DNS Synchronization Service for BIND9
Bindizr is a Rust-based DNS control plane that manages zones and records via an HTTP API or CLI, stores data in a database backend (MySQL, PostgreSQL, or SQLite), and propagates changes to BIND9 secondary servers via AXFR/IXFR using DNS Catalog Zones.
-
Control Plane: Manage DNS zones and records through HTTP API or CLI commands. All changes are stored in the database (MySQL, PostgreSQL, or SQLite).
-
XFR Server: Built-in AXFR (full zone transfer) and IXFR (incremental zone transfer) server that serves zone data to secondary DNS servers. SOA serial numbers are automatically incremented on each change.
-
Catalog Zones: Bindizr uses DNS Catalog Zones (RFC 9432) to automatically propagate zone configuration to BIND9 secondary servers. When you create or delete a zone via the API/CLI, BIND9 automatically discovers and configures it without manual intervention.
-
Secondary DNS Servers: Standard BIND9 (or any RFC-compliant DNS server) instances configured as secondaries. They automatically discover zones through the catalog zone, pull zone updates from Bindizr's XFR server via zone transfer, and respond to DNS queries from clients.
$ sudo apt-get update
$ sudo apt-get install sudo ufw dnsutils bind9$ sudo yum install bind bind-utilsYou can download the latest bindizr binary from Release.
For building from source, see the packaging documentation.
For Debian-based systems (Ubuntu, Debian, etc.), you can install Bindizr using the .deb package:
# Install using dpkg
$ sudo dpkg -i bindizr_0.1.0_amd64.deb
# Verify installation
$ bindizrFor Red Hat-based systems (Fedora, CentOS, RHEL, etc.), you can install Bindizr using the .rpm file:
# Install the .rpm package
$ sudo rpm -i bindizr_0.1.0_amd64.rpm
# Verify installation
$ bindizrWe provide two methods for configuring BIND: a recommended automated script and a manual setup.
This script automatically detects your BIND configuration directory and configures BIND to use Bindizr's catalog zone for automatic zone discovery.
# Download and run the setup script
$ wget -qO- https://raw.githubusercontent.com/kweonminsung/bindizr/main/scripts/setup_bind.sh | sudo bash
# Restart bind service
$ sudo systemctl restart bind9 # For Debian-based systems
$ sudo systemctl restart named # For Red Hat-based systemsAlternative: Manual Setup
First, set variables for your BIND configuration. The paths vary depending on your operating system.
- For Debian-based systems (e.g., Ubuntu):
$ BIND_CONF_FILE=/etc/bind/named.conf $ BIND_CACHE_DIR=/var/cache/bind
- For Red Hat-based systems (e.g., Fedora, CentOS):
$ BIND_CONF_FILE=/etc/named.conf $ BIND_CACHE_DIR=/var/named/slaves
Update your main BIND configuration file ($BIND_CONF_FILE) by adding the following:
# Configure catalog zone support
cat <<EOF | sudo tee -a "$BIND_CONF_FILE"
options {
ixfr-from-differences yes;
catalog-zones {
zone "catalog.bind" {
default-primaries { 127.0.0.1 port 53; };
};
};
};
EOF
# Add catalog zone as secondary
cat <<EOF | sudo tee -a "$BIND_CONF_FILE"
zone "catalog.bind" {
type secondary;
primaries { 127.0.0.1 port 53; };
file "$BIND_CACHE_DIR/catalog.bind.zone";
ixfr-from-differences yes;
};
EOFNote: The catalog.bind zone automatically manages all zones created in Bindizr. When you create a new zone via the API or CLI, BIND will automatically configure it as a secondary zone without requiring manual configuration.
After saving the changes, restart the BIND service:
# Restart bind service
$ sudo systemctl restart bind9 # For Debian-based systems
$ sudo systemctl restart named # For Red Hat-based systemsCreate a configuration file for Bindizr:
$ vim /etc/bindizr/bindizr.conf.toml # or use any text editor you preferAdd the following configuration, adjusting values to match your environment:
listen_addr = "127.0.0.1" # Common listen address for all services
[api]
listen_port = 3000 # HTTP API listen port
require_authentication = true # Enable API authentication (true/false)
[database]
type = "mysql" # Database type: mysql, sqlite, postgresql
[database.mysql]
server_url = "mysql://user:password@hostname:port/database" # Mysql server configuration
[database.sqlite]
file_path = "bindizr.db" # SQLite database file path
[database.postgresql]
server_url = "postgresql://user:password@hostname:port/database" # PostgreSQL server configuration
[xfr]
listen_port = 53 # XFR server listen port (TCP)
secondary_addrs = "" # Comma-separated secondary DNS server addresses for NOTIFY (e.g., "192.168.1.2:53,192.168.1.3:53")
[logging]
log_level = "debug" # Log level: error, warn, info, debug, trace# Start Bindizr service
$ sudo systemctl enable bindizr
$ sudo systemctl start bindizr
# Create an API token for authentication
$ bindizr token createBindizr provides a command-line interface for managing the DNS synchronization service and API tokens.
# Start bindizr on foreground
$ bindizr start
# Start with a custom configuration file
$ bindizr start -c <FILE>
# Check the current status of bindizr service
$ bindizr status
# Send NOTIFY to secondary DNS servers for a zone
$ bindizr notify zone <ZONE_NAME>
# Show help information
$ bindizr --helpBindizr uses API tokens for authentication. You can manage these tokens using the following commands:
# Create a new API token
$ bindizr token create --description "API access for monitoring"
# Create a token with expiration
$ bindizr token create --description "Temporary access" --expires-in-days 30
# List all API tokens
$ bindizr token list
# Delete an API token by ID
$ bindizr token delete <TOKEN_ID>
# Show token command help
$ bindizr token --helpThe full HTTP API documentation is available at:
👉 https://kweonminsung.github.io/bindizr/
When making API requests, include the token in the Authorization header:
$ curl -H "Authorization: Bearer YOUR_TOKEN" http://localhost:3000/zonesThis project relies on the following core dependencies:
axum– A web application framework for building fast and modular APIs in Rust.sqlx- An async, pure Rust SQL crate featuring compile-time checked queries without a DSL.
This project is licensed under the Apache License 2.0.