How to Install and Configure Bind 9 (DNS Server) on Ubuntu / Debian System

Bind9-Ubuntu-Debian-System

DNS or Domain Name System, as we know is an internet service that is used to translate the user friendly domain into computer friendly IP addresses. Not only can we translate domain names to IP addresses, we can also perform reverse translation i.e. from IP addresses to domain name translations. In this tutorial, we are going to learn to setup a private DNS server by implementing BIND9 on Ubuntu/Debian system.

BIND or BIND 9 is an open source implementation of DNS, available for almost all Linux distributions. BIND stands Berkeley Internet Name Domain & it allows us to publish DNS information on internet as well as allows us to resolve DNS queries for the users. BIND is by far the most used DNS software on Internet. In this tutorial i will be using followings:

  • Bind Server IP (Ubuntu / Debian) = 192.168.0.40
  • Domain Name = linuxtechi.local
  • Private Network = 192.168.0.0/24

So let’s start the tutorial with the installation on packages for BIND 9….

Installation of Bind 9 on Debian / Ubuntu System:

We need to install ‘bind9 bind9utils bind9-doc dnsutils’ to install BIND 9 & related tools. Open your terminal & execute the following command,

[email protected]:~$ sudo apt-get install bind9 bind9utils bind9-doc dnsutils

Configuration of bind 9 on Debian / Ubuntu System:

Once all the packages have been installed, we will move into the configuration part. All configuration files for BIND are located in folder ‘/etc/bind’.

One of the important configuration file for bind is “/etc/bind/named.conf.options“, from this file we can set the followings parameters:

  • Allow Query to your dns from your private network (As the name suggests only the systems from your private network can query dns sever for name to ip translation and vice-versa)
  • Allow recursive query
  • Specify the DNS port ( 53)
  • Forwarders (DNS query will be forwarded to the forwarders when your local DNS server is unable to resolve query)

As per my private network settings, I have specified the following parameters:

[email protected]:~$ sudo vi /etc/bind/named.conf.options
options {
        directory "/var/cache/bind";
        auth-nxdomain no;    # conform to RFC1035
     // listen-on-v6 { any; };
        listen-on port 53 { localhost; 192.168.0.0/24; };
        allow-query { localhost; 192.168.0.0/24; };
        forwarders { 8.8.8.8; };
        recursion yes;
        };

Next Important Configuration file is “/etc/bind/named.conf.local“, in this file we will define the zone files for our domain, edit the file add the following entries:

[email protected]:~$ cd /etc/bind
[email protected]:~$ sudo vi named.conf.local
zone    "linuxtechi.local"   {
        type master;
        file    "/etc/bind/forward.linuxtechi.local";
 };

zone   "0.168.192.in-addr.arpa"        {
       type master;
       file    "/etc/bind/reverse.linuxtechi.local";
 };

Save the file & exit. Here we have mentioned locations for our forward lookup zone file & reverse lookup zone files. Next we will create the mentioned forward & reverse zone files.

Firstly create the forward lookup zone file, Sample zone files (db.local) are already there in ‘/etc/bind folder‘, we can use and copy sample zone file,

[email protected]:/etc/bind$ sudo cp db.local forward.linuxtechi.local
[email protected]:/etc/bind$ sudo vi forward.linuxtechi.local
$TTL    604800

@       IN      SOA     primary.linuxtechi.local. root.primary.linuxtechi.local. (
                              6         ; Serial
                         604820         ; Refresh
                          86600         ; Retry
                        2419600         ; Expire
                         604600 )       ; Negative Cache TTL

;Name Server Information
@       IN      NS      primary.linuxtechi.local.

;IP address of Your Domain Name Server(DNS)
primary IN       A      192.168.0.40

;Mail Server MX (Mail exchanger) Record
linuxtechi.local. IN  MX  10  mail.linuxtechi.local.

;A Record for Host names
www     IN       A       192.168.0.50
mail    IN       A       192.168.0.60

;CNAME Record
ftp     IN      CNAME    www.linuxtechi.local.

Your forward lookup file should look like something below:

Forward-lookup-bind9-file

Here, we have added information regarding our DNS server & have also added A records for couple of servers, also added record for a mail server & CNAME record for ftp server. Make sure you edit this file to suit your network.

Next we will create a reverse lookup zone file at the same location,sample reverse lookup zone file is present at ‘/etc/bind‘ folder.

[email protected]:/etc/bind$ sudo cp db.127 reverse.linuxtechi.local
[email protected]:~$ sudo vi /etc/bind/reverse.linuxtechi.local
$TTL    604800
@       IN      SOA     linuxtechi.local. root.linuxtechi.local. (
                             21         ; Serial
                         604820         ; Refresh
                          864500        ; Retry
                        2419270         ; Expire
                         604880 )       ; Negative Cache TTL

;Your Name Server Info
@       IN      NS      primary.linuxtechi.local.
primary IN      A       192.168.0.40

;Reverse Lookup for Your DNS Server
40      IN      PTR     primary.linuxtechi.local.

;PTR Record IP address to HostName
50      IN      PTR     www.linuxtechi.local.
60      IN      PTR     mail.linuxtechi.local.

Your Reverse Zone Lookup file should look like below:

Reverse-Zone-file-bind9

Save file & exit. Now all we have to do is to restart the BIND service to implement the changes made,

[email protected]:~$ sudo systemctl restart bind9
[email protected]:~$ sudo systemctl enable bind9

Note:- In case OS firewall is running on your bind server then execute the below command to allow 53 port

[email protected]:~$ sudo ufw allow 53
Rule added
Rule added (v6)
[email protected]:~$

Validating Syntax of bind9 configuration and Zone files

If you want to cross verify the syntax of your bind 9 configuration file (named.conf.local). Use the command “named-checkconf“, example is shown below:

[email protected]:~$ sudo named-checkconf /etc/bind/named.conf.local
[email protected]:~$

If there is no syntax error in your bind configuration file, then it should return to shell without showing any errors.

To cross verify the syntax your forward and reverse lookup zone files , use the command “named-checkzone“, example is shown below:

[email protected]:~$ sudo named-checkzone linuxtechi.local /etc/bind/forward.linuxtechi.local
zone linuxtechi.local/IN: loaded serial 6
OK
[email protected]:~$
[email protected]:~$ sudo named-checkzone linuxtechi.local /etc/bind/reverse.linuxtechi.local
zone linuxtechi.local/IN: loaded serial 21
OK
[email protected]:~$

Testing the DNS server with dig & nslookup

To test out our BIND 9 DNS server, we will use another Ubuntu machine & will change its DNS to point out our DNS server. To change the DNS server, open ‘/etc/resol.conf‘ & make the following DNS entry,

[email protected]:~$ sudo vi /etc/resolv.conf
search linuxtechi.local
nameserver 192.168.0.40

save the file & exit. We now have our client ready with DNS pointing to our server. We will now use a CLI tool called ‘dig‘ command , which is used to get find out DNS & its related information. Execute the following command from terminal,

[email protected]:~$ dig primary.linuxtechi.local

& we should get the following output from the command,

dig-command-query-ubuntu

This output shows that our DNS is working fine.

Let’s do reverse lookup query(PTR):

[email protected]:~$ dig -x 192.168.0.40

Output of command should be something like below:

dig-ptr-query-ubuntu

Also we can run ‘nslookup‘ command against our DNS server to confirm the output of dig command,

[email protected]:~$ nslookup primary.linuxtechi.local

& it should produce the following output,

nslookup-command-ubuntu

Note:- While running dig command, if you get ‘command not found’ error than we need to install ‘dnsutils’ package as dig command is part of ‘dnsutils’ package,

[email protected]:~$ sudo apt-get install dnsutils -y

Now that our server is working fine, we can add other servers like mail server, ftp server or web servers to DNS server configuration files by creating the appropriate records as per requirement. Also we have only setup a local DNS server in this tutorial, if you need to setup a public DNS than you will require a Public IP address for the same.

With this we end our tutorial on how to install & configure DNS server on Ubuntu/Debian using BIND 9. Please do send your valuable feedback/queries to us, we will be happy to address them all.

13 Responses

  1. FH says:

    Nice walktrough of a complex issue.

    You might reconsider using .local as your intranet name.

    Best practice is to use a FQDN and prefix it with eg. lan being lan.domain.tld. The need for it will show when you have to build a Microsoft AD.

    In the long run avoiding using .local will result in a more structured network and it will become more obvious if you operate mixed network using both Microsoft Windows, macOS and LInux.

    Also .local is a zeroconf domain used exclusively in zeroconf networking.

  2. Brad says:

    First off, I’m a complete Linux newbie!

    The restart command that you have above did not work for me. I had to run sudo /etc/init.d/bind9 restart to restart bind. Does this make any difference? How can I ensure that Bind is running as a service?

    Thanks.

  3. Taufik says:

    Thanx for sharing nice tutorial

  4. Robert de Wild says:

    Hello. Great write up thanks. I was able to follow and configure your directions pretty much to the tee. But, when I get to the NSLOOKUP it always just resolves to 127.0.0.53
    No idea really where that is coming from. I do have a /etc/resolv.conf that lists that address as nameserver.
    However, if I change that file, it just gets overwritten again on the next reboot.
    Any ideas?

  5. jackson bakari says:

    hi
    i just install my new bind9 dns but when i check to the ‘http://dnscheck.pingdom.com/’ i got this massage

    You don’t have permission to access / on this server.
    what does it means

  6. Mbonne says:

    Nice walk through. Exactly what I needed.
    +1 for FH comment about the .local in a mixed use environment.

  7. Gert Kruger says:

    Thanks for sharing! I am new to Ubuntu. It will help if you can provide a command to your comment: “Your forward lookup file should look like something below:”

    In other words, what command should we run to see the “forward lookup”?

    • Pradeep Kumar says:

      Hi Gert,

      In the tutorial i have copied the sample forward lookup file and then using vi editor I make changes that suits to my setup.

  8. Andreas Weier says:

    Hi,

    Thank you very much for this great tutorial.

  9. SANTANU says:

    How to configure dns-sec

  10. Kivi says:

    Hi, is there a option to add an entry without edit the file manual?

  11. Arben says:

    Hi, thank you very much for the tutorial. Can someone please explain why it was a requirement to put “primary” before the “.domainname.”.

    Thank you in advanced,

  12. Nithya says:

    Helpful Thanks

Leave a Reply to Mbonne Cancel reply

Your email address will not be published. Required fields are marked *

Pin It on Pinterest