Bind configuration
If you are using Bind as your DNS server and want to forward all incoming requests to our DNS server you can use the malware protection and content filtering features, please follow the steps below.
For more information on how Bind works you can visit the official website. IMPORTANT NOTE: Before proceeding with this guide, you must register your public IP address. Only registered IP addresses can use the malware protection and content filtering features on their network. You can do this by going here and then accessing the Networks section. 1. Move to the folder that contains the Bind configuration files. By default, the folder should be /etc/bind. 2. The file we need to change is the "named.conf.options" file, so open it in a text editor with sudo privileges. Once opened, the file should look something like this: >options { "/var/cache/bind" directory; dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; };
3. Within the options {} block we need to create another block called forwarders that will contain the IP addresses of the DNS servers to which we want to forward requests. In this case the IP addresses to be entered are as follows: >... options { directory "/var/cache/bind"; forwarders { 185.236.104.104; 185.236.105.105; };
4. Now we need to set the forward directive to "only," since our server should automatically forward all requests and not attempt to resolve them on its own. The configuration file should look like this when finished: >... options { directory "/var/cache/bind"; forwarders { 185.236.104.104; 185.236.105.105; }; forward only;
5. The last change we need to make is to the dnssec parameters, again within the same options block. What we need to do is change the dnssec-validation setting to "yes" and explicitly enable dnssec, as follows: >... forward only; dnssec-enable yes; dnssec-validation yes; auth-nxdomain no; # conform to RFC1035 ...
6. Save and close the file once you are done. To check if you have done everything correctly, we can use the tools provided by Bind to check the syntax of the configuration files. To do this, simply type the following command: >sudo named-checkconf If there are no syntax errors in the configuration, the shell prompt will terminate immediately without displaying any output. 7. Finally, you need to restart the Bind daemon to implement the changes. You can do this with the following command (the command below uses Bind 9: replace it with the version you are currently using): >sudo service bind9-restart We're done, and you should now have your Bind server properly configured to start filtering content and protecting your network from malware.
Other ways to ask: » How to configure Bind for Internet DNS filtering. » Configuring Bind for Internet DNS Filtering. How to.