BIND has been around for a while, and the nice thing about that is the good documentation. It even has a 200+ PDF you can download from https://www.bind9.net/bind-9.10.8-manual.pdf.
We use Devuan Linux for a lot of applications. The following code will install Bind9 on a Devuan server.
# install the bind9 package on a Devuan (Debian) server apt install -y bind9 bind9utils bind9-doc bind9-host dnsutils # verify the running version (just for fun) named -v # set localhost to be a nameserver for this system echo 'nameserver 127.0.0.1' >> /etc/resolv.conf
Note the last line. If this machine has a static IP address, it probably is pointing to a DNS server that is not internal. However, we have a fully functional name server right here, so why not use it?
BIND9 is pretty tried and true, so there are fewer attack vectors for it. However, it is fairly simple to harden the server by setting BIND9 to run in a chroot jail. In this case, even if someone does find a vulnerability, you limit what can be done.