Install and configure a DNS server with Bind9 on Linux

A service DNS (Domain Name Service) allows domain name resolution to an IP Address and other resources. This service is useful for example for browsing internet websites and not have to know IPs addresses for these websites.

Introduction

To put in place this kind of service, you need to use a specific technology. The most known one is Bind. This technology, maintained by the Internet Systems Consortium, is used by most of the major existing DNS services across the world including most of the root DNS servers.

In this tutorial, we will learn how to install and configure a DNS service with Bind9. We will use a simple configuration for an HTTP web server, a mail server, ... etc. You don't need to create real service here.

Installation et configuration

The first step is installing the package bind9. If you are on a Debian Like distribution, you can install with the following command:

sudo apt-get install bind9 dnsutils

You need now to configure your system to properly use the fresh new DNS server on your host. To do so, edit the resolv.conf file with the following lines. The DNS queries will be done locally after.

# /etc/resolv.conf
nameserver 127.0.0.1

When the server is installed and started, we can configure the first website. The domain name picked does not matter, just avoid using an existing domain name to ease your tests. In this post, we will use the domain name mysite.lan.

The domain name creation is done with a resource named zone creating a new file to define it. This file contains the DNS records sent in the response for a DNS query. These informations can be IP Addresses for different services, sub-domain, TTL before checking again, ... etc.

Here, a configuration example for a domain name:

# /etc/bind/db.mysite.lan
$TTL    604800
@       IN      SOA     ns.mysite.lan. root.mysite.lan. (
                        2           ; Serial
                        604800      ; Refresh
                        86400       ; Retry
                        2419200     ; Expire
                        604800 )    ; Negative Cache TTL
;
@       IN      NS      ns.mysite.lan.
ns      IN      A       192.168.1.10
www     IN      A       192.168.1.100

The domain name configuration is done. Now, we need to declare this configuration in the domain names list of bind9 server.

# /etc/bind/named.conf.local

zone "mysite.lan" {
  type master;
  file "/etc/bind/db.mysite.lan";
};

Before restarting the server, we will check the configuration to ensure this file is correct to avoid DNS server errors and unavailability of the service. The named-checkzone, included with the package bind9, will check the file syntax.

sudo named-checkzone mysite.lan /etc/bind/db.mysite.lan

We can now restart the server to apply the new configuration.

sudo service bind9 restart

Records

It exists different records type storing different information. Here is a list of the most common ones:

A Record

This record is the most used and indicates the IPv4 for a given domain name.

www    IN    A    A.B.C.D

AAAA Record

This record is similar to A record and indicates the IPv6 for a given domain this time.

www    IN    AAAA    ::A

CNAME Record (Canonical Name)

It allows creating an alias pointing to another record for the current domain name or another one. It is possible to create CNAME pointing to another CNAME record, but you should avoid it since it increases the number of DNS queries done before resolving the address.

mail    IN    CNAME  www
ftp     IN    CNAME  ftp.domain.tld.
www     IN    A      A.B.C.D

MX Record (Mail Exchange)

The MX record point to an email server. This record must point to a A or AAAA record and can't point to a CNAME record.

However, it is possible to have multiple MX records with priority data allowing having a fallback solution in case an MX server is unreachable.

         IN    MX  10  mail1
         IN    MX  50  mail2
mail1    IN    A       A.B.C.D
mail2    IN    A       A.B.C.D

NS Record (Name Server)

The NS record indicates a DNS server for the domain.

      IN    NS    domain.tld.
ns    IN    A     A.B.C.D

TXT Record

This type allows storing text content. This record is used a lot to verify you are the owner of a domain name. For example, some services like Google Search Console, Github, mail SaaS solutions use this verification method.

domain.tld.    IN    TXT    "text"

Test

Now, it's time to check that our DNS server is working properly and check the records you configured are taken into account. For testing purposes, you can use the dig command line. You may need to install it first depending on your Linux distribution.

dig -x 127.0.0.1

You should have something similar to the following output in your terminal:

; <<>> DiG 9.9.5-3ubuntu0.2-Ubuntu <<>> -x 127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63705
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

[...]

;; Query time: 4 msec
;; SERVER: 192.168.245.2#53(192.168.245.2)
;; WHEN: Wed Apr 08 16:30:11 CEST 2015
;; MSG SIZE  rcvd: 63

You can also show all the DNS records for a domain name with the following command:

dig mysite.lan

You can now compare all the records output from the command and that you previously configured. you should have seen the records you configured displayed.