Set Up DNS BIND Authentication

Berkeley Internet Name Domain (BIND) is the most popular Domain Name System (DNS) server in use today and responsible for performing domain-name-to-IP conversion on Linux-based DNS servers. The BIND package provides the named service. It reads the configuration from the /etc/named and /etc/named. conf files.

Create a DNS BIND authentication record in order to authenticate to a DNS BIND running on a Linux host, and scan it for compliance. Unix authentication is required so you'll also need a Unix record for the host running the DNS BIND.

DNS BIND record type is only available in accounts with PC/SCA module and is only supported for compliance scans.

Which technologies are supported?

For the most current list of supported authentication technologies and the versions that have been certified for VM and PC by record type, please refer to the following article: 

Authentication Technologies Matrix

How do I get started?

Note: Check that you have a Unix record already defined for the host running DNS BIND.

1) To create a DNS BIND authentication record for the same host, go to Scans > Authentication > New > Applications > BIND.

Note: If the Network Support feature is enabled, then the Unix record must have the same network selected as the DNS BIND record.

Tell me about user permissionsTell me about user permissions

Managers can add authentication records.

Unit Managers must be granted these permissions:
- Manage PC module / Manage SCA module
- Create/edit authentication records/vaults

2) Enter a DNS BIND authentication record title.

3)  Enter the Bin Path, Configuration file path, Base directory, and Chroot directory of DNS BIND on your Unix hosts.



Bin path

Specify absolute path of the DNS BIND Base64
encoded binary file location.
Example- "/usr/sbin/named".

Configuration file path

Specify absolute path of the DNS BIND Base64
encoded configuration file path.
Example- "/etc/named.conf".

Base directory

Specify Base64 encoded base directory. In BIND
configuration file, if an include file is relative path, it is relative to this base_dir.
Optional field, if not present, it will be derived from conf_path.
Example- If conf_path is /etc/named.conf and if
base_dir is not specified, then base_dir is set to
"/etc". It must be absolute path if specified.

Chroot directory

Specify Base64 encoded chroot directory. Optional field, only needed if BIND runs in a self contained environment. If present, must be absolute path and it will be prefixed to all other 3 paths.
Example- If chroot_dir is "/var/bind" and if
bin_path is "/usr/sbin/named", then the final bin_path will be "/var/bind/usr/sbin/named".


4)  Enter the IPs/Ranges to DNS BIND record and create the authentication record.

5) Download/view the DNS BIND authentication record once created.