Install and configure a DNS server with Bind9 on Linux
Emmanuel Gautier / April 19, 2015
5 min read
A service DNS (Domain Name Service) allows domain name resolution to an IP Address and other resources. This service is useful for example for browsing internet websites and not have to know IPs addresses for these websites.
Introduction
To put in place this kind of service, you need to use a specific technology. The most known one is Bind. This technology, maintained by the Internet Systems Consortium, is used by most of the major existing DNS services across the world including most of the root DNS servers.
In this tutorial, we will learn how to install and configure a DNS service with Bind9. We will use a simple configuration for an HTTP web server, a mail server, ... etc. You don't need to create real service here.
Installation et configuration
The first step is installing the package bind9. If you are on a Debian Like distribution, you can install with the following command:
sudo apt-get install bind9 dnsutils
You need now to configure your system to properly use the fresh new DNS server on your host. To do so, edit the resolv.conf
file with the following lines. The DNS queries will be done locally after.
# /etc/resolv.conf
nameserver 127.0.0.1
When the server is installed and started, we can configure the first website. The domain name picked does not matter, just avoid using an existing domain name to ease your tests. In this post, we will use the domain name mysite.lan
.
The domain name creation is done with a resource named zone
creating a new file to define it. This file contains the DNS records sent in the response for a DNS query. These informations can be IP Addresses for different services, sub-domain, TTL before checking again, ... etc.
Here, a configuration example for a domain name:
# /etc/bind/db.mysite.lan
$TTL 604800
@ IN SOA ns.mysite.lan. root.mysite.lan. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns.mysite.lan.
ns IN A 192.168.1.10
www IN A 192.168.1.100
The domain name configuration is done. Now, we need to declare this configuration in the domain names list of bind9 server.
# /etc/bind/named.conf.local
zone "mysite.lan" {
type master;
file "/etc/bind/db.mysite.lan";
};
Before restarting the server, we will check the configuration to ensure this file is correct to avoid DNS server errors and unavailability of the service. The named-checkzone
, included with the package bind9, will check the file syntax.
sudo named-checkzone mysite.lan /etc/bind/db.mysite.lan
We can now restart the server to apply the new configuration.
sudo service bind9 restart
Records
It exists different records type storing different information. Here is a list of the most common ones:
A Record
This record is the most used and indicates the IPv4 for a given domain name.
www IN A A.B.C.D
AAAA Record
This record is similar to A record and indicates the IPv6 for a given domain this time.
www IN AAAA ::A
CNAME Record (Canonical Name)
It allows creating an alias pointing to another record for the current domain name or another one. It is possible to create CNAME pointing to another CNAME record, but you should avoid it since it increases the number of DNS queries done before resolving the address.
mail IN CNAME www
ftp IN CNAME ftp.domain.tld.
www IN A A.B.C.D
MX Record (Mail Exchange)
The MX record point to an email server. This record must point to a A or AAAA record and can't point to a CNAME record.
However, it is possible to have multiple MX records with priority data allowing having a fallback solution in case an MX server is unreachable.
IN MX 10 mail1
IN MX 50 mail2
mail1 IN A A.B.C.D
mail2 IN A A.B.C.D
NS Record (Name Server)
The NS record indicates a DNS server for the domain.
IN NS domain.tld.
ns IN A A.B.C.D
TXT Record
This type allows storing text content. This record is used a lot to verify you are the owner of a domain name. For example, some services like Google Search Console, Github, mail SaaS solutions use this verification method.
domain.tld. IN TXT "text"
Test
Now, it's time to check that our DNS server is working properly and check the records you configured are taken into account. For testing purposes, you can use the dig
command line. You may need to install it first depending on your Linux distribution.
dig -x 127.0.0.1
You should have something similar to the following output in your terminal:
; <<>> DiG 9.9.5-3ubuntu0.2-Ubuntu <<>> -x 127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63705
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
[...]
;; Query time: 4 msec
;; SERVER: 192.168.245.2#53(192.168.245.2)
;; WHEN: Wed Apr 08 16:30:11 CEST 2015
;; MSG SIZE rcvd: 63
You can also show all the DNS records for a domain name with the following command:
dig mysite.lan
You can now compare all the records output from the command and that you previously configured. you should have seen the records you configured displayed.
Subscribe to the newsletter
Get emails from me about web development and a lot of topics related to tech.
Featured Posts
How to deal with Docker Hub rate limit on AWS
Since 2020, DockerHub has been limited to only 200 container image pull requests per six hours. This article will help you to deal with this limitation on AWS.
How to enable Python type checking in VSCode
Python now has support for type hints. In this article, we will see how to enable better IntelliSense and type checking analysis in VSCode.
How to manage Internationalization with NextJS SSG
Staticaly generating a website with the NextJS framework in different languages is not so obvious.