BIND – Open Source DNS by ISC

Douglas Crawford

Douglas Crawford

November 7, 2017

isc bindAs the title of this article suggests, BIND is open source software that allows you to run your own Domain Name System (DNS) server.

This means that rather than using DNS servers supplied by your Internet Service Provider (ISP) or Google, you can resolve your own DNS queries and publish your DNS address on the internet yourself.

Sign up to our newsletter

Receive the best guides and privacy news weekly.

Newsletter sign up

Sign up to our newsletter

Receive the best guides and privacy news weekly.

We promise never to share your email address, ever.

Still confused? Ok, let’s start at the beginning…

What is DNS?

IP addresses and URLs

Every internet connected device and resource has a unique numerical address to identify it so that other devices on the internet can find and communicate with them. This numerical identifier is known as an Internet Protocol (IP) address.

By far the most commonly used internet resources are websites, each of which can be identified using its unique IP address. Problem is, though, that although computers are great at remembering long strings of numbers, us poor humans are not.

We therefore use easier to remember web addresses (URLs) such as www.bestvpn.com instead.

DNS servers

A DNS server simply translates URLs into IP address that computers can understand. It is basically just an address book that cross-references a URL with its corresponding IP address. For example, translating the URL www.bestvpn.com to its IP address of 216.172.189.144.

Things are, of course, a little more complicated than this. The DNS server needs to stay continually updated with the latest lists of URL and their corresponding IP addresses. But in a nutshell that is all a DNS server does.

This DNS translation process is usually performed by your ISP. It is also possible to change your DNS settings to use a third party DNS server run by the likes of Google, OpenDNS, and OpenNIC.

When you use a Virtual Private Network (VPN), all DNS requests should be sent through your encrypted VPN tunnel to be handled by a DNS server run by your VPN provider. When this does not happen, you have what is called a DNS leak.

Enter BIND

BIND is open source software developed by Internet Systems Consortium (ISC). It is the ubiquitous de facto standard DNS server software on the internet, with some 70 percent of all DNS servers using the software.

BIND is composed of three parts:

  1. Resolver –The bit that resolves DNS queries by translating URLs into IP addresses.
  2. Authoritative domain name server – which answers requests from other DNS resolvers about domain name queries. This is how DNS servers stay updated with URLs and their corresponding IP addresses. As such, BIND provides the backbone for much of the world’s DNS system.
  3. Tools – a big selection of diagnostic and other tools.

BIND and VPN Servers

Privacy

DNS translation can be a big privacy threat for VPN users. A simple VPN setup will hide what your real IP gets up to on the internet from your ISP. This is completely undermined, however, if your ISP is responsible for translating the names of every URL your visit into their corresponding IP addresses.

It will know exactly which websites you have visited, even when using a VPN! In order to prevent this, most, commercial VPN services use BIND (or something similar) to resolve users’ DNS requests.

This prevents your ISP from being able to track your internet activity using DNS translation and removes the need for third-party DNS services such as Google DNS. If you run a personal VPN server, you can do the same thing. The instructions linked to below should help get you started.

Most good VPN services these days also offer DNS leak protection as a feature of their software. This uses firewall rules to ensure that all DNS requests are routed through the VPN tunnel to be resolved by DNS server run by the VPN provider.

Note that most VPN clients currently only support IPv4 DNS routing, and prevent IPv6 leaks with the simple expedient of disabling IPv6.  OpenVPN GUI 4.2.x, however, fully supports both IPv4 and IPv6 routing.

Hiding your location

In addition to privacy, a popular use for VPNs is to watch TV shows such as BBC iPlayer and Netflix outside of their originating country. Software such as BIND allows VPN services to ensure that DNS requests are resolved in the same country as the IP address appears from. This makes it less likely that a service will detect that you are using a VPN and consequently block you.

Indeed, many services do not even check users’ IP addresses! They just look at the country the DNS request is processed from. Smart DNS providers take advantage of this to provide unblocking services.

Because DNS translation is basically just looking up addresses in a database, it is almost instant. This makes Smart DNS much faster than VPNs, which must expend processing power on encrypting and decrypting data.

How to create your own DNS server with BIND

BIND is developed as a UNIX tool, but the code can be recompiled for use on any platform. A pre-compiled executable version of BIND for Windows is available on the official download page. Custom versions of BIND are available for most server platforms. For example CentOS, Red Hat Enterprise Linux, Debian, Fedora, FreeBSD, Solaris, and Ubuntu.

As always when downloading open source software from the internet please take the time to verify the code’s digital signature.

BIND is primarily a network tool used by professional server administrators. The full official setup and configuration documentation is available here. If you fancy trying your hand at creating a home/VPS DNS server using BIND, here are some quickstart-ish!) setup instructions for Windows and Ubuntu, and CentOS6.

If running your own VPN server with accompanying BIND DNS resolver, OpenVPN GUI can push DNS requests to your BIND server. OpenVPN GUI 4.2.x includes full DNS leak protection.

Conclusion

BIND by ISC handles DNS translation and is the backbone of the DNS system. Because it is free and open source, BIND can be deployed by anybody with the technical chops to configure it correctly.

That BIND allows individuals and small companies to handle DNS queries is particularly important when it comes to VPNs, as DNS translation is a privacy risk that can undermine the benefits of using a VPN.

Your Information will never be shared with any third party.
Enter your email address to receive your Beginner's Guide to Online Security for Free
You'll also receive great privacy news and exclusive software deals!
Enter your email to get the ebook:
Your Information will never be shared with any third party.
Enter your email address to receive your Ultimate Online Privacy Guide eBook!
You'll also receive great privacy news and exclusive software deals!
Enter your email to get the eBook:
Special VPN Deal
SAVE 49% TODAY
WITH OUR
Exclusive Offer
Get a Special Deal - 72% OFF!
With a biannual subscription
Exclusive Offer for BestVPN.com Visitors!
50% Off Annual Plan
Limited Time Only
Exclusive price of
$3.25/mo
Exclusive Offer
SAVE 72% TODAY
LIMITED TIME OFFER
Get NordVPN for only
$3.29/month