have authority over aisecure.net domain. Your ISPs name servers send recursive queries until they reach to my DNS servers for the proper resolution.

Now, why would you want to run a DNS server even if you don't have publicly available servers?

Simply because in any environment, even private, you can't remember IP addresses. So, a private DNS comes in handy to save you the trouble of having to maintain huge /etc/hosts files.


----------



## fonz (Jan 7, 2013)

hockey97 said:
			
		

> I mean it's not like you can use BIND 9 to host your own domain name.


Yes you can.

Fonz


----------



## dalecosp (Jan 8, 2013)

fonz said:
			
		

> Yes you can.
> 
> Fonz


And not only that, your "ISP" or those "domain name providers" needs to run it, right?  Suppose maybe they use FreeBSD?  (Well, the few, the enlightened ones, perhaps).

Not everyone using FBSD is a teenage millenial game-addicted pr0n-seeking geek wannabe.  Sorry, that sounds a tad harsh ... I don't mean *you*.

I get to replace a Windows server with a FreeBSD one tomorrow.  That makes about 4-5 in the last couple years.


----------



## fonz (Jan 8, 2013)

dalecosp said:
			
		

> And not only that, your "ISP" or those "domain name providers" needs to run it, right?


I suspect you meant that rhetorically 

Fonz


----------



## throAU (Jan 8, 2013)

hockey97 said:
			
		

> I mean it's not like you can use BIND 9 to host your own domain name..



So you mean my domains are magically working on my primary FreeBSD name server without bind actually serving them?

More seriously though... even if you don't have your instance of bind facing the internet, you can also make use of an internal DNS infrastructure to control mail delivery within your organisation without exposing that to the outside world.

e.g., the ISP's DNS points mail delivery from the internet to your hardened, internet facing mail relay where mail is filtered, scrubbed, etc - before being forwarded internally (using internal DNS server's local records, which differ from the internet) to your internal mailbox host that your users access.


----------



## hockey97 (Jan 8, 2013)

dalecosp said:
			
		

> And not only that, your "ISP" or those "domain name providers" needs to run it, right?  Suppose maybe they use FreeBSD?  (Well, the few, the enlightened ones, perhaps).
> 
> Not everyone using FBSD is a teenage millenial game-addicted pr0n-seeking geek wannabe.  Sorry, that sounds a tad harsh ... I don't mean *you*.
> 
> I get to replace a Windows server with a FreeBSD one tomorrow.  That makes about 4-5 in the last couple years.



I don't mean BIND 9 can't host domains. I know what a DNS server is and yes I do know people like Godaddy.com have their own DNS servers. I own a few domains myself.

I just don't see how can someone that uses FreeBSD would need it. I do know it comes with FreeBSD so no need to port it. I know many install it but seen many or most are just people that install it just to play around with the software.

I ran into a few people that thought if they install BIND 9 then they can create domain names and act like a domain name provider. I am saying that ICANN is the regulator.

From what I know and what I am told you need to get accredited with them in order for you to install your own DNS and have the ability to register domain names. However, the domain name providers don't just need a DNS server they need to communicate to TLD servers too.

I am just saying why is it that a lot of people I am finding out is installing BIND 9 and they're not a company. Just ordinary users. I don't get how it would be useful unless you're in the business of selling domain names.


----------



## hockey97 (Jan 8, 2013)

gkontos said:
			
		

> First of all you don't need to install any port. BIND is included in FreeBSD.
> 
> You want to run DNS if you have authority over a domain. ICANN is really irrelevant in this case. Example:
> 
> ...





Ya, I know you can run your own DNS server but you still need to use the domain name providers servers to point the traffic to your dns server or name servers.

I am saying what is the point in that when the company that sells you your domain name already allows you to use their dns server?  I use the company that I bought my domain names from. I wouldn't think it's good for me to host and run my own. I mean I paid for the domain name and they are allowing me to use their DNS servers space so why not? 

I can understand in corporations the internal e-mailing system. You could use it internally. But those same companies could use an IM system that you would have to type in the computer name on the network and chat over the network. 

I just personally think it's pointless unless you are selling domain names. 
I don't think you can just install and setup bind 9 and then after the setup you can start making domain names for free. Like if you make the domain name record and that would create your domain name and will be view able on the internet.


----------



## wblock@ (Jan 8, 2013)

Some of the people who run serious DNS servers do use FreeBSD for them.  But even if you aren't serving public DNS, BIND can still be used for private DNS and caching public queries to speed things up.


----------



## marwis (Jan 8, 2013)

hockey97 said:
			
		

> I don't get how that would be useful if the domain name providers already have their own DNS servers?



You can use a local DNS resolver for many things, e.g.


advertisment and tracking prevention with dns/adsuck independent of your browser so no plugins are needed,
caching with dnscache() from dns/djbdns to possibly speed up repetitive querries,
encryption with dns/dnscrypt-proxy so your ISP doesn't see your DNS traffic.  Note that the provider of the service, OpenDNS by default, does see the traffic.

Most importantly, you can chain them all in this order on a single machine.  I do this on my workstation, it works.


----------



## throAU (Jan 8, 2013)

hockey97 said:
			
		

> I just don't see how can someone that uses FreeBSD would need it.



To host domain zone files.  Or to cache DNS requests.

Many ISPs run FreeBSD.



> I ran into a few people that thought if they install BIND 9 then they can create domain names and act like a domain name provider.



There are two aspects to domain hosting:

- delegation
- hosting

Delegation is done by your registrar of choice, essentially you are paying the registry in question to add some "glue" records to the parent zone to point yourdomain.tld at your DNS servers of choice.

Whether they are ISP servers, or servers hosted in your own network, so long as you have the connectivity it makes no difference.

For example, my primary DNS (for my zones) is hosted in my datacenter, and secondaries are hosted with my ISP (for if/when my WAN link goes dark).

This means I can update zone files and push them to the ISP without needing to deal with their web UI or helpdesk, have full control over my SOA records, etc.


Plus you can also use bind as a caching DNS server for your LAN.


----------



## gkontos (Jan 8, 2013)

hockey97 said:
			
		

> Ya, I know you can run your own DNS server but you still need to use the domain name providers servers to point the traffic to your dns server or name servers.



No, they are not providers. They are registrars, there is a big difference there.



			
				hockey97 said:
			
		

> I am saying what is the point in that when the company that sells you your domain name already allows you to use their dns server?  I use the company that I bought my domain names from. I wouldn't think it's good for me to host and run my own. I mean I paid for the domain name and they are allowing me to use their DNS servers space so why not?



If you ever find yourself dealing with many domains, sometimes from different registrars, you will see that running your own DNS has its advantages. 



			
				hockey97 said:
			
		

> I can understand in corporations the internal e-mailing system. You could use it internally. But those same companies could use an IM system that you would have to type in the computer name on the network and chat over the network.



Proper name resolution is very important for some applications. It is a necessity for directory servers. It would be almost impossible for a corporate environment to run with anything but less that one internal DNS server.  



			
				hockey97 said:
			
		

> I just personally think it's pointless unless you are selling domain names.
> I don't think you can just install and setup bind 9 and then after the setup you can start making domain names for free. Like if you make the domain name record and that would create your domain name and will be view able on the internet.



I think you need to understand the difference between a registrar and how DNS works.


----------



## SirDice (Jan 8, 2013)

hockey97 said:
			
		

> I am just saying why is it that a lot of people I am finding out is installing BIND 9 and they're not a company. Just ordinary users. I don't get how it would be useful unless you're in the business of selling domain names.


I don't really need it but it makes life a lot easier:


```
dice@maelcum:~> dig @127.0.0.1 molly.dicelan.home ANY

; <<>> DiG 9.8.3-P3 <<>> @127.0.0.1 molly.dicelan.home ANY
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40862
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

;; QUESTION SECTION:
;molly.dicelan.home.            IN      A

;; ANSWER SECTION:
molly.dicelan.home.     86400   IN      A       192.168.100.190
molly.dicelan.home.     86400   IN      AAAA    2001:981:f21:1::190

;; AUTHORITY SECTION:
dicelan.home.           86400   IN      NS      maelcum.dicelan.home.

;; ADDITIONAL SECTION:
maelcum.dicelan.home.   86400   IN      A       192.168.100.1
maelcum.dicelan.home.   86400   IN      AAAA    2001:981:f21:1::1

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jan  8 11:10:03 2013
;; MSG SIZE  rcvd: 118
```

It's also combined with DHCP so I get dynamic updates for DHCP clients. It simply means I can resolve all hostnames within my own network.


----------



## kpa (Jan 8, 2013)

You can use it to create your own private domain that is not visible to the outside world. From the point of your client machines it's as authoritative as any real internet domain. Another thing BIND is useful is setting up reverse DNS for your private RFC1918 addresses.


----------

