Setup your own DNS Server with Bind

Share Button

If you are playing with the thought setting up your own DNS Server than this article is for you, just follow the steps and you won’t run into problems. What does DNS stands for and what does a DNS Server do? DNS stands for Domain Name Service. It maps out IP (Internet Protocol) address to fully qualified domain names (FQDN) to one another. This will makes it easy for use human because we don’t have to remember the IP addresses any longer just the name. Ubuntu will make use of BIND (Berkeley Internet Naming Daemon) as a DNS Server and that’s what I am going to walk you through in setting up.

Installation

The installation is very simple and there are two ways I am going to show you. Start a terminal window or if you are using a Ubuntu Server just login. Elevate the Terminal/Console to superuser with the following command:

sudo -s

hit enter and type in your password. from now on we don’t need to use sudo any longer for each command. In the next step we are installing BIND and a collection of dnsutilities. Enter the following:

apt-get install bind9 dnsutils

hit enter and accept any dependencies if any showing. That’s it your DNS Server is installed.

Configuration

The installation was easy now we have to start the configuration which required some hands on work. What I am going to show you will be a Primary Master DNS Server with forwarders to Googles DNS Servers even though you don’t really need to add forwarders to Googles DNS Server because the ROOT Hints would take care of forwarding all requests that can not be answered by your local DNS Server to the root dns servers. By using the forwarder your local DNS Server will cache all requests and will be quicker the next time. I thought that might be a nice feature to have. On Ubuntu all BIND configurations files are located under /etc/bind and the main configuration file is /etc/bind/named.conf. Let have a look at this one.

// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
// structure of BIND configuration files in Debian, *BEFORE* you customize 
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

As you can see there only three commands in this file and all it does is to load three other files. The named.conf.option is intended for general bind options, the named.conf.local content is for the zones and the named.conf.default-zones is for the localhost and root zones. Let’s get started and add our forwarders. As our forwarders I will use Googles DNS Servers with the following IP addresses: 8.8.8.8 & 8.8.4.4. Go and use your favorite text editor and open up /etc/bind/named.conf.options and you should see something like this:

options {
    directory "/var/cache/bind";

    // If there is a firewall between you and nameservers you want
    // to talk to, you may need to fix the firewall to allow multiple
    // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

    // If your ISP provided one or more IP addresses for stable 
    // nameservers, you probably want to use them as forwarders.  
    // Uncomment the following block, and insert the addresses replacing 
    // the all-0's placeholder.

     forwarders {
         8.8.8.8;
        8.8.4.4;
     };

    //========================================================================
    // If BIND logs error messages about the root key being expired,
    // you will need to update your keys.  See https://www.isc.org/bind-keys
    //========================================================================
    dnssec-validation auto;

    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };
};

The section with the red words is usually commented just remove the // and fill in your desired DNS Servers and save this file. Now restart the bind9 server to enable the configuration changes we just made. Enter the following command to restart:

service bind9 restart

Now you should be able to point your computers on the network to your own DNS Server and all requests to the internet will be forwarded. Just try one machine and do a nslookup www.linux.com and you should receive the following.

Server:        192.168.0.2
Address:    192.168.0.2#53

Non-authoritative answer:
Name:    www.linux.com
Address: 140.211.167.50
Name:    www.linux.com
Address: 140.211.167.51

Well that was not too bad. Let’s get right to setting up our Primary Master DNS Server for our network. We are going to create two new files db.yournetwrok.com and db.192. The first one is the forward lookup zone for our network and the other one is the reverse lookup zone. Use your desired text editor and open the file /etc/bind/names.conf.local and you should see something like this:

//
// Do any local configuration here
//
zone "yournetwork.com" {
    type master;
    file "/etc/bind/db.yournetwork.com";
    };
zone "0.168.192.in-addr.arpa" {
    type master;
    file "/etc/bind/db.192";
    };
logging {
    channel query.log {
        file "/var/log/query.log";
        severity debug 3;
    };
    category queries { query.log; };
};
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

The section in red will add our forward lookup zone, the section in blue will add our reverse lookup zone and the green section is for extra logging. Use those as a template for your own network set up. In order to save us some typing we just copy the localhost forward lookup zone and change the values to match our network. Just enter

cp /etc/bind/db.local /etc/bind/db.younetwork.com

and now use your desired text editor and open /etc/bind/db.yournetwork.com and you should see something like this:         (I’ll make comments on each line in blue)

;
; BIND data file for bms.lan network
;
$TTL    604800                                     ;This is the Time To Live option keep the default
@    IN    SOA    ns1.bms.lan. root.ns1.bms.lan. (   ;This tells BIND the Start of Authority, in the is your NameServers FQDN and in green is the SysAdmins Email address, you have to entere the dots on the end of each name
             2012102600    ; Serial    ;This is the serial number and needs to be incremented upon each modification, I recommend to use YYYYMMDD##
             604800        ; Refresh    ;refresh time
              86400        ; Retry         ;retry time
            2419200        ; Expire     ;after it expires
             604800 )    ; Negative Cache TTL ;time when cache expires
       IN    A    192.168.0.2            ;IP address of this SOA
;
@      IN    NS    ns1.bms.lan.    ;your nameservers FQDN
@      IN    A    192.168.0.2       ;the IP of your nameserver
@      IN    AAAA    ::1               ; IPv6 localhost address
ns1     IN    A    192.168.0.2      ; A record of your nameserver with IP address
dd-wrt    IN    A    192.168.0.1  ;another A record for the device on IP 192.168.0.1
storage    IN    A    192.168.0.20   ;another A record for the device on IP 192.168.0.1
ap     IN    A    192.168.0.254   ;another A record for the device on IP 192.168.0.1

Here are some examples of common record types for this forward zone. There is the Canonical Name record:

accesspoint IN CNAME ap    ;This means that accesspoint in another name for ap

Then there a mailbox entries for example:

          IN MX 10 mail.yournetwork.com
     mail IN A 192.168.0.114

The first line indicates the mailbox (MX) with priority of 10 to be mail.yournetwork.com and the second line has that corresponding A record pointing to 192.168.0.114. The priority number will be used to determine which server should be asked first if there are not than one MX record. The lower the number the higher the priority and there is also the NameServer record (NS) like you have seen in our configuration. The NS records lists all NameServers that carry a copy of the zones.

Now save your db.yournetwork.com file and restart bind9 enter the following:

service bind9 restart !!!Don't restart yet unless you already have a working set up !!!

you should be able now to query those entries from a workstation that uses your nameserver. Everything works??? Great!! Let’s setup the reverse lookup zone. Here again to save some typing time let’s copy the db.127 to our db.192. Type the following:

cp /etc/bind/db.127 /etc/bind/db.192

Use your desired text editor and open /etc/bind/db.192 and you should see something like this:

;
; BIND reverse data file for 192.168.0 network
;
$TTL    604800
@    IN    SOA    ns1.bms.lan. root.ns1.bms.lan. (
             2012102500    ; Serial
             604800        ; Refresh
              86400        ; Retry
            2419200        ; Expire
             604800 )      ; Negative Cache TTL
;
@    IN    NS     ns1.
2    IN    PTR    ns1.bms.lan.
1    IN    PTR    dd-wrt.bms.lan.
20   IN    PTR    storage.bms.lan.
254  IN    PTR    ap.bms.lan.

I don’t have to say too much to this since its almost the same except the bottom part. We only have to use the last octet out of the entire IP address and add IN PTR and then the FQDN followed by a dot. PTR stands for Pointer and tells BIND that IP x points to FQDN. The same rule for the serial number from the previous file applies here too, increment it upon each change to the file. I also recommend here to use the same scheme YYYYMMDD##. In order to make the changes work enter the following:

service bind9 restart

Now everything should work local name resolution and internet name resolution. Please let me know if you have anything to add or if you just have some questions. In case you like to know more about BIND I recommend the following two books:

DNS and BIND 5th Edition

DNS and BIND Cookbook

 

Thanks for reading MSJ ;)

About Michael St. John

Michael St. John is a System Engineer in Albuquerque, NM. I am working with Linux since 1994 and started with the Linux Distribution Slackware. I used Slackware till I needed and more flexible and easier way to maintain my systems and I looked into Debian/Ubuntu and loved Ubuntu right away. I don't have to worry any longer about solving dependencies or compiling code every time an update was available to patch exploits or bugs and that when Ubuntu 8.04 was just released and the rest is history.
This entry was posted in BIND, Command Line, DNS, Miscellaneous, Networking, Server and tagged , , , , , , . Bookmark the permalink.

Leave a Reply