Logo

dev-resources.site

for different kinds of informations.

How to Install and Configure a Private BIND DNS Server on Ubuntu 22.04

Published at
12/5/2024
Categories
ubuntu
dns
cloud
Author
aditi_b
Categories
3 categories in total
ubuntu
open
dns
open
cloud
open
Author
7 person written this
aditi_b
open
How to Install and Configure a Private BIND DNS Server on Ubuntu 22.04

DNS (Domain Name System) plays a crucial role in mapping human-readable domain names into machine-friendly IP addresses, acting as a "phonebook" in the middle. Whether you're managing a private network or hosting web services, a reliable DNS solution ensures smooth communication and connectivity. The BIND (Berkeley Internet Name Domain) DNS server, one of the most widely used and trusted DNS software, offers a reliable infrastructure for creating and managing domain name resolution services. Its flexibility, scalability, and support for advanced configurations make it the go-to choice for administrators around the globe.

Hero-image

In this guide, we will walk you through setting up a private BIND 9 DNS server and forward and reverse zone configurations, ensuring your network has a solid foundation for efficient and reliable name resolution.

Prerequisites

  • A Virtual Machine (such as the ones provided by NodeShift), with at least:

    • 2 vCPUs
    • 2 GB RAM
    • 10 GB SSD
  • Ubuntu 22.04 VM

Note: The prerequisites for this are highly variable across use cases. A high-end configuration could be used for a large-scale deployment.

Step-by-step process to install BIND DNS server on Ubuntu 22.04

For this tutorial, we'll use a CPU-powered Virtual Machine by NodeShift, which provides high-compute Virtual Machines at a very affordable cost on a scale that meets GDPR, SOC2, and ISO27001 requirements. It also offers an intuitive and user-friendly interface, making it easier for beginners to get started with Cloud deployments. However, feel free to use any cloud provider you choose and follow the same steps for the rest of the tutorial.

Step 1: Setting up a NodeShift Account

Visit app.nodeshift.com and create an account by filling in basic details, or continue signing up with your Google/GitHub account.

If you already have an account, login straight to your dashboard.

Image-step1-1

Step 2: Create a Compute Node (CPU Virtual Machine)

After accessing your account, you should see a dashboard (see image), now:

1) Navigate to the menu on the left side.

2) Click on the Compute Nodes option.

Image-step2-1

3) Click on Start to start creating your very first compute node.

Imag-step2-2

These Compute nodes are CPU-powered virtual machines by NodeShift. These nodes are highly customizable and let you control different environmental configurations, such as vCPUs, RAM, and storage, according to your needs.

Step 3: Select configuration for VM

1) The first option you see is the Reliability dropdown. This lets you choose the uptime guarantee level you seek for your VM (e.g., 99.9%).

Imag-step3-1

2) Next, select a geographical region from the Region dropdown where you want to launch your VM (e.g., United States).

Image-step3-2

3) Most importantly, select the correct specifications for your VM according to your workload requirements by sliding the bars for each option.

Imag-step3-3

Step 4: Choose VM Configuration and Image

1) After selecting your required configuration options, you'll see the available VMs in your region and as per (or very close to) your configuration. In our case, we'll choose a '4 vCPUs/4GB/80GB SSD' Compute node.

2) Next, you'll need to choose an image for your Virtual Machine. For the scope of this tutorial, we'll select Ubuntu, as we will deploy the DNS server on Ubuntu 22.04.

Image-step4-1

Step 5: Choose the Billing cycle and Authentication Method

Two billing cycle options are available: Hourly, ideal for short-term usage, offering pay-as-you-go flexibility, and Monthly for long-term projects with a consistent usage rate and potentially lower cost.

Imag-step5-1

2) Next, you'll need to select an authentication method. Two methods are available: Password and SSH Key. We recommend using SSH keys, as they are a more secure option. To create one, head over to our official documentation.

Image-step5-2

Step 6: Finalize Details and Create Deployment

Finally, you can also add a VPC (Virtual Private Cloud), which provides an isolated section for you to launch your cloud resources (Virtual machine, storage, etc.) in a secure, private environment. We're keeping this option as the default for now, but feel free to create a VPC according to your needs.

Also, you can deploy multiple nodes at once by clicking + in the Quantity option.

Image-step6-1

That's it! You are now ready to deploy the node. Finalize the configuration summary; if it looks good, go ahead and click Create to deploy the node.

Image-step6-2

Step 7: Connect to active Compute Node using SSH

As soon as you create the node, it will be deployed in a few seconds or a minute. Once deployed, you will see a status Running in green, meaning that our Compute node is ready to use!

Once your node shows this status, follow the below steps to connect to the running VM via SSH:

1) Open your terminal and run the below SSH command:

(replace root with your username and paste the IP of your VM in place of ip after copying it from the dashboard)

ssh root@ip
Enter fullscreen mode Exit fullscreen mode

2) If SSH keys are set up, the terminal will authenticate automatically.

3) In some cases, your terminal may take your consent before connecting. Enter 'yes', and you should be connected.

Output:

ImagE-step7-1

Step 8: Install BIND 9

1) Before moving to the installation of BIND 9, let's first update the package source list and upgrade the softwares

apt update -y && apt upgrade -y
Enter fullscreen mode Exit fullscreen mode

Output:

Imag-step8-1

2) Install packages for BIND 9

We'll install the below three packages to install BIND 9 on our DNS server

  • bind9 - BIND 9 DNS server software.

  • bind9utils - Utilities for BIND 9.

  • bind9-doc - A documentation package for BIND 9.

apt install bind9 bind9utils bind9-doc -y
Enter fullscreen mode Exit fullscreen mode

Output:

Image-step8-2

3) Check if the BIND 9 service is running

systemctl status bind9
Enter fullscreen mode Exit fullscreen mode

Step 9: Configure BIND DNS Server

We'll configure the BIND 9 DNS server with its two configuration files: named.conf.options, which is its main configuration file, and named.conf.local, which is used to define local DNS zones for a private domain.

1) Configure named.conf.options

a) Open the file with the Nano editor

sudo nano /etc/bind/named.conf.options
Enter fullscreen mode Exit fullscreen mode

The file that opens up looks like this:

Image-step9-1

b) Edit the file content

Modify your named.conf.options file to look similar to this

acl LAN {
    192.168.2.0/24;  // allow LAN Traffic range
};

options {
    directory "/var/cache/bind";

    allow-query { localhost; LAN; }; 

    forwarders { 
        1.1.1.1;  // fwd unresolved queries to Cloudfare
        1.0.0.1;
    };  

    recursion yes; 
};
Enter fullscreen mode Exit fullscreen mode

Once you've made the changes, save the file (Ctrl + O > ENTER) and exit the editor (Ctrl + X).

c) Check the syntax with named-checkconf

named-checkconf /etc/bind/named.conf.options
Enter fullscreen mode Exit fullscreen mode

If it executes successfully without any errors/outputs, the syntax is correct.

  1. Configure named.conf.local

a) Open the file using Nano Editor

sudo nano /etc/bind/named.conf.local

Enter fullscreen mode Exit fullscreen mode

the opened file looks like this:

Image-step9-2

b) Edit the content of the file

(replace <YOUR_REVERSE_IP_NAME> with your reverse zone IP name)

zone "nodeshift.local" IN { //define forward zone
        type master;
        file "/etc/bind/zones/forward.nodeshift";
};
zone "<YOUR_REVERSE_IP_NAME>.in-addr.arpa" IN { // define reverse zone
        type master;
        file "/etc/bind/zones/reverse.nodeshift.rev";
};
Enter fullscreen mode Exit fullscreen mode

c) Check the syntax

named-checkconf /etc/bind/named.conf.local
Enter fullscreen mode Exit fullscreen mode

If it executes successfully without any errors/outputs, the syntax is correct.

Step 10: Configure the Zone files

Now, let's configure the zone files we defined in the previous step.

First, create a directory for zone files to save our files.

mkdir /etc/bind/zones
Enter fullscreen mode Exit fullscreen mode

1) Create forward zone file

First, we'll create a forward zone file /etc/bind/zones/forward.nodeshift , which will be responsible for helping the BIND DNS server to resolve names (e.g., bindserver.nodeshift.local) to IP addresses (e.g., 192.168.2.2).

a) Copy the default db.local zone file to /etc/bind/zones/forward.nodeshift

cp /etc/bind/db.local /etc/bind/zones/forward.nodeshift
Enter fullscreen mode Exit fullscreen mode

b) Open forward.nodeshift file in Nano editor

sudo nano /etc/bind/zones/forward.nodeshift
Enter fullscreen mode Exit fullscreen mode

c) Make the necessary edits

$TTL    604800
; SOA record for forward.nodeshift zone
@       IN      SOA     nodeshift.local. root.nodeshift.local. (
                              1         ; Serial (increment after each change)
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
; NS record pointing to the authoritative nameserver 
@       IN      NS      bindserver.nodeshift.local.
; A record for name server
bindserver      IN      A       192.168.2.2
; A record for clients
client1      IN      A       192.168.2.3
client2      IN      A       192.168.2.4
Enter fullscreen mode Exit fullscreen mode

the edited file looks something like this:

Image-step10-1

d) Check the configuration with named-checkzone

named-checkzone nodeshift.local /etc/bind/zones/forward.nodeshift

Output:

Image-step10-2

2) Configure the reverse zone file

Next, we'll create and configure the reverse zone file /etc/bind/zones/reverse.nodeshift.rev. It is responsible for helping the DNS server to resolve IP addresses -> Names (for e.g., 192.168.2.2 -> bindserver.nodeshift.local)

a) Copy the default db.local file to /etc/bind/zones/reverse.nodeshift.rev

cp /etc/bind/db.local /etc/bind/zones/reverse.nodeshift.rev

b) Edit the content of the file, according to the below instructions

(replace <YOUR_SERVER_IP> with your server's IP address)

$TTL    604800
; SOA record for reverse.nodeshift zone
@       IN      SOA     nodeshift.local. root.nodeshift.local. (
                              1         ; Serial (increment after each change)
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
; NS record for reverse zone
@       IN      NS      bindserver.nodeshift.local.
; A record for name server
bindserver      IN      A       <YOUR_SERVER_IP>
; PTR record for name server
2   IN      PTR     bindserver.nodeshift.local
; PTR record for clients
3   IN      PTR     client1.nodeshift.local
4   IN      PTR     client2.nodeshift.local
Enter fullscreen mode Exit fullscreen mode

the file should look similar to this:

Image-step10-3

c) Check configuration with named-checkzone

named-checkzone nodeshift.local /etc/bind/zones/reverse.nodeshit.rev
Enter fullscreen mode Exit fullscreen mode

Output:

Image-step10-4

3) Restart BIND 9 server

Once you're done with the above zone files configurations, restart the server for changes to take effect.

systemctl restart bind9
Enter fullscreen mode Exit fullscreen mode

Step 11: Configure Clients for using BIND DNS

Now, when our private BIND DNS is configured, let's configure clients to use the server.

1) Check the interface

(replace <YOUR_SERVER_IP> with your server's IP address)

ip -brief addr show to <YOUR_SERVER_IP>/24
Enter fullscreen mode Exit fullscreen mode

Output:

Image-step11-1

As shown, enp0s5 is the interface in our case.

2) Configure Netplan

Next, configure netplan YAML file to include settings concerning the DNS server.

a) Move inside /etc/netplan and type ls to see the file name

Output:

Image-step11-2

b) Open the file (shown in the above output)

Come back to the root directory and open the YAML file using Nano

sudo nano /etc/netplan/50-cloud-init.yaml
Enter fullscreen mode Exit fullscreen mode

c) Make the necessary edits as per the below template

network:
    version: 2
    ethernets:
        enp0s5:
            addresses:
            - 192.168.2.3/24 # IP of client1
            - 192.168.2.4/24 # IP of client2
            match:
                macaddress: ca:06:71:90:38:f9
            mtu: 1500
            nameservers:
                addresses:
                - 192.168.2.2   # Private DNS server IP
                search: [ nodeshift.local ]  # Domain name of your private DNS
            set-name: enp0s5
Enter fullscreen mode Exit fullscreen mode

this is how the edited file looks:

3) Test the configuration

Once the configuration is done, test it with the command below:

netplan try
Enter fullscreen mode Exit fullscreen mode

It will ask you to accept the changes, press ENTER, and it's done!

Image-step11-3

Step 12: Test the DNS Server

Since our configuration is done, it is recommended to test the server with the following example commands to verify if it is looking up correctly:

  • nslookup client1

  • nslookup client2

  • nslookup bindserver

  • nslookup client1.nodeshift.local

  • nslookup client2.nodeshift.local

  • nslookup bindserver.nodeshift.local

Below is the output we got after using some of the above commands:

nslookup client1
Enter fullscreen mode Exit fullscreen mode

Output:

Image-step12-1

nslookup client2
Enter fullscreen mode Exit fullscreen mode

Output:

Image-step12-2

nslookup bindserver
Enter fullscreen mode Exit fullscreen mode

Output:

Image-step12-3

Conclusion

Setting up a private BIND DNS server is essential in managing domain name resolution for your internal network. In this tutorial, we’ve walked you through configuring BIND 9, forward and reverse zones, ensuring your private DNS is set up properly. By deploying this setup on NodeShift's cloud platform, we took advantage of a high-performance virtual machine, which simplified our deployment process and also provided a reliable foundation for deploying critical services like DNS servers.

For more information about NodeShift:

dns Article's
30 articles in total
Favicon
Building and Deploying a New API (Part 3)
Favicon
Configuring a custom domain for your Azure Static Web App
Favicon
āļ§āļīāļ˜āļĩāļ•āļīāļ”āļ•āļąāđ‰āļ‡āđāļĨāļ°āļāļģāļŦāļ™āļ”āļ„āđˆāļēāđ€āļšāļ·āđ‰āļ­āļ‡āļ•āđ‰āļ™āļŠāļģāļŦāļĢāļąāļšāđ€āļ‹āļīāļĢāđŒāļŸāđ€āļ§āļ­āļĢāđŒ DNS āļšāļ™ Ubuntu 22.04 LTS āđāļšāļšāļ‡āđˆāļēāļĒ āđ†
Favicon
Email Verifier using Go
Favicon
What are DNS records?
Favicon
How to understand the ins and outs of how DNS really works.
Favicon
How to Simplify DNS Management in a Multi-Account Environment with Route 53 Resolver
Favicon
How to Add an Elastic (Static) IP to Your EC2 Instance And Update Your DNS Records on Route53
Favicon
DNS Spoofing: Controlling DNS Requests on the Network
Favicon
DHCP dinamik DNS gÞncellemesi
Favicon
Migrate a hosted zone to a different AWS account in few seconds!!
Favicon
Explaining DNS NXDOMAIN status in SOA Record Type: On Non-Existing Domains
Favicon
Instant Domain Insights: Why Every Tech Professional Needs DNS Checker Pro
Favicon
Automating DNS Management in Kubernetes with ExternalDNS
Favicon
DNS-load-balancing
Favicon
Verify your Bluesky or Mastodon account on your own domain, with a free website!
Favicon
How to Install and Configure a Private BIND DNS Server on Ubuntu 22.04
Favicon
How to Add DNS Records for Your Domain in Route53
Favicon
AWS S3 Change Url, Proxy Url, Map to Domain in 2024
Favicon
From WHOIS to SSL: How DNS Checker Pro Unveils the Hidden Details of Any Website
Favicon
Automating AWS DNS Firewall Domain List Updates Using S3, Lambda, and CLI
Favicon
Explaining CAA DNS Record
Favicon
Mastering DNS Spoofing with Bettercap: A Comprehensive Guide
Favicon
Issue 65 of AWS Cloud Security Weekly
Favicon
Unlocking the Internet's Address Book: DNS Roots Explained!
Favicon
I bought us-east-1.com: A Look at Security, DNS Traffic, and Protecting AWS Users
Favicon
Unlocking the Power of AWS Route 53: Your Complete Guide to DNS Management
Favicon
DNS: More Than Just a Web Directory
Favicon
Automating DNS with Confidence: Terraform + DNScontrol
Favicon
"Message Not Delivered" - What to Do When Your Email Bounces Back?

Featured ones: