How to Setup Forward Only DNS Server on Ubuntu & Debian

By 2 Mins Read

The Domain Name System (DNS) is a hierarchical distributed naming system for computers connected over network. It resolves ip address correspondence to a domain name. A forward-only DNS server does not keep the domain information. If any query comes to this server, it forwards to the configured DNS server. A details information about DNS is available.

Advertisement

This article will help you to configure forward only Domain Name System (DNS) using Bind9 on Ubuntu, Debian, and LinuxMint systems.

Install DNS Packages

Bind9 is the most popular DNS server used worldwide. It is available under default apt-get repositories. So use the following commands to install the Bind9 domain name system.

sudo apt update
sudo apt install bind9

Enable DNS Forwarding

We are configuring this server as forward only dns server. So edit bind configuration file

$ sudo vi /etc/bind/named.conf.options

and add the following settings:


options{
        directory "/var/cache/bind";
      	recursion yes;
        allow-query { 192.168.0.0/32; 127.0.0.1; };
        forwarders {
                8.8.8.8;
                8.8.4.4;
         };
	 forward only;

}

Change the DNS server 8.8.8.8 and 8.8.4.4 with suitable DNS server IPs. Using allow-query we can restrict access of dns server to specific IP ranges. To make it public dns server, comment allow-query line.

Verify Configuration Files

After making all configuration, verify all files using the following commands.

named-checkconf  /etc/bind/named.conf
named-checkconf  /etc/bind/named.conf.options

If any of the above commands return error or warning, Please fix that before proceeding to the next step.

Restart DNS

After successful verification of all files, let’s restart the bind9 service using the following command.

sudo service bind9 restart

Test Setup

Finally, your DNS server is successfully configured and ready to use. Let’s verify that DNS is properly responding to queries. Below is the example commands to test it.

dig tecadmin.net 


; > DiG 9.9.5-3ubuntu0.5-Ubuntu > tecadmin.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER
Share.

Related Posts

3 Comments

  1. Patatties on

    /etc/bind/named.conf.options needs another semicolon on the end to close. otherwise this won’t work.

    Should be like this:
    options{
    directory “/var/cache/bind”;
    recursion yes;
    allow-query { 192.168.0.0/32; 127.0.0.1; };
    forwarders {
    8.8.8.8;
    8.8.4.4;
    };
    forward only;

    };

    Reply
  2. Jeff H Silverman on

    Why did you specify a /32 netmask instead of /24 in the options stanza of the named.conf field?

    Reply
Leave A Reply


Exit mobile version