Table of Contents
Introduction
Within this article, we will configure a BIND server within Ubuntu. The advantages of having a local DNS server include:
- Reduced latency to DNS requests/responses
- Ability to add private addresses and full flexibility of zone names. Especially useful for VMware installations.
It is important to note that the steps provided, are based on a quick setup. Due to this, no security measures have been implemented and also no master/slave DNS setup is built.
Install BIND
First of all, we install the required packages.
sudo apt-get -y update sudo apt-get -y install bind9 bind9utils bind9-doc
Configure BIND
Next, we configure our BIND configuration file like so. The key additions here are the DNS forwarders, which are configured to forward any DNS queries to Google DNS. This will occur in the event that our DNS server is unable to answer the DNS query itself.
root@service-host:~# cat /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
recursion yes;
allow-recursion { any; };
allow-query { any; };
allow-query-cache { any; };
forwarders {
8.8.8.8;
8.8.4.4;
};
auth-nxdomain no;
dnssec-validation auto;
};
Point BIND to Zones
Next, we configure and instruct BIND where it can find each forward and reverse BIND file.
root@service-host:~# cat /etc/bind/named.conf.local
zone "donatolabs.net" {
type master;
file "/etc/bind/db.donatolabs.net";
};
zone "102.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.192";
};
zone "236.29.172.in-addr.arpa" {
type master;
file "/etc/bind/db.172";
};Add Reverse Zones
We are now at the stage we can start adding our zones. First, we add the reverse DNS zones.
root@service-host:~# cat /etc/bind/db.192
$TTL 604800
@ IN SOA ns.donatolabs.net. root.ns.donatolabs.net. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns.
8 IN PTR vcenter.donatolabs.net.
9 IN PTR nsxmgr.donatolabs.net.root@service-host:~# cat /etc/bind/db.172
$TTL 604800
@ IN SOA ns.donatolabs.net. root.ns.donatolabs.net. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns.
138 IN PTR esx1.donatolabs.net.Add Forward Zones
The forward zone is next added.
root@service-host:~# cat /etc/bind/db.donatolabs.net
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA ns.donatolabs.net. root.ns.donatolabs.net. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns.donatolabs.net.
@ IN A 172.29.236.139
@ IN AAAA ::1
ns IN A 172.29.236.139
esx1 IN A 172.29.236.138
vcenter IN A 192.168.102.8
nsxmgr IN A 192.168.102.9Restart BIND
We restart BIND, so all of our changes take effect.
service bind9 restart
Check Zones
To ensure the syntax of our zone files is correct, we run the command named-checkzone.
named-checkzone 236.29.172.in-addr.arpa /etc/bind/zones/db.172 named-checkzone donatolabs.net db.172.236
Test DNS Lookups
And finally, to ensure everything is fully we run a series of nslookups.
// Reverse DNS lookup
root@service-host:~# nslookup 172.29.236.138 172.29.236.139 Server: UnKnown
Address: 172.29.236.139 138.236.29.172.in-addr.arpa name = esx1.donatolabs.net.
// Forward DNS lookup root@service-host:~# nslookup esx1.donatolabs.net 172.29.236.139 Server: UnKnown Address: 172.29.236.139 Name: esx1.donatolabs.net Address: 172.29.236.138
// Test Forwarders C:\Users\donato>nslookup www.fir3net.com 172.29.236.139 Server: UnKnown Address: 172.29.236.139 Non-authoritative answer: Name: www.fir3net.com Addresses: 2a02:e980:16::62 2a02:e980:15::62 199.83.131.98 199.83.129.98
- How to Configure a BIND Server on Ubuntu - March 15, 2018
- What is a BGP Confederation? - March 6, 2018
- Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018
Want to become a Linux expert?
Here is our hand-picked selection of the best courses you can find online:
Linux Mastery course
Linux Administration Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial