Set up Caching Nameserver on Windows using BIND

I think most of you who are running Linux already knew that you can set up a caching nameserver on your home computer in order to speed up dns queries (a proper word for this is forwarding caching resolver according to Necromancer at the comment below). But what if you’re on Windows and want to achieve the same thing (cache dns request)? Well thanks to BIND port for Windows, now you can also set up your own DNS Server on Windows easily

And to make things short, let’s get straight to the point ;)

1. First you’ll need to grab Bind from the ISC homepage (grab the Windows version of course), and at the time i wrote this, the latest Bind / Named version is 9.5.0–P1

2. When you’ve finished downloading BIND, now just you need to extract it somewhere on your harddrive and then followed by running BINDInstall.exe to install BIND. But first as a note, in this example i choose to Install BIND into C:\BIND

3. After the installation process finished, you’ll need to set up an environment variable path first to make it easier for you to call various BIND tools from any directory inside the command prompt. To do this you just need to go into Control Panel -> System -> Advanced -> Environment Variable. And then add / edit PATH to your BIND\bin directory … and based from this example the BIND\bin directory would be C:\BIND\bin

4. Now you need to create two folders / directories inside your BIND directory, let’s called it log (the end result would be C:\BIND\log) and zone (C:\BIND\zone)

5. Now to set up caching nameserver on windows using bind (so you can start the BIND service), you need to create a filename inside the etc directory under BIND directory called named.conf and then write these lines into the named.conf

options {
	directory "c:\bind\zone";
	allow-query { localhost; };
	forwarders { X.X.X.X; Y.Y.Y.Y; };
	forward only;
	#if you want  to bind to specific address only uncomment below
	#listen-on { 127.0.0.1; };
};

logging {
	channel queries_log {
		file "c:\bind\log\queries.log";
		print-severity yes;
		print-time yes;
	};
	category queries { queries_log ; };
};

zone "localhost." IN {
	type master;
	file "localhost.zone";
	allow-update { none; };
};
zone "0.0.127.in-addr.arpa." IN {
	type master;
	file "localhost.rev";
	allow-update { none; };
};

include "c:\bind\etc\rndc.key";

Note: Change XXXX into your ISP DNS Server, and also i put a logging for every request made but you can always turned off the logging feature if you want
6. Now you need to create two files inside the zone directory (C:\Bind\Zone) called localhost.zone, and localhost.rev and then write these lines:
localhost.zone

$TTL    86400
@               IN SOA  @       root (
                                        42              ; serial
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum
                IN NS           @
                IN A            127.0.0.1
                IN AAAA         ::1

localhost.rev

$TTL    86400
@       IN      SOA     localhost. root.localhost.  (
                                      1997022700 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
        IN      NS      localhost.
1       IN      PTR     localhost.

7. Now you need to open the command prompt and type:

cd C:\BIND\bin
rndc-confgen -a

8. Now go into windows directory -> system32 -> drivers -> etc … and create a filename called resolv.conf and write this line into resolv.conf

nameserver 127.0.0.1

9. Now we need to start the BIND service first. To do this you just need to type services.msc from the RUN Command or you can also get into Windows services from Control Panel -> Administrative Tools -> Services … and then start the ISC BIND service

10. Since everything has been configured, the last step would be testing it of course, to do this you just need to go into the command prompt and type:

dig reaper-x.com

At the first time you’ll see something like this (note: result may vary)

Query time: 453 msec

Now type (again)

dig reaper-x.com

and if you get (or at least the query time gets reduced)

Query time: 0 msec

11. Finally you just need to change the preferred DNS Server in your connection into 127.0.0.1 and you’re done

That means you’ve configured your caching nameserver using BIND on windows to cache dns request, congrats :)

But wait, what if you want to flush your dns cache? .. in order to flush your dns cache, all you have to do is just execute this command in the command prompt

rndc flush

Well basically that’s all about it :)

Comment?

Note: Comment may not appear right away.

25 comments on “Set up Caching Nameserver on Windows using BIND

  1. Hope someone is still at home, since this has been around for a while :-)

    I need to create a *non-forwarding* caching nameserver on win7 for my mail server…because the public ns it uses has so many users that we get black-listed on anti-spam testing sites. If we have our own, then our outbound smtp email queries will avoid being lumped together with other users queries

    Can this be modified to do that?

    1. Hello there and yes, i’m here :D.

      Are you trying to query the root servers directly instead of forwarding to let’s say Google DNS or similar service? if that’s what you mean, assuming that you’ve set everything up as stated in this blog post. All you have to do:

      1. Comment the forwarders and forward-only
      2. Add this to only allow recursion from localhost only:

      allow-recursion { 127.0.0.1; };

      3. And then this near the zone area:

      zone "." IN {
      	type hint;
      	file "root-hints.zone";
      };
      

      4. Finally you need to get the root-hints file from http://www.internic.net/domain/named.root and save it as c:/bind/zone/root-hints.zone then restart bind and done. Now you’re querying the root server directly :)

    1. This is really late but in case someone arrive here in the future. The answer is it is stored in RAM.

  2. Wonderful, precise and accurate tutorial. I could configure my local caching nameserver within 5 minutes, Its up and running perfect. Thanks a lot.

  3. Arise, dead post! Six years later, this still comes up in Google searches. What you say on the web really does last forever.

    FYI in Bind-speak, this is NOT a caching resolver, but a forwarding caching resolver. A caching only resolver would do the root lookup and walk the tree for each query and hold them, whereas you are forwarding your queries along to another resolver (like OpenDNS, your ISP, etc)

    This isn’t a problem for your readers, unless they want to resolve themselves to bypass using someone else’s resolver(s) for whatever reason, especially locked-down resolvers that filter replies. (for porn, warez, hacking/cheating, or if you’re in China, everything.)

    1. LOL! Thank you very much Necromancer. Btw actually i often update my old post that i deemed necessary if there’s an activity on that page (like a new comment) from a simple updated text message (or without if it’s just a small change) or rewriting some parts, into a complete rewrite. And i’ve mentioned the “forwarding caching resolver” into the first paragraph for the proper word for this :)

  4. hi i ve gone through all the settings as noted but when i try dig (site) it fail to respond but with ping a slit change is observed its showing 298ms. when i try nslookup (site): Cant find server name for address 127.0.0.1 server failed is the response. where could i have messed up? thanks

    1. Since i don’t know on what the exact problem is, i can only guess that perhaps Bind isn’t running yet (despite already installed as service) or the forwarders fails. I’d suggest using OpenDNS as the forwarder or Google Public DNS

    1. If you mean hosting your own dns server then that is possible but in order to get a valid domain name, you’ll need to buy it first from various domain registrars and later point it to your own dns server ;)

  5. Thank you for this great Tutorial. It works like a charm. the first “dig.exe Reaper-x.com” took about 2000 Seconds, but the second try took 64ms.

  6. This is definitely one of the best articles on getting Bind up and running on windows.

    One question I have is this:

    How can one set up DNS on one’s development computer such that

    – multiple Apache web server instances can be accomodated, each listening on different ports
    – custome TLD’s can be created for use within the the computer (ex. “.foo”)

    For example, I am running Bind 9 on my MS Windows XP Pro development laptop. I have two instances of Apache running, an instance of Tomcat, and SSL on port 443 which maps to one of the apache doc roots.

    CURRENT SETUP
    =============

    IP ADDRESS SERVER INSTANCE DOMAIN NAME DOCUMENT ROOT FOLDER
    ———- ————— ———– ——————–
    127.0.0.1:80 Apache 2.0.0.59 http://bluenote/ c:\http\www1

    127.0.0.1:8888 Apache 2.2.11 http://bluenote:8888/ c:\http\www2
    127.0.0.1:443 Apache 2.2.11 (SSL) https://bluenote/ c:\http\www2

    127.0.0.1:8080 Apache Tomcat http://bluenote:8080/ c:\http\www3

    Right now, I have to browse each site by using the “bluentoe” domain and appending a port number. I’d like to create different domains and sub domains mapped to each ip/port to facilitate development, especially with SSL certificates. I cannot simply modify the “hosts” file because the hosts file does not support IP addresses with a port number appended to them. For example, I CANNOT do the following with the windows hosts file:

    127.0.0.1 bluenote.foo
    127.0.0.1:8888 secure.bluenote.foo # (http) only
    127.0.0.1:443 secure.bluenote.foo # (https)
    127.0.0.1:8080 otherdomain.foo

    You can probably see what I’m trying to do. I want to create a made-up top level domain for use only on my development computer. Specifically, I want to do some testing with SSL certificates. Different internal domain names need to map to different instances of multiple webservers which listen on different ports.

    Anyone have any ideas? I am at my wits end trying to figure this out so any help is GREATLY appreciated!

    Thanks in advance,

    Bryce

    1. If i’m not wrong since browser can only detect domain name which is listened on standard http port which is 80 and 443 for https, if you set the web server to listen in different port, you’ll need to specify the port used by the other web server manually unless you created a redirection using htaccess file to automatically redirect the request to the specified port :)

      But of course i could be wrong here, if anyone else know the exact answer i’d be glad to hear it too :)

      p.s i know it’s an extremely late reply but .. anyway it’s still better than nothing right (i didn’t notice there’s a new comment posted back then) ;)

  7. Using windows 2000 pro. and get error when named
    attempts to start. error= “.\socket.:633: INSIST(err==0)failed, followed by error= exiting (due to assertion failure)

    I found another post with the same problem but no solutions suggested. Any help appreciated.

    P.S. I downloaded version 9.6 from isc site.

  8. can you try running the dig tools supplied with BIND? or are you sure that bind already running in the background?

    i just tried nslookup and dig, and it works fine

    nslookup http://www.yahoo.com

    Server: localhost
    Address: 127.0.0.1

    Non-authoritative answer:
    Name: www-real.wa1.b.yahoo.com
    Address: 209.131.36.158
    Aliases: http://www.yahoo.com, http://www.wa1.b.yahoo.com

    dig http://www.yahoo.com

    ; > DiG 9.5.0-P1 > http://www.yahoo.com
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADERhttp://www.yahoo.com. 273 IN CNAME http://www.wa1.b.yahoo.com.
    http://www.wa1.b.yahoo.com. 38 IN CNAME www-real.wa1.b.yahoo.com.
    www-real.wa1.b.yahoo.com. 37 IN A 209.131.36.158

    ;; AUTHORITY SECTION:
    wa1.b.yahoo.com. 97 IN NS yf2.yahoo.com.
    wa1.b.yahoo.com. 97 IN NS yf1.yahoo.com.

    ;; ADDITIONAL SECTION:
    yf1.yahoo.com. 1274 IN A 68.142.254.15
    yf2.yahoo.com. 1757 IN A 68.180.130.15

    ;; Query time: 15 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Fri Nov 28 09:45:16 2008
    ;; MSG SIZE rcvd: 162

  9. I followed your instructions but when I do an nslookup I get the following errors:

    C:\>nslookup
    *** Can’t find server name for address 127.0.0.1: Server failed
    Default Server: resolver1.opendns.com
    Address: 208.67.222.222

    >

    Any ideas how to fix this?

  10. Gamach, i just search the net for your problem and found this page

    Based from that page, i’m guessing that you’re experiencing the same problem like on that page too (although it’s for sql server)

    So try to check the ISC Bind service logon to use the username created specifically for Bind (the installation process ask you this) and don’t forget to use the same password when creating the BIND service

  11. Hi Reaper,
    i got a problem at step 9; trying to start the isp bind service … when i click START a error 1069 pop’up “the fail of openning a session fail the start of this service” … ty to debug me :P

  12. Reaper-X

    Thank you. I am facing the problem to host the webpage with my own computer. I would try to set it up according to your great guidelines.

    Try my best now.

  13. Hello,

    Thank you so much for this tutorial.. I was searching for a way to make a caching server on windows for a long time.