The following is a tutorial on how to install and configure a DNS server:

bind9 debian

MY SERVER SPECS:
root@ubuntu-DNSSVR:/home/tokunbo# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.2 LTS
Release: 16.04
Codename: xenial

In my setup, my server-IP is the same as my DNS-server IP:

auto enp0s3
iface enp0s3 inet static
address 172.16.1.20
netmask 255.255.255.0
gateway 172.16.1.1

First is to configure my server for internet access, however using a public DNS like 8.8.8.8. After DNS server is configured and tested ok, I'll change the DNS-server IP(on the DNS server) to its own server-IP.

1) UPDATE / UPGRADE DNS SERVER SYSTEM SOFTWARE if required:
sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade

2) INSTALL BIND9
sudo apt-get install bind9 bind9utils bind9-doc

ubuntu-bind9-dnsserver0

Figure-1: Bing9 installation

3) CONFIGURE CACHING
A caching name server saves DNS query results locally for a short time, thus helps to reduce the traffic on the server. In general server performance improves.

To configure Caching, we need to edit file: /etc/bind/named.conf.options

Uncomment these lines:
// forwarders {
// 0.0.0.0;
// };

Edit as follows:
forwarders {
8.8.8.8;
};

4) RESTART BIND9 SERVICE
sudo systemctl restart bind9

5) CHECK CACHING STATUS
Lets check if Caching is working or not:
command: dig -x 127.0.0.1
if you see an output like the below, it means caching is ok on the server:


root@ubuntu-DNSSVR:/etc/bind# dig -x 127.0.0.1

; <<>> DiG 9.10.3-P4-Ubuntu <<>> -x 127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 25019
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;1.0.0.127.in-addr.arpa. IN PTR

;; AUTHORITY SECTION:
in-addr.arpa.1132 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2017042842 1800 900 604800 3600

;; Query time: 88 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Jul 26 15:42:36 WAT 2017
;; MSG SIZE rcvd: 119

root@ubuntu-DNSSVR:/etc/bind#

ubuntu-bind9-dnsserver1

Figure-2: DNS-server caching test

6) EDIT BIND9 CONFIGURATION FILE

Bind9 configuration files are available in /etc/bind9 directory. We need to edit this file: /etc/bind/named.conf

By default, the file should have the lines below uncommented:

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

ubuntu-bind9-dnsserver2


save any changes you made to file: /etc/bind/named.conf

7) SET PROPER PERMISSIONS TO BIND9 DIRECTORY
The ideal permission and ownership for bind9 directory should be as follows:
sudo chmod -R 755 /etc/bind
sudo chown -R bind:bind /etc/bind

8) CHECK DNS CONFIG FILES - if there are any issues
command: sudo named-checkconf /etc/bind/named.conf
if all is well, there shouldnt be any output - meaning configuration is ok.

9) CONFIGURE DNS-SERVER IP ON SERVER
In my case, since the DNS server-IP is the same IP-address as the server itself, I editted my /etc/network/interfaces file and changed DNS server IP as follows:
dns-nameservers (my-dns-server-ip)

for example:
auto enp0s3
iface enp0s3 inet static
address 172.16.1.20
netmask 255.255.255.0
gateway 172.16.1.1
dns-nameservers 172.16.1.20

10) FINALLY RESTART BIND9 SERVICE
sudo systemctl restart bind9

---------------------------------------

TESTING TIME
On the server itself, if you check nslookup at terminal,

root@ubuntu-DNSSVR:/etc/network# systemctl restart bind9
root@ubuntu-DNSSVR:/etc/network# nslookup
> www.yahoo.com
Server: 172.16.1.20
Address: 172.16.1.20#53

Non-authoritative answer:
www.yahoo.com canonical name = atsv2-fp.wg1.b.yahoo.com.
Name: atsv2-fp.wg1.b.yahoo.com
Address: 46.228.47.115
> nairabytes.net
Server: 172.16.1.20
Address: 172.16.1.20#53

Non-authoritative answer:
Name: nairabytes.net
Address: 208.91.198.54
> cisco.com
Server: 172.16.1.20
Address: 172.16.1.20#53

Non-authoritative answer:
Name: cisco.com
Address: 72.163.4.161

Test from a client computer and set the DNS server accordingly.

Your comments and questions are welcome.!!!

Add comment


Security code
Refresh