BIND Provider

This provider maintains a directory with a collection of .zone files.

This provider does not generate or update the named.conf file, nor does it deploy the .zone files to the BIND master. Both of those tasks are different at each site, so they are best done by a locally-written script.


The BIND provider does not require anything in creds.json. However you can specify a directory where the provider will look for and create zone files. The default is the zones directory (in the current directory).

  "bind": {
    "directory": "myzones",
    "filenameformat": ""      << The default

The BIND accepts some optional metadata via your DNS config when you create the provider:

In this example we set the default SOA settings and NS records.

var BIND = NewDnsProvider('bind', 'BIND', {
        'default_soa': {
        'master': 'ns1.example.tld.',
        'mbox': 'sysadmin.example.tld.',
        'refresh': 3600,
        'retry': 600,
        'expire': 604800,
        'minttl': 1440,
    'default_ns': [


The filenameformat parameter specifies the file name to be used when writing the zone file. The default is acceptable in most cases: the name as specified in the D() function, plus “.zone”.

The filenameformat is a string with a few printf-like % verbs:

Typical values:

The last example will generate the same name for both D("example.tld!inside") and D("example.tld!outside"). This assumes two BIND providers are configured in creds.json, eacch with a different directory setting. Otherwise dnscontrol will write both domains to the same file, flapping between the two back and forth.

FYI: get-zones

The dnscontrol get-zones all subcommand scans the directory for any files named *.zone and assumes they are zone files.

dnscontrol get-zones --format=nameonly - BIND all

If filenameformat is defined, dnscontrol makes an guess at which filenames are zones but doesn’t try to hard to get it right, which is mathematically impossible in all cases. Feel free to file an issue if your format string doesn’t work. I love a challenge!

FYI: SOA Records

DNSControl assumes that SOA records are managed by the provider. Most providers simply generate the SOA record for you and do not permit you to control it at all. The BIND provider is unique in that it must emulate what most DNS-as-a-service providers do.

When DNSControl reads a BIND zonefile:

DNSControl tries to maintain the serial number as yyyymmddvv. If the existing serial number is significantly higher it will simply increment the value by 1.

If you need to edit the SOA fields, the best way is to edit the zonefile directly, then run dnscontrol preview and dnscontrol push as normal.