BIND 9

Versatile, classic, complete name server software

Why use BIND 9?

BIND 9 has evolved to be a very flexible, full-featured DNS system. Whatever your application is, BIND 9 probably has the required features. As the first, oldest, and most commonly deployed solution, there are more network engineers who are already familiar with BIND 9 than with any other system.

BIND 9 is transparent open source, licensed under the MPL 2.0 license. Users are free to add functionality to BIND 9 and contribute back to the community through our open Gitlab.

If you want source code, download a current version from the ISC website or our FTP site. Or, install our updated ISC packages for Ubuntu, CentOS/Fedora, and the standard Debian package. If you prefer Docker, get our official Docker image.

Help is available via our community mailing list, or you may purchase a support subscription for expert, confidential, 24×7 support from the ISC team.

Contact ISC for Support

who uses bind9? Major financial institutions, national and international carriers, regional and community ISPs, retailers and manufacturers, universities and educational networks, government agencies and organizations

BIND Uses on the Internet

Almost every Internet connection starts with a DNS lookup

Before your mail server sends an email, before your web browser displays a web page, there is a DNS lookup to resolve a DNS name to an IP address. Watch this DNS Fundamentals presentation from Eddy Winstead of ISC or read A Warm Welcome to DNS by Bert Hubert of PowerDNS. You may also enjoy this blog post from Jeff Osborn of ISC about how the Root Server System operates.

BIND 9 on the Internet

BIND is used successfully for every application from publishing the (DNSSEC-signed) DNS root zone and many top-level domains, to hosting providers who publish very large zone files with many small zones, to enterprises with both internal (private) and external zones, to service providers with large resolver farms.

Getting Started

Choosing a version

We support three major branches of BIND 9 at a time: Stable, Extended-Support, and Development. See this advice: Which version of BIND do I want to download and install? as well as our list of supported platforms.

We also maintain a significant feature matrix and changes file. When upgrading to a newer version, we recommend reviewing significant changes such as this article on Changes to be aware of when moving from BIND 9.18 to 9.20.

If you would prefer a GUI management interface, you might consider a Commercial Product based on BIND.

Installation

Instructions are available for Installing and Upgrading the latest version of BIND 9. ISC provides packages for Ubuntu and CentOS EPEL and Fedora and Debian - BIND 9 ESV, Debian - BIND 9 Stable, Debian - BIND 9 Development version. We also have official Docker images. Most operating systems also offer BIND 9 packages for their users. These may be built with a different set of defaults than the standard BIND 9 distribution, and some of them add a version number of their own that does not map exactly to the BIND 9 version.

Configuration

The BIND Administrator Reference Manual (ARM) included in the BIND distribution is the primary reference for BIND configuration. See the Best Practices documents in our Knowledgebase for configuration recommendations.

Resolver users may find Getting started with Recursive Resolvers to be useful. There are a number of excellent books on BIND; Ron Aitchison’s DNS for Rocket Scientists is generously posted on the Internet at Zytrax.com and can be a very helpful online reference tool.

Maintenance

Most users will benefit from joining the bind-users mailing list. We advise all users to subscribe to bind-announce@lists.isc.org to get announcements about new versions and vulnerabilities. For other news, see our BIND blogs.

If your DNS is critical to your business, we recommend you subscribe for technical support from ISC.

BIND and DNS Documentation and Advice
BIND Vulnerability Information

The BIND Administrative Reference Manual is the definitive command reference, but there are many other useful technical resources, including our knowledgbase, and the active user mailing list.

BIND Administrative Manual

Latest Development version BIND ARM, Current Stable version BIND ARM

ISC Knowledgebase

The ISC ‘KB’ includes both key policies and plans, such as the Software Support Plan as well as detailed technical articles, such as the BIND 9 Signifcant Features Matrix showing which features have recently been added or removed.

ISC Presentations

ISC technical staff frequently give talks at industry meetings. These can be an interesting source for random news and updates about BIND.

Known Issues lists

We try post significant oustanding unfixed issues in our BIND wiki here: Known issues in BIND 9.18, Known issues in BIND 9.20,

BIND Public GitLab Repo

The BIND team do most of their development work in a publicly-accessible, self-hosted GitLab instance. Anyone may read the issues and code there: to make a comment or add an issue, you must create a (free) account. Please note that we have an aggressive anti-abuse policy, out of necessity.

bind-users mailing list

The bind-users mailing list is a great community resource. Visit the list page to subscribe, or visit the list archives to read older posts. We hope everyone will participate on the list and help other users with patience and courtesy.

NIST Secure Domain Name System (DNS) Deployment Guide

The NIST Secure Domain Name System (DNS) Deployment Guide was re-written in 2025. There is some good, solid DNS advice here.

ISC has a well-developed system for handling software vulnerabilities responsibly. Here are some resources to help you secure your deployment.

ISC Software Defect and Vulnerability Disclosure Policy

This policy describes our committment and timeline for handling disclosures. This document explains how we score vulnerabilities, using the CVSS scoring system, to determine their severity.

Published BIND Security Advisories

View the BIND 9 Software Vulnerability Matrix for a listing of all the vulnerabilities that apply to current (not EOL) versions of BIND, or see the table which shows vulnerabilities by software version. Each vulnerability number is linked to the original Advisory document

Verifying ISC's source packages

You might wish to Verify the Integrity of ISC Downloads using PGP / GPG. A few years ago we changed our ISC software signing process.

Subscribe to receive release and vulnerability advisory notices

We recommend all users subscribe to the low-traffic bind-announce mailing list. We announce new version, including those with serious or critical security patches, on this mailing list.

bar chart showing major bind versions on the Y axis and the calendar quarters this version is officially supported on the X axis

Download BIND

ISC builds and maintains packages for every major operating system or download sources and build it yourself.

ISC packages may be found at: CentOS EPEL & Fedora, Ubuntu Launchpad, and Debian. We also have an official Docker image. Download sources here and follow these instructions to verify a download file. Note that BIND 9.18 and beyond will no longer support the native Windows(tm) operating system.

BIND 9

VERSION	STATUS	DOCUMENTATION	RELEASE DATE	EOL DATE
9.20.17	Current Stable, ESV	BIND 9.20 ARM ( HTML PDF ) Release Notes ( HTML )	December 2025	Q2, 2028
9.18.43	Older Stable, ESV	BIND 9.18 ARM ( HTML PDF ) Release Notes ( HTML )	December 2025	Q2, 2026
9.21.16	Development	BIND 9.21 ARM ( HTML PDF ) Release Notes ( HTML )	December 2025	Q2, 2028

Latest News

Performance Improvements in BIND 9.20 in Authoritative Configurations - December 2025

BIND 9.20 is well established and stable. This is a good time to look at the performance of BIND 9.

Read

The Domain Name System Runs on Open Source Software

Last week, ICANN published a report on the importance of open source in the DNS.

Read

ISC recognizes Fred Baker's years of service to the Internet

Fred Baker, ISC Board Member from 1994 - 2025

Read

Stork 2.2 adds DNS zone viewer

Stork 2.2 adds DNS support Since the last stable version of Stork we have begun adding support for monitoring DNS alongside DHCP.

Read

Mailing List

Join the bind-users mailing list to offer help to or receive advice from other users.

Join Now

Report a Bug

Before submitting a bug report, please ensure that you are running a current version. Then, if your issue is NOT a potential vulnerability, please log your report as an issue in our BIND GitLab project. If you think this bug may be a vulnerability, please open a confidential issue in our GitLab instance (preferred) or send an email to bind-security@isc.org.

Report

Test your EDNS Compliance

Test a domain to ensure full reachability and compliance with EDNS standards.

Test

BIND Knowledgebase

Consult our library of technical articles on BIND 9 and DNS.

Browse

BIND and DNS References

Administrator Reference Manual (ARM)	Links to current ARM on Read The Docs
Binary packages	CentOS & Fedora packages from ISC, Ubuntu package from ISC	Debian -BIND 9 ESV, Debian - BIND 9 Stable, Debian - BIND 9 Development version
Software version options	Supported operating systems	ISC’s Software Support Policy and Version Numbering
Features and versions	BIND 9 Significant Features Matrix	BIND 9 Changes file
Vulnerabilities	ISC Software Defect and Vulnerability Disclosure Policy	BIND 9 Vulnerability Matrix
Best practices	Authoritative Systems	Recursive Systems
DNSSEC	Additional references
US Government user information	Capability statement and other references	BIND 9 Security Technical Implementation Guidelines
Other	DNS tools and resources	History of BIND