For the internet to deliver instant access to resources all over the world, which involves linking the computers or the sites with a unique domain name, there is need for a service that will help deliver this. DNS (Domain Name System ) translates human readable domain names, e.g www.geeksforgeeks.org to a computer readable IP address and vice versa.
BIND9 (Berkeley Internet Name Domain) is the package provides the conversion of the name to IP functionality.
Let us explore how to setup a master DNS server using BIND9 on Ubuntu 22.04|20.04. Ensure your server has a static IP address configured before you continue. If your server is using DHCP you’ll have to configure static one to affirm no IP address change will happen once the DNS Server is configured.
1) Bind DNS Server Installation
Before we begin installation of the necessary packages, it is always good to make sure you are running on an updated Ubuntu server:
sudo apt update -yDownload the necessary packages from Ubuntu base using apt:
sudo apt install -y bind9 bind9utils bind9-doc dnsutils
2) Bind DNS Server Configuration
The DNS main configuration directory is /etc/bind. It contains the zone-lookup files and other configuration files.
The global DNS conf file is located at /etc/bind/named.conf. This is however not used for local DNS configuration. /etc/bind/named.conf.local is used instead.
Create zones
We will do so in the /etc/bind/named.conf.local file. Use a text editor of your choice to edit the file.
We shall create the forward and reverse zones in the file. Below is a forward zone entry for neveropen.local domain. Change it your domain name in your configuration.
zone "neveropen.local" IN { // Domain name
type master; // Primary DNS
file "/etc/bind/forward.db"; // Forward lookup file
allow-update { none; }; // Since this is the primary DNS, it should be none.
};
Where:
- neveropen.local is the zone name.
- forward.db is the name of the forward lookup zone.
Add the following to the /etc/bind/named.conf.local for reverse zone
zone "10.16.172.in-addr.arpa" IN { //Reverse lookup name, should match your network in reverse order
type master; // Primary DNS
file "/etc/bind/reverse.db"; //Reverse lookup file
allow-update { none; }; //Since this is the primary DNS, it should be none.
};
- 10.16.172.in-addr.arpa os the zone name of reverse DNS. (If network is 172.16.10.0, the name will be reversed as in 10.16.172)
- reverse.db is the reverse DNS file.
3) Configure Bind DNS zone lookup files
The zone lookup files hold the DNS records for the forward and reverse zones.
- Foward zone lookup file
Copy the sample forward zone lookup file to a file called forward.db under the /etc/bind directory:
sudo cp /etc/bind/db.local /etc/bind/forward.dbTake note of the zone file syntax, domain names should end with a dot (.)
The acronyms on the file have the following description:
- SOA – Start of Authority
- NS – Name Server
- A – A record
- MX – Mail for Exchange
- CN – Canonical Name
We have to edit the zone file and update the content as below. Modify it as per your domain name:
sudo vi /etc/bind/forward.db$TTL 604800
@ IN SOA ns1.neveropen.local. root.ns1.neveropen.local. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
;@ IN NS localhost.
;@ IN A 127.0.0.1
;@ IN AAAA ::1
;Name Server Information
@ IN NS ns1.neveropen.local.
;IP address of Name Server
ns1 IN A 172.16.10.2
;Mail Exchanger
neveropen.local. IN MX 10 mail.neveropen.local.
;A – Record HostName To Ip Address
www IN A 172.16.10.3
mail IN A 172.16.10.4
;CNAME record
ftp IN CNAME www.neveropen.local.
2. Reverse zone lookup file
The acronyms in the revese zone file are:
- PTR – Pointer
- SOA – Start of Authority
Copy the sample reverse zone file in etc/bind to a file called reverse.db.
sudo cp /etc/bind/db.127 /etc/bind/reverse.dbEdit the contents in the file to fit your domain:
sudo nano /etc/bind/reverse.db;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA neveropen.local. root.neveropen.local. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
;Name Server Information
@ IN NS ns1.neveropen.local.
ns1 IN A 172.16.10.2
;Reverse lookup for Name Server
2 IN PTR ns1.neveropen.local.
;PTR Record IP address to HostName
3 IN PTR www.neveropen.local.
4 IN PTR mail.neveropen.local.
4) Check BIND DNS syntax
The named-checkconf command is used to check if the syntax is okay or if there is any error. The command should return to shell if there is no error
sudo named-checkconfThe named-checkzone command is used to check the syntax of the forward and reverse zone files:
#forward zone file
sudo named-checkzone neveropen.local /etc/bind/forward.db
#reverse zone file
sudo named-checkzone 10.16.172.in-addr.arpa /etc/bind/reverse.dbThe output should be:
#forward zone file
root@master:~# sudo named-checkzone neveropen.local /etc/bind/forward.db
zone neveropen.local/IN: loaded serial 2
OK
#reverse zone file
root@master:~# named-checkzone 10.16.172.in-addr.arpa /etc/bind/reverse.db
zone 10.16.172.in-addr.arpa/IN: loaded serial 1
OKFinally restart and enable BIND service:
sudo systemctl restart bind9
sudo systemctl enable bind95) Updating Bind DNS Records
A DNS record should be updated in both the /etc/bind/forward.db and /etc/bind/reverse.db files.
On updating the DNS record, change the serial number of both the forward and reverse zone files to a number greater than the current.
6) Testing the DNS Server
On any client machine, change its DNS server to our newly deployed server. In our case, it is 172.16.10.2.
DNS server setting varies with the operating system. In Ubuntu:
$ sudo vim /etc/resolv.conf
nameserver 172.16.10.2Let’s test our DNS resolution using the dig command. The dig command is used to get the information about a domain name, this includes things like the DNS server, the IP of the domain, the MX records, etc.
root@ubuntu:~# dig www.neveropen.local
; <<>> DiG 9.16.1-Ubuntu <<>> www.neveropen.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65241
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: fabd20125b9ccbff010000005f8c7204e1387a993d58c22f (good)
;; QUESTION SECTION:
;www.neveropen.local. IN A
;; ANSWER SECTION:
www.neveropen.local. 604800 IN A 172.16.10.3
;; Query time: 4 msec
;; SERVER: 172.16.10.10#53(172.16.10.10)
;; WHEN: Sun Oct 18 16:49:08 UTC 2020
;; MSG SIZE rcvd: 100The output has given the information about the ‘A’ record of neveropen.lan
To check the reverse DNS:
root@ubuntu:~# dig -x 172.16.10.3
; <<>> DiG 9.16.1-Ubuntu <<>> -x 172.16.10.3
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62529
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 7b8c9b8971f74afc010000005f8c72a8bdc5ebbdb4869578 (good)
;; QUESTION SECTION:
;3.10.16.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
3.10.16.172.in-addr.arpa. 604800 IN PTR www.neveropen.local.
;; Query time: 0 msec
;; SERVER: 172.16.10.10#53(172.16.10.10)
;; WHEN: Sun Oct 18 16:51:52 UTC 2020
;; MSG SIZE rcvd: 122This is a working proof that both the forward and reverse zone lookups are working fine.
Conclusion
We have successfully deployed a local DNS server on Ubuntu 22.04|20.04 LTS. This can be useful to a system administrator in your local network to manage your systems and applications. You could have your applications communicating via the domain names, this gets rid of having to re-configure your applications when the IPs change.
For Slave Server configuration check:
We have other articles exploring how to setup a slave DNS server. Feel free to reach to us any time you have a challenge or suggestion.
- Install PowerDNS on CentOS 8 with MariaDB & PowerDNS-Admin
- Configure Master / Slave BIND DNS Server on CentOS 8 / RHEL 8
- How To add DNS A/PTR Record in Windows Server
- How To add DNS Reverse Lookup Zone in Windows Server
