How to Setup DNS server using Bind9 on Ubuntu 16.04

Join us at the Alibaba Cloud ACtivate Online Conference on March 5–6 to challenge assumptions, exchange ideas, and explore what is possible through digital transformation.

By Hitesh Jethva, Alibaba Cloud Tech Share Author. Tech Share is Alibaba Cloud’s incentive program to encourage the sharing of technical knowledge and best practices within the cloud community.

DNS (Domain Name System) is an internet service that can be used to translate the user-friendly domain into computer-friendly IP addresses. You can also perform reverse translation i.e. from IP addresses to domain name translations using DNS. BIND also known as a Berkeley Internet Name Domain is an open source implementation of DNS. BIND allows you to publish DNS information on the internet and resolve DNS queries for the users. BIND is one of the most widely used DNS software around the world. Putting a DNS server on a network is a great way to improve the management of your servers and desktop systems. You can configure different views in a single BIND server. This allows you to give internal and external users different views of your DNS data, keeping some DNS information private. BIND comes with wide range of features including, TSIG, nsupdate, IPv6, rndc, views, multiprocessor support, Response Rate Limiting (RRL), DNSSEC, Split DNS, DNSSEC Validation and much more.

In this tutorial, we will go through how to set up a Domain Name System (DNS) server using BIND9 on an Alibaba Cloud Elastic Compute Service (ECS) Ubuntu 16.04 server.

Prerequisites

  1. A fresh Alibaba Cloud Ubuntu 16.04 instance.
  2. A static IP address 192.168.0.102 setup in your instance.
  3. A root password is set up to your instance.

Launch Alibaba Cloud ECS Instance

First, log in to your Alibaba Cloud ECS Console. Create a new ECS instance, choosing Ubuntu 16.04 as the operating system with at least 2GB RAM. Connect to your ECS instance and log in as the root user.

Once you are logged into your Ubuntu 16.04 instance, run the following command to update your base system with the latest available packages.

apt-get update -y

Install BIND 9

By default, BIND 9 is available in the Ubuntu 16.04 default repository. You can easily install it by just running the following command:

apt-get install bind9 bind9utils bind9-doc dnsutils -y

After installing BIND 9, you will need to set BIND to IPv4 mode. You can do this by editing /etc/systemd/system/bind9.service file:

nano /etc/systemd/system/bind9.service

Make the following changes:

[Service]
ExecStart=/usr/sbin/named -f -u bind -4

Save and close the file. Then, reload the systemd daemon to read the new configuration into the running system:

systemctl daemon-reload

Next, restart BIND service to apply the changes:

systemctl restart bind9

Configure BIND 9

All the configuration files for BIND 9 are located inside /etc/bind directory. First, you will need to edit /etc/bind/named.conf.options file and add forwarders. Forwarders. DNS query will be forwarded to the forwarders when your local DNS server is unable to resolve the query.

nano /etc/bind/named.conf.options

Add the following lines:

forwarders {
8.8.8.8;
};

Save and close the file. Then, you will need to configure /etc/bind/named.conf.local file. This file will be used to define the zone for your domain.

nano /etc/bind/named.conf.local

Add the following lines:

// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "example.com" {
type master;
file "/etc/bind/forward.example.com";
};
zone "0.168.192.in-addr.arpa" {
type master;
file "/etc/bind/reverse.example.com";
};

Save and close the file, when you are finished.

Configure Forward and Reverse Lookup Zone

Next, you will need to configure forward and reverse lookup zone for your domain. A forward lookup zone is a DNS zone in which hostname to IP address relations is stored. When a computer asks the IP address of a specific hostname, the forward lookup zone is checked and the desired result is returned.

A reverse lookup zone is the opposite of a forward lookup zone. It returns the fully qualified domain name of a host based on its IP address.

Here, we will use test.example.com as a private Fully-Qualified Domain Name.

First, change the directory to the /etc/bind with the following command:

cd /etc/bind/

Next, copy the sample forward and reverse lookup zone file with the following command:

cp db.127 reverse.example.com
cp db.local forward.example.com

Next, open the forward lookup zone file:

nano /etc/bind/forward.example.com

Make the following changes:

$TTL    604800
@ IN SOA test.example.com. root.test.example.com. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
@ IN NS test.example.com.
test IN A 192.168.0.102
www IN A 192.168.0.102
@ IN AAAA ::1

Save and close the file. Then, open reverse lookup zone file:

nano /etc/bind/reverse.example.com

Make the following changes:

$TTL    604800
@ IN SOA test.example.com. root.test.example.com. (
1
604800
86400
2419200
604800 )
@ IN NS test.example.com.
test IN A 192.168.0.102
102 IN PTR test.example.com.

Save and close the file. Then, open /etc/resolv.conf file:

nano /etc/resolv.conf

Add the following lines:

search example.com
nameserver 192.168.0.102

Save and close the file. Then, restart BIND 9 service to apply the changes:

systemctl restart bind9

Next, check the forward and reverse lookup zone file for any syntax error with the following command:

named-checkzone forward.example forward.example.com

If everything is fine. You should see the following output:

zone forward.example/IN: loaded serial 2
OK

Next, check the reverse lookup zone file:

named-checkzone reverse.example reverse.example.com

If everything is fine. You should see the following output:

zone reverse.example/IN: loaded serial 1
OK

Test BIND 9 DNS Server

BIND 9 is now configured. It’s time to check whether it is working or not.

Here, we will use the dig command line tool to check DNS & its related information with the following command:

dig test.example.com

You should see the following output:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> test.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46893
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test.example.com. IN A
;; ANSWER SECTION:
test.example.com. 604800 IN A 192.168.0.102
;; AUTHORITY SECTION:
example.com. 604800 IN NS test.example.com.
;; Query time: 0 msec
;; SERVER: 192.168.0.102#53(192.168.0.102)
;; WHEN: Sun Sep 16 14:23:46 IST 2018
;; MSG SIZE rcvd: 75

Now, test using the reverse lookup query as shown below:

dig -x 192.168.0.102

Output:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> -x 192.168.0.102
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3223
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;102.0.168.192.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
0.168.192.in-addr.arpa. 604800 IN SOA test.example.com. root.test.example.com. 1 604800 86400 2419200 604800
;; Query time: 1 msec
;; SERVER: 192.168.0.102#53(192.168.0.102)
;; WHEN: Sun Sep 16 14:32:34 IST 2018
;; MSG SIZE rcvd: 112

You can also use nslookup command against your DNS server to confirm the output of dig command:

nslookup test.example.com

You should see the following output:

Server:        192.168.0.102
Address: 192.168.0.102#53
Name: test.example.com
Address: 192.168.0.102

Next, use nslookup command against your DNS server IP address:

nslookup 192.168.0.102

You should see the following output:

Server:         192.168.0.102
Address: 192.168.0.102#53
102.0.168.192.in-addr.arpa name = example.com.

That’s it! You have successfully installed and configured BIND 9 on Alibaba Cloud Elastic Compute Service (ECS) Ubuntu 16.04 server.

Reference:https://www.alibabacloud.com/blog/how-to-setup-dns-server-using-bind9-on-ubuntu-16-04_594469?spm=a2c41.12583900.0.0

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store