Add bind9 server to IPFire system?

I haven’t found a PAKFire package for bind9, so I’m guessing this isn’t supported but…

My old gateway/firewall machine died after a (far too close!) lightning strike. I thought I’d use an IPFire distro to get a new one up and running fast – and it worked great!

Except for one thing: My old, hand-built firewall system was also a backup nameserver for my company’s domain. I’d really like to add that one functionality to the IPFire system rather than start from scratch, building a new firewall for myself starting with a Ubuntu server (like last time). I expect that EVERYTHING has changed – after all, more than a month has passed – so what I knew about setting one up last time is likely obsolete and incorrect now.

So, is it possible to add a bind9 (named) server to my IPFire system? If so, can anyone offer and tips, hints, pitfalls, etc.? Thanks!

This is old and not sure if it is helpful.

There is also some info on RFC2136 in the wiki.
Not sure if that is related?

IPfire has bind 9.16.44
Hope that helps.?
Would be great to hear how you make out.

This not true. IPFire uses unbound!

Both above are true.

unbound is used as the DNS server on IPFire.

bind is also installed but only used to provide the utilities

• dig
• host
• nslookup
• nsupdate

and the libraries

• libbind9
• libdns
• libirs
• libisc
• libisccc
• libisccfg
• libns

for those applications used in IPFire that require certain bind libraries to be linked in for their usage.
bind is not used as a dns server on IPFire.

I don’t think, these ‘standard’ tools are part of BIND9.

They are not part of the bind server but they are part of the bind source package and if you want them you have to install them from the bind source tar ball or you don’t have them.

IPFire just doesn’t install the named part of bind. It individually installs the specified tools by having a make install step for each of the tools.

The original poster wanted to have the bind named service and that is not provided in IPFire, as it uses unbound.

The only way to get the fuill bind installed would be to build a customised version of IPFire as per

https://wiki.ipfire.org/devel/ipfire-2-x/build-howto

but then you would also need to understand how to configure bind so that it could work with unbound also present so that DNS forward loops don’t occur.

Also every time IPFire had a new Core Update the customised build would need to be rerun and installed to keep up to date.

For a backup of another nameserver I would suggest installing it on another pc server that does not already have a DNS server on it.

Another thing is, that this breaks IPFire’s philosophy. Nearly should be configurable with the WUI. There are no faciities implemented.
Further most ( all? ) users/devs are familiar with the unbound system, but not BIND. So there is almost no support for this piece of software and it’s usage in an IPFire system.

Because communication in the internet relies heavily on DNS, I would not recommend such a massive change.
Using an alternative DNS server in the local network may be an opportunity.

Is unbound used for local name server?
If so, how do you find the names?

How do find the names with BIND?

IPFire uses the tool unbound-dhcp-leases-bridge.
This transfers the informations from the DHCP fixed leases to unbound.

One way is

• allow a new client to get a dynamic lease from DHCP server.
• hopefully the client tells its host name
• define a fixed lease for this client using the name for the comment
• unbound should know now .

This is a theoretical approach. Didn’t check all steps for effectiveness.

If there is a way to extract the local name data base from BIND, it may be possible to automate the transfer to unbound.

Not bind specific.
Unbound in IPfire. Uses the name in the dynamic lease section of the DHCP page?
And for fixed leases it uses the edit host page info.?

No, for fixed leases the ‘comment’ field is used as a host name ( if syntactical correct ). You have to transfer it, if you make a dynamic lease fixed.

Can this be done with unbound instead?