How to disable dynamic updates in BIND DNS

BIND (also called NameD) is the DNS system for most Unix-like and Linux networked servers. It controls all of the DNS functionality on those servers and thus needs to be secure. Dynamic updates allow remote servers to add, delete, or modify zone entries in DNS records. While there may be situations where this is necessary, it is better to disable it if you do not need it.

If you decide you need it, you can find more information about making it secure at Crypt.Gen.NZ. To disable dynamic updates, edit the named.conf file and edit each domain zone, setting “allow-update” to “note”

zone "globberific.net" IN {
....
allow-update { none; };
...
}

That is all it takes, although it is probably wise to do this before you end up with a lot of entries and have to go through each one and painstakingly remove all dynamic updates. Regardless, getting it done will give you a little more peace of mind.

Source: nixCraft
Photo: Flickr

What is named?

Question: I keep seeing the program called “named” running on my server. What is it?

Answer: Named is one of the DNS programs, also known as Bind, which is a free and open source DNS management system. Bind handles all of the DNS for your Linux server and is usually started at boot time and remains running as long as the server is on.

BIND stands for Berkeley Internet Name Domain and was originally created for BSD, although it now runs on most Linux distributions and other Unix-like operating systems. Named refers to the “name” program running as a daemon (or background program), represented by the letter “d”.

Many web hosting control panels have DNS support built in, so you will most likely not need to manipulate Bind from the command line. Nevetheless, it is still good to know something about using Bind, just in case something goes wrong.