DNS Server Prerequisites

For administrative access to a BIND9 server, some prerequisites must be met

AXFR Zone Transfer

The zones to be displayed must have AXFR zone transfer enabled. This is done by modifying the named.conf file for the zones.

acl "admin4" { key "rndc-key"; };
acl "myNet" { 192.168.0.0/24; };
zones:
allow-transfer { admin4; myNet; };

In this sample, both an ACL allowing access by IP address and an ACL using a key are used. Using key ACLs over IP addresses is recommended. The key can be the pre-configured rndc-key (used for the rndc tool) or created specifically for Admin4 access using rndc-confgen.

DDNS Updates

To allow updates, add

allow-update { admin4; };

to the zones. You really shouldn't use IP ACLs here for security reasons.

BIND9 Statistics

If your BIND server is version 9.7 or newer, you can enable statistics, which lets Admin4 display statistics and register zones automatically. In named.conf, add something like

statistics-channels {
inet * port 8053
allow { 192.168.0.0/24; }; };

Unfortunately, statistics-channel doesn't allow key ACLs, so you'd have to enable it by IP address. You can check if your configuration is active by accessing http://<dns-server>:8053 using a standard web browser; you should get the statistics XML then.