The Domain Name System (DNS) is a hierarchical distributed naming system for computers connected over network. It resolves ip address correspondence to a domain name. A forward-only DNS server does not keep the domain information. If any query comes to this server, it forwards to the configured DNS server. A details information about DNS is available.
This article will help you to configure forward only Domain Name System (DNS) using Bind9 on Ubuntu, Debian, and LinuxMint systems.
Install DNS Packages
Bind9 is the most popular DNS server used worldwide. It is available under default apt-get repositories. So use the following commands to install the Bind9 domain name system.
sudo apt update sudo apt install bind9
Enable DNS Forwarding
We are configuring this server as forward only dns server. So edit bind configuration file
$ sudo vi /etc/bind/named.conf.options
and add the following settings:
options{
directory "/var/cache/bind";
recursion yes;
allow-query { 192.168.0.0/32; 127.0.0.1; };
forwarders {
8.8.8.8;
8.8.4.4;
};
forward only;
}
Change the DNS server 8.8.8.8 and 8.8.4.4 with suitable DNS server IPs. Using allow-query we can restrict access of dns server to specific IP ranges. To make it public dns server, comment allow-query line.
Verify Configuration Files
After making all configuration, verify all files using the following commands.
named-checkconf /etc/bind/named.conf named-checkconf /etc/bind/named.conf.options
If any of the above commands return error or warning, Please fix that before proceeding to the next step.
Restart DNS
After successful verification of all files, let’s restart the bind9 service using the following command.
sudo service bind9 restart
Test Setup
Finally, your DNS server is successfully configured and ready to use. Let’s verify that DNS is properly responding to queries. Below is the example commands to test it.
dig tecadmin.net ; <<>> DiG 9.9.5-3ubuntu0.5-Ubuntu <<>> tecadmin.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56343 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 13, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;tecadmin.net. IN A ;; ANSWER SECTION: tecadmin.net. 299 IN A 104.27.189.217 tecadmin.net. 299 IN A 104.27.188.217 ;; AUTHORITY SECTION: . 7776 IN NS c.root-servers.net. . 7776 IN NS i.root-servers.net. . 7776 IN NS b.root-servers.net. . 7776 IN NS l.root-servers.net. . 7776 IN NS h.root-servers.net. . 7776 IN NS e.root-servers.net. . 7776 IN NS a.root-servers.net. . 7776 IN NS f.root-servers.net. . 7776 IN NS k.root-servers.net. . 7776 IN NS j.root-servers.net. . 7776 IN NS m.root-servers.net. . 7776 IN NS d.root-servers.net. . 7776 IN NS g.root-servers.net. ;; Query time: 1332 msec ;; SERVER: 192.168.0.60#53(192.168.0.60) ;; WHEN: Thu Oct 08 16:24:11 IST 2015 ;; MSG SIZE rcvd: 281
3 Comments
/etc/bind/named.conf.options needs another semicolon on the end to close. otherwise this won’t work.
Should be like this:
options{
directory “/var/cache/bind”;
recursion yes;
allow-query { 192.168.0.0/32; 127.0.0.1; };
forwarders {
8.8.8.8;
8.8.4.4;
};
forward only;
};
Why did you specify a /32 netmask instead of /24 in the options stanza of the named.conf field?
I would even say, why it is not /16.