In this tutorial, we will walk through the installation and basic configuration of the BIND9 DNS server.
How to configure BIND9 DNS Server on Ubuntu 20.04:
The first thing you need to do is to update the package list and to install BIND9.
sudo apt update sudo apt install bind9
After the installation process is complete, you can check if BIND9 is working.
sudo apt-get update sudo apt-get install ca-certificates curl gnupg
The answer will be something like this:
Server: 127.0.0.1 Address: 127.0.0.1#53
Non-authoritative answer: Name: google.com Address: 64.233.164.138 ...
The DNS server works right after installation. You need to configure it according to your usage purposes. First, allow BIND9 to work through the firewall.
sudo ufw allow Bind9
Some of the available options are listed below. Add the necessary to the “options” directive.
The “listen-on” directive allows you to specify the networks that the DNS server will serve. Don’t write this or write “any;” to work for all addresses.
listen-on { 10.10.10.0/24; 10.1.0.0/16; ... };
BIND9 only allows local queries by default. Add the necessary IP addresses to the “allow-query” directive or “any;” to allow all requests.
allow-query { any; };
Forwarders contain the IP addresses of DNS servers to which the request is redirected if our server does not contain the required data.
forwarders { 8.8.8.8; 8.8.4.4; };
Save and close the file. Check the configuration:
sudo named-checkconf
If no errors appear, then everything is in order. Restart the service for the changes to take effect.
sudo systemctl restart bind9
To check if the DNS server is working properly, enter the following command on any other remote computer. Replace dns-server-ip-address with the IP address of the DNS server.
nslookup ubuntu.com dns-server-ip-address
Output:
Server: dns-server-ip-address Address: dns-server-ip-address#53
Non-authoritative answer: Name: ubuntu.com Address: 91.189.88.181 ...
Now you have a working caching name server BIND9.
You can use the DNS server in different ways. We will configure BIND9 as the primary DNS server for a domain name. After that, you can specify the IP addresses of various domain services, for example, the mail server, as well as third-level domains.
In this tutorial, we will use “domain-name.com” as an example. Symply change it to your domain name. Also, you need to use your real IP addresses instead of 10.1.1.xxx in the example.
Let’s add zone information to the configuration.
sudo nano /etc/bind/named.conf.local
Add these lines to it.
zone "domain-name.com" { type master; file "/etc/bind/db.domain-name.com"; allow-transfer { 10.1.1.10; }; also-notify { 10.1.1.10; }; };
Restart the service.
systemctl reload bind9
Create a zone file from the template and open it.
sudo cp /etc/bind/db.local /etc/bind/db.domain-name.com sudo nano /etc/bind/db.domain-name.com
Replace localhost in the SOA record with the FQDN of your server with the “.” character at the end. In the example, this is “ns.domain-name.com.”. Replace “root.localhost” with your valid admin email address with “.” instead of “@” in it and “.” at the end.
Serial – serial number of the change. You have to manually increment it every time you change the zone file. The secondary server monitors changes in the zone using this parameter.
; ; ; $TTL 604800 @ IN SOA ns.domain-name.com. admin.domain-name.com. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS ns.domain-name.com. @ IN A 10.1.1.1 ns IN A 10.1.1.9 ns2 IN A 10.1.1.10 mx IN A 10.1.1.15
The bottom of the file contains DNS records. The format of the record: hostname<tab>class<tab>DNS record type<tab>value. Where:
Restart the rndc.
sudo rndc reload
You can check the DNS server. Enter this command from any remote computer.
nslookup domain-name.com 10.1.1.9
Replace domain-name.com with your FQDN and 10.1.1.9 with the address of the newly configured name server. Your domain’s DNS A-record will be used as the response. In the given example, this is 10.1.1.1.
The secondary DNS server works for fault tolerance. If the primary one stops working for some reason, the secondary one will ensure the functionality of the website and other resources specified in it.
If you configured the primary DNS server according to our instructions, you can skip this step.
We must allow the primary DNS server to transmit DNS zone data to the secondary server. Open the BIND9 configuration file.
sudo nano /etc/bind/named.conf.local
Add the following 2 parameters to the zone settings: allow-transfer and also-notify, substituting the IP address of the secondary server in them. The result will be something like this.
zone "domain-name.com" { type master; file "/etc/bind/db.domain-name.com"; allow-transfer { 10.1.1.10; }; also-notify { 10.1.1.10; }; };
Save this file and reload BIND9.
sudo systemctl reload bind9
Open the BIND9 configuration file.
sudo nano /etc/bind/named.conf.local
Add the following directive to it.
zone "domain-name.com" { type slave; file "db.domain-name.com"; masters { 10.1.1.9; }; };
The masters parameter must contain the IP address of the primary DNS server. Save the file and reload BIND9.
sudo systemctl reload bind9
To check if the secondary DNS server is working correctly, use the command on any remote computer:
nslookup domain-name.com 10.1.1.10
Use your FQDN instead of domain-name.com and the IP address of your secondary DNS server instead of 10.1.1.10.
Output:
Server: 10.1.1.10 Address: 10.1.1.10#53
Name: domain-name.com Address: 10.1.1.10