Disabling BIND DNS? Should I?
 

Despite whether BIND is up to date or not, do I need BIND on my VPS?

Would it be possible to disable it in the scenario where I do not need my domain names to have nameservers that contain the domain name itself? (e.g. ns1.mydomainname.com)

Can I disable BIND and keep the domain names of the Registrar?
pdns07.domaincontrol.com
pdns08.domaincontrol.com

Do I need BIND?

With my Digital Ocean cloud servers, I just use godaddy's DNS offered with the domain registration. I use their DNS web tools to dd a host (and any other) record pointing to the DO server.

Indeed the only Name servers that need to be reachable are the authoritative ones. So if you don't need to run your own authoritative Name servers for domain names you're responsible for then indeed: don't ;-p

Thanks all! I figure that means I can remove port 53 on my firewall for both UDP and TCP in/out also?

Not if you expect your systems to connect to anything that isn't in their hosts file. They still need to be able to resolve names to ip addresses.

Thanks lazy dog. Just to clarify, that's just the port part, right? Or are you referring to disabling BIND?

Just the port. As stated above, if you have an authoritative DNS somewhere else it isn't needed.

If you're not running a nameserver on your machine, you don't need to allow incoming port 53.

Do you know which part of the system actually resolves names to IP addresses? Assuming that's on port 53 (TCP/UDP?) since you mentioned that?

Folks, I closed port 53 TCP & UDP IN. I left 53 TCP & UDP OUT open though. Any objections?

I may be asking a silly question here but why does 53 TCP/UDP OUT have to be open? I understand that the system needs to resolve hostnames to IPs but I don't understand how it does this (something on the system knows to use port 53 to do that?) and why it needs both UDP and TCP OUT and not one or the other.

Any details would be greatly appreciated. I'd consider this thread resolved in any case, so in 48 hours I'll mark it resolved whether one of you clever folks can answer this last query or not - Thanks :)

Sorry for the late reply, Long Weekend. :)

Everything that has a host name instead of an IP Address will use DNS to resolve that name to ip.

For example if you were running a mail serve that mail server config was most likely setup using host names not IP Addresses for sending and receiving mail. If that server cannot connect to DNS it cannot send mail.

Ah yes I see. Any quick and easy way to test if my server can currently resolve hostnames to IPs - definitively?

run dig on the server.

Very strange that I removed 53 from all fields in ConfigServer Firewall and I can still dig?

Or would you expect that? (I didn't)