2. Resource Requirements

2.1. Hardware Requirements

DNS hardware requirements have traditionally been quite modest. For many installations, servers that have been retired from active duty have performed admirably as DNS servers.

However, the DNSSEC features of BIND 9 may be quite CPU-intensive, so organizations that make heavy use of these features may wish to consider larger systems for these applications. BIND 9 is fully multithreaded, allowing full utilization of multiprocessor systems for installations that need it.

2.2. CPU Requirements

CPU requirements for BIND 9 range from i386-class machines, for serving static zones without caching, to enterprise-class machines to process many dynamic updates and DNSSEC-signed zones, serving many thousands of queries per second.

2.3. Memory Requirements

Server memory must be sufficient to hold both the cache and the zones loaded from disk. The max-cache-size option can limit the amount of memory used by the cache, at the expense of reducing cache hit rates and causing more DNS traffic. It is still good practice to have enough memory to load all zone and cache data into memory; unfortunately, the best way to determine this for a given installation is to watch the name server in operation. After a few weeks, the server process should reach a relatively stable size where entries are expiring from the cache as fast as they are being inserted.

2.4. Name Server-Intensive Environment Issues

For name server-intensive environments, there are two configurations that may be used. The first is one where clients and any second-level internal name servers query the main name server, which has enough memory to build a large cache; this approach minimizes the bandwidth used by external name lookups. The second alternative is to set up second-level internal name servers to make queries independently. In this configuration, none of the individual machines need to have as much memory or CPU power as in the first alternative, but this has the disadvantage of making many more external queries, as none of the name servers share their cached data.

2.5. Supported Platforms

The current support status of BIND 9 versions across various platforms can be found in the ISC Knowledgebase:

https://kb.isc.org/docs/supported-platforms

In general, this version of BIND will build and run on any POSIX-compliant system with a modern C11 (or better) compiler, BSD-style sockets with RFC-compliant IPv6 support, POSIX-compliant threads, and the required libraries.

The following C11 features are required to compile BIND 9:

  • Atomic operations support defined in <stdatomic.h>

  • Thread Local Storage support defined in <threads.h>

Where it makes sense, BIND 9 uses C-standard fixes introduced by C17 update of the C11 standard.

ISC regularly tests BIND on many operating systems and architectures, but lacks the resources to test all of them. Consequently, ISC is only able to offer support on a “best-effort” basis for some.

2.5.1. Regularly Tested Platforms

Current versions of BIND 9 are fully supported and regularly tested on the following systems:

  • Debian 11, 12

  • Ubuntu LTS 20.04, 22.04

  • Fedora 38

  • Red Hat Enterprise Linux / CentOS / Oracle Linux 8, 9

  • FreeBSD 12.4, 13.2

  • OpenBSD 7.3

  • Alpine Linux 3.18

The amd64 CPU architecture is fully supported and regularly tested.

2.5.2. Best-Effort

The following are platforms on which BIND is known to build and run. ISC makes every effort to fix bugs on these platforms, but may be unable to do so quickly due to lack of hardware, less familiarity on the part of engineering staff, and other constraints. None of these are tested regularly by ISC.

  • macOS 10.12+

  • Solaris 11

  • NetBSD

  • Other Linux distributions still supported by their vendors, such as:

    • Ubuntu 22.10+

    • Gentoo

    • Arch Linux

  • OpenWRT/LEDE 17.01+

  • Other CPU architectures (arm, arm64, mips64, ppc64, s390x)

2.5.3. Community-Maintained

These systems may not all have the required dependencies for building BIND easily available, although it is possible in many cases to compile those directly from source. The community and interested parties may wish to help with maintenance, and we welcome patch contributions, although we cannot guarantee that we will accept them. All contributions will be assessed against the risk of adverse effect on officially supported platforms.

  • Platforms past or close to their respective EOL dates, such as:

    • Ubuntu 14.04, 16.04, 18.04 (Ubuntu ESM releases are not supported)

    • Red Hat Enterprise Linux / CentOS / Oracle Linux 6, 7

    • Debian 8 Jessie, 9 Stretch, 10 Buster

    • FreeBSD 10.x, 11.x

  • Less common CPU architectures (i386, i686, mips, mipsel, sparc, ppc, and others)

2.6. Unsupported Platforms

These are platforms on which current versions of BIND 9 are known not to build or run:

  • Platforms without at least OpenSSL 1.0.2

  • Windows

  • Solaris 10 and older

  • Platforms that do not support IPv6 Advanced Socket API (RFC 3542)

  • Platforms that do not support atomic operations (via compiler or library)

  • Linux without NPTL (Native POSIX Thread Library)

  • Platforms on which libuv >= 1.34 cannot be compiled or is not available

2.7. Installing BIND 9

Building BIND 9 contains complete instructions for how to build BIND 9.

The ISC Knowledgebase contains many useful articles about installing BIND 9 on specific platforms.