This document is designed to give Windows administrators a helping hand getting Bind going. The most recent update was written for Windows 7, other versions of Windows will probably have differences.

Last tested against BIND 9.9.2-P1



Alex Charrett



Cynthia Haselton for the updates around the BIND 9 installer and Active Directory integration.



It's worth noting that Bind works admirably on many operating systems (I've run it on Linux, Solaris and Irix as well as Windows) and these may be preferable in a security focused environment.


Download and install the Bind 9 Software

  • Download the latest version of bind from
  • Create a folder on your desktop called bind and extract the downloaded zip to it.
  • Open the newly created bind folder and right click on BINDInstall.exe and select "Run as administrator"
  • In the Bind 9 Installer window enter:
    • Target Directory: c:\named
    • Service Account Name: named
    • Service Account Password: Enter a secure password to use for the service to use
    • Confirm Service Account Password:  Enter the password again
    • Ensure that Automatic Startup is selected
    • Ensure that Keep Config files after uninstall is selected.
  • Click Install.
  • When the installer reports "BIND Installation completed successfully", click OK.
  • Click Exit to close the installer.



Configure Bind

  • Create a c:\named\zones folder
  • Download named.conf and save them to:
    • c:\named\etc\named.conf
    • c:\named\zones\
  • Open a command prompt and run:
    cd c:\named\bin
    rndc-confgen -a
    rndc-confgen > ..\etc\rndc.conf
  • Close the command prompt
  • Open c:\named\etc\rndc.conf in notepad
  • Cut to the clipboard the section belowthe line that says:
    # Use with the following in named.conf, adjusting the allow list as needed:
  • Save & close rndc.conf
  • Open c:\named\etc\named.conf in notepad
  • Paste the contents of the clipboard into the bottom of this file
  • Remove the hashes (#) from the beginning of the pasted lines.
  • Remove the line that says "End of named.conf"
  • Save & close named.conf



Configure your zone

  • Open c:\named\etc\named.conf in notepad.
  • In the zone definition for, modify the zone and file lines to reflect the domain you are configuring.
  • Save and close named.conf
  • Rename c:\named\zones\ to reflect your previous change in named.conf
  • Open this zone file in notepad.
  • Substitute all references to for the domain you are configuring.
  • Substitute namesever-hostname for the hostname of your nameserver.
  • Edit the last line so that the A record reflects the IP address of your server.
  • Edit the serial line to reflect today's date. The format for this line is YYYYMMDDRR where:
    YYYY = The year (e.g. 2005)
    MM = The month (e.g. 02)
    DD = The day (e.g. 22)
    RR = Today's revision of this file (e.g. 01)
  • Save and close the zone file.



Start the Bind service

  • Start -> right click on "Computer" and select "Manage" -> Services and Applications -> Services
  • Locate the "ISC Bind" service, right click on it and select start.
  • If it fails to start, errors can be found in the Event Viewer.



Create a Bind Reload batch file

To make reloading your nameserver easier, I recommend placing a batch file on your desktop to reload the nameserver. Reloading the nameserver enables Bind to re-read all the configuration and zone files (and thus allow implement any changes) without the need to restart the service.


  • Create a text file called "reload bind.bat" on the desktop, with the following content
    @echo off
    c:\named\bin\rndc reload



If you wish your Bind server to serve recursion




Should you require your Bind server to allow recursive queries, that is that it will need to be able to look up zones other than the ones you are hosting on this server (e.g. if this is to provide DNS service to a local network), you will need to enable recursion.


You will first need to generate a root hints file so your server knows where the root servers are. Ensure your Windows DNS configuration is pointing to a working DNS server (such as that of your ISP), open a command prompt and run:


c:\named\bin\dig NS . > c:\named\zones\db.root.hint.txt


Now add the following lines to your c:\named\etc\named.conf configuration file:


zone "." IN {
     type hint;
     file "db.root.hint.txt";


Also, in the global "options" section, change "recursion no" to "recursion yes" and, on the follwing line, add the following line to specify the range of IP addresses which you wish to allow recursion for:


allow-recursion {; };


Reload Bind for these changes to take effect.



Active Directory Integration

Should you wish for BIND to be the authoritative source of information for your Active Directory domain (if you don't know what this is, don't worry about this section) then you will need to delegate some of the special Active Directory subdomains to your Active Directory server.


; The address of my Active Directory server
yourdnsdc      IN  A

; services over tcp
_tcp    IN  NS

; services over udp
_udp    IN  NS

; domain controllers
_msdcs  IN  NS

; subnet locations
_sites  IN  NS