So our network is growing rapidly, with our fresh new redundant firewalls, mail server, proxy cache and so on. Now our mind is filled up with IP addresses and our fingers are getting tired of typing all those numbers and dots. It's definitely time to set up a domain name server and assign some fancy names to our servers! The following is the list of the pieces of software we will use:
secure by defaultoperating system, with
only two remote holes in the default install, in a heck of a long time!;
open-source software that implements the Domain Name System (DNS) protocols for the Internet.
OpenBSD is certainly a well-suited platform for running a domain name server: first and foremost, the default install always includes the latest (patched) release of Bind, saving us the bother of compiling and installing it; secondly, OpenBSD is renowned for its security, and domain name server security is at the very heart of the whole network security; lastly, OpenBSD is very stable, reliable, fast and easy-to-administer ...just how a domain name server is supposed to be!
In any case, most of the topics we will cover aren't OpenBSD-specific: Bind supports several platforms, thus making its configuration easy to port across different operating systems with minimal changes.
Bind is very powerful, flexible and feature-rich, and this can sometimes turn its configuration into a tricky task. Therefore, we will proceed step-by-step, starting with a very basic configuration and then building upon it, gradually introducing the most interesting and popular features of Bind. We will address common issues such as redundancy, security and DHCP and NAT handling.
A basic working knowledge of OpenBSD is assumed, since we won't dwell on the installation and base configuration of the operating system.