1. Introduction

So our network is growing rapidly, with our fresh new redundant firewalls, mail server, proxy cache and so on. Now our mind is filled up with IP addresses and our fingers are getting tired from typing all those numbers and dots: it's definitely time to set up a domain name server and assign some fancy names to our servers! The following is the list of the pieces of software we will use:

the secure by default operating system, with only two remote holes in the default install, in a heck of a long time!;
Bind (Berkeley Internet Name Daemon)
open-source software that implements the Domain Name System (DNS) protocols for the Internet.

OpenBSD is an ideal platform for running a domain name server, for a number of reasons: the default install always includes a patched version of Bind 9.4.2 with many improvements in chroot operation and other security-related issues (see [FAQ1]); if necessary, also the latest version of Bind is available through ports and packages. OpenBSD is also renowned for its security, and domain name server security is at the very heart of the whole network security; last but not least, OpenBSD is very stable, reliable, fast and easy-to-administer ...just how a domain name server is supposed to be!

In any case, most of the topics we will cover aren't OpenBSD-specific: Bind supports several platforms, thus making its configuration easy to port across different operating systems with minimal changes.

Bind is very powerful, flexible and feature-rich, and this can sometimes turn its configuration into a tricky task. Therefore, we will proceed step-by-step, starting with a very basic configuration and then building upon it, gradually introducing the most interesting and popular features of Bind. We will address common issues such as redundancy, security and the handling of DHCP and NAT.

A basic working knowledge of OpenBSD is assumed, since we won't cover topics such as installation and base configuration of the operating system.