fir3net

PPS-Firenetbanner-780.5x190-30-03-17

How to Configure a BIND Server on Ubuntu

Contents[Hide]

Introduction

Within this article, we will configure a BIND server within Ubuntu. The advantages of having a local DNS server include:

  • Reduced latency to DNS requests/responses
  • Ability to add private addresses and full flexibility of zone names. Especially useful for VMware installations.

It is important to note that the steps provided, are based on a quick setup. Due to this, no security measures have been implemented and also no master/slave DNS setup is built. 

Install BIND

First of all, we install the required packages.

sudo apt-get -y update
sudo apt-get -y install bind9 bind9utils bind9-doc

Configure BIND

Next, we configure our BIND configuration file. Like so. The key additions here are the DNS forwarders, which are configured to forward any DNS queries to Google DNS. This will occur in the event that our DNS server is unable to answer the DNS query itself.

root@service-host:~# cat /etc/bind/named.conf.options
options {
        directory "/var/cache/bind";
        recursion yes;

        allow-recursion { any; };
        allow-query { any; };
        allow-query-cache { any; };
        
        forwarders {
                8.8.8.8;
                8.8.4.4;
        };
        auth-nxdomain no;
        dnssec-validation auto;
};

Point BIND to Zones

Next, we configure and instruct BIND where it can find each forward and reverse BIND file.

root@service-host:~# cat /etc/bind/named.conf.local
zone "donatolabs.net" {
        type master;
        file "/etc/bind/db.donatolabs.net";
};

zone "102.168.192.in-addr.arpa" {
        type master;
        file "/etc/bind/db.192";
};

zone "236.29.172.in-addr.arpa" {
        type master;
        file "/etc/bind/db.172";
};

Add Reverse Zones

We are now at the stage we can start adding our zones. First, we add the reverse DNS zones. 

root@service-host:~# cat /etc/bind/db.192
$TTL    604800
@ IN SOA ns.donatolabs.net. root.ns.donatolabs.net. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@      IN      NS     ns.
8     IN      PTR     vcenter.donatolabs.net.
9     IN      PTR     nsxmgr.donatolabs.net.
root@service-host:~# cat /etc/bind/db.172
$TTL    604800
@ IN SOA ns.donatolabs.net. root.ns.donatolabs.net. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@      IN      NS     ns.
138    IN      PTR    esx1.donatolabs.net.

Add Forward Zones

The forward zone is next added.

root@service-host:~# cat /etc/bind/db.donatolabs.net
; BIND data file for local loopback interface
;
$TTL    604800
@ IN SOA ns.donatolabs.net. root.ns.donatolabs.net. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      ns.donatolabs.net.
@       IN      A       172.29.236.139
@       IN      AAAA    ::1
ns      IN      A       172.29.236.139
esx1    IN      A       172.29.236.138
vcenter IN      A       192.168.102.8
nsxmgr  IN      A       192.168.102.9

Restart BIND

We restart BIND, so all of our changes take effect.

service bind9 restart

Check Zones

To ensure the syntax of our zone files is correct, we run the command named-checkzone.

named-checkzone 236.29.172.in-addr.arpa /etc/bind/zones/db.172
named-checkzone donatolabs.net db.172.236

Test DNS Lookups

And finally, to ensure everything is fully we run a series of nslookups. 

// Reverse DNS lookup

root@service-host:~# nslookup 172.29.236.138 172.29.236.139 Server: UnKnown
Address: 172.29.236.139 138.236.29.172.in-addr.arpa name = esx1.donatolabs.net.
// Forward DNS lookup
root@service-host:~# nslookup esx1.donatolabs.net 172.29.236.139 Server: UnKnown
Address: 172.29.236.139 Name: esx1.donatolabs.net Address: 172.29.236.138
// Test Forwarders

C:\Users\donato>nslookup fir3net.com 172.29.236.139
Server: UnKnown
Address: 172.29.236.139
Non-authoritative answer:
Name: fir3net.com
Addresses: 2a02:e980:16::62
2a02:e980:15::62
199.83.131.98
199.83.129.98

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as an SDN/NFV Solutions Architect and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001