Domain Name System (DNS) is a hierarchical distributed naming system for computers connected over a network. It resolves IP address correspondence to a domain name. There are four types of DNS servers. Many of the popular web (cloud) hosting providers already provide DNS servers for their clients but if you want to set up your own DNS server, go through this article.
This article will help you to configure DNS server using bind9 packages on a Ubuntu, Debian, and LinuxMint systems. Bind is also known as named service.
The CentOS or Redhat users can follow this article to set up DNS server.
Step 1 – Install DNS (bind9) Packages
Bind9 is the most popular DNS server used worldwide. It is available under default package repositories. So just open a terminal and execute the following commands to install the bind9 packages.
sudo apt update
sudo apt install bind9 -y
Step 2 – Create Forward Zone File
As we are using a temporary domain named example.net. Create a forward DNS zone file under /etc/bind directory.
sudo vi /etc/bind/example.net.zone
Add the following content
; Forward Zone file for example.net $TTL 14400 @ 86400 IN SOA ns1.example.net. webmaster.example.net. ( 3013040200 ; serial, todays date+todays 86400 ; refresh, seconds 7200 ; retry, seconds 3600000 ; expire, seconds 86400 ; minimum, seconds ) ns1 IN A 192.168.1.212 ns2 IN A 192.168.1.212 example.net. 86400 IN NS ns1.example.net. example.net. 86400 IN NS ns2.example.net. example.net. IN A 192.168.1.100 www IN CNAME example.net.
Save the file and verify the file syntax:
named-checkzone example.net /etc/bind/example.net.zone
On successful, an OK message will appear on the output screen.
Step 3 – Create Reverse Zone File
Generally, reverse DNS configuration is not required, but in some cases, you may need to configure it. This is used to resolve the domain name corresponding to an IP address. For example, we are using the 192.168.1.0/32 IP range in our intranet. Create reverse DNS file named /etc/bind/db.1.168.192 with following content.
sudo vi /etc/bind/db.1.168.192
and add following content
; BIND reverse data file for local loopback interface ; $TTL 604800 @ IN SOA ns1.example.net. root.ns1.example.net. ( 3013040200 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS ns1.example.net. 100 IN PTR example.net. 101 IN PTR otherdomain.com.
Save the file and verify the file syntax:
named-checkzone 192.168.01.0/32 /etc/bind/db.1.168.192
On successful, an OK message will appear on the output screen.
Step 4 – Update Bind9 Main Configuration
You have created one forward zone and reverse zone configuration file. Next, edit the bind configuration file /etc/bind/named.conf.local and add the forward and reverse zone entries like below.
sudo vi /etc/bind/named.conf.local
Append following content
zone "example.net" IN { type master; file "/etc/bind/example.net.zone"; }; zone "1.168.192.in-addr.arpa" { type master; file "/etc/bind/db.1.168.192"; };
Save the file and check the configuration files:
named-checkconf /etc/bind/named.conf.local
named-checkconf /etc/bind/named.conf
On successful, nothing will appear on the output screen.
Step 5 – Restart bind9 Service
Once all the configuration files are verified, You can restart the bind9 service o apply changes.
sudo systemctl restart bind9
sudo systemctl status bind9
Output● named.service - BIND Domain Name Server Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2022-04-25 12:17:31 IST; 2h 16min ago Docs: man:named(8) Process: 10725 ExecStart=/usr/sbin/named $OPTIONS (code=exited, status=0/SUCCESS) Main PID: 10726 (named) Tasks: 4 (limit: 2271) Memory: 5.6M CPU: 146ms CGroup: /system.slice/named.service └─10726 /usr/sbin/named -u bind
The bind9 service should be active and running.
Step 6 – Verify the Setup
Finally, the DNS server is successfully configured and ready to use. Make sure your client system is using your DNS server as the default DNS server. Let’s verify that DNS is properly responding to queries. Below is example commands to test it.
Verify Forward Zone:
dig example.net
Output; <<>> DiG 9.16.1-Ubuntu <<>> example.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42007 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: b8e8bae7636ea5990100000062665dfb3fce096db82322ba (good) ;; QUESTION SECTION: ;example.net. IN A ;; ANSWER SECTION: example.net. 14400 IN A 192.168.1.100 ;; Query time: 4 msec ;; SERVER: 192.168.1.212#53(192.168.1.212) ;; WHEN: Mon Apr 25 14:04:08 IST 2022 ;; MSG SIZE rcvd: 84
Verify Reverse Zone:
dig -x 192.168.1.100
Output; <<>> DiG 9.16.1-Ubuntu <<>> -x 192.168.1.100 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26175 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: df64db0c13af750e0100000062665e1e52dc99d0a2d5dd41 (good) ;; QUESTION SECTION: ;100.1.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 100.1.168.192.in-addr.arpa. 604800 IN PTR example.net. ;; Query time: 0 msec ;; SERVER: 192.168.1.212#53(192.168.1.212) ;; WHEN: Mon Apr 25 14:04:43 IST 2022 ;; MSG SIZE rcvd: 108
Conclusion
This tutorial describes you set up a DNS server on Ubuntu, Debian, and Linux Mint systems.
2 Comments
another site with no help for beginners don’t understand what’s suppose to be done or how to
How did you disable / remove dnsmasq so that port 53 was available for bind9 to use as a dns server?
This is a problem on Linux Mint 17 which puts bind9 on port 953 when dnsmasq is already installed. (it is installed and active and attached to port 53 by default when you install Linux Mint 17 )
I added bind9 to my system and am now experiencing 15 second or longer delays in responses to queries from remote hosts. This delay blows mail services out of the water and delays client access to the web server. My bind9 server is being used as an authoritative dns for my domain so this affects everything associated to the domain.