Configure BIND DNS Server to Listen Only On Certain IP Address or Network Interface

I want to to configure named ( BIND DNS Sever daemon ) to listens only on eth1 interface which has an IP address 202.54.1.2. How do I configure my named BIND DNS name server to listen only on certain network interface or IP address on a Linux or Unix-like systems?

The listen-on option specifies IPv4 address to listen on. There is no interface specific option but IP is assigned to specific interface, so by specific IP you can force BIND to listen on certain IP or network interface.

Bind listen-on syntax

IPv4 specific syntax is as follows to listen on 202.54.1.2; IP address. Edit named.conf (typically /etc/bind/named.conf)

listen-on { 202.54.1.2; };

To listen on all interfaces and IP (default)

listen-on { any; };

IPv6 option is as follows:

 listen-on-v6 { any; };
 listen-on-v6 { ipv-6-address; };

Here is sample configuration snapshot from named.conf file:

options
{
        //listen-on-v6 { any; };
        listen-on { 202.54.1.2; };
        directory "/var/named"; // the default
        dump-file               "data/cache_dump.db";
        statistics-file         "data/named_stats.txt";
        memstatistics-file      "data/named_mem_stats.txt";
        dnssec-enable yes;
        recursion no;
        allow-notify { 202.54.1.3; 202.54.1.4; };
        version "go away";
};

Finally don’t forget to restart the bind server on a CentOS/RHEL 7.x:
# systemctl restart named
OR chrooted named on a CentOS/RHEL 7.x:
# systemctl restart named-chroot
Or use the following syntax on a CentOS/RHEL 6.x or older:
# service bind restart
Or use the following syntax on a Ubuntu/Debian Linux server:
# service bind9 restart
OR
# /etc/init.d/bind9 restart

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

Your support makes a big difference:

I have a small favor to ask. More people are reading the nixCraft. Many of you block advertising which is your right, and advertising revenues are not sufficient to cover my operating costs. So you can see why I need to ask for your help. The nixCraft takes a lot of my time and hard work to produce. If everyone who reads nixCraft, who likes it, helps fund it, my future would be more secure. You can donate as little as $1 to support nixCraft:

6 comment

Hi,
i have static ip address 123.50178.82 and domain mailswithus.com i want to configure a dns for my mail server with spf and mx record how i have to configure dns and mail server ?

Thanks very helpful…..

Thank you for your article. Bind was only listen to 127.0.0.1 and now it’s listening on all interfaces.

Thank you so much.
I am amazed that even these 5-6 year old posts are helping us in 2013.

Andy says:
April 5, 2015 at 2:00 am
Still valid in 2015 :D
1. Ryan says:
  May 6, 2015 at 6:16 pm
  Bump

Comments are closed.

Bind listen-on syntax

Posted by: Vivek Gite

Share this on (or read 6 comments/add one below):

6 comment