How to Configure a BIND Server on Ubuntu

Introduction

Within this article, we will configure a BIND server within Ubuntu. The advantages of having a local DNS server include:

  • Reduced latency to DNS requests/responses
  • Ability to add private addresses and full flexibility of zone names. Especially useful for VMware installations.

It is important to note that the steps provided, are based on a quick setup. Due to this, no security measures have been implemented and also no master/slave DNS setup is built.

Install BIND

First of all, we install the required packages.

sudo apt-get -y update
sudo apt-get -y install bind9 bind9utils bind9-doc

Configure BIND

Next, we configure our BIND configuration file like so. The key additions here are the DNS forwarders, which are configured to forward any DNS queries to Google DNS. This will occur in the event that our DNS server is unable to answer the DNS query itself.

root@service-host:~# cat /etc/bind/named.conf.options
options {
        directory "/var/cache/bind";
        recursion yes;

        allow-recursion { any; };
        allow-query { any; };
        allow-query-cache { any; };
        
        forwarders {
                8.8.8.8;
                8.8.4.4;
        };
        auth-nxdomain no;
        dnssec-validation auto;
};

Point BIND to Zones

Next, we configure and instruct BIND where it can find each forward and reverse BIND file.

root@service-host:~# cat /etc/bind/named.conf.local
zone "donatolabs.net" {
        type master;
        file "/etc/bind/db.donatolabs.net";
};

zone "102.168.192.in-addr.arpa" {
        type master;
        file "/etc/bind/db.192";
};

zone "236.29.172.in-addr.arpa" {
        type master;
        file "/etc/bind/db.172";
};

Add Reverse Zones

We are now at the stage we can start adding our zones. First, we add the reverse DNS zones.

root@service-host:~# cat /etc/bind/db.192
$TTL    604800
@ IN SOA ns.donatolabs.net. root.ns.donatolabs.net. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@      IN      NS     ns.
8     IN      PTR     vcenter.donatolabs.net.
9     IN      PTR     nsxmgr.donatolabs.net.
root@service-host:~# cat /etc/bind/db.172
$TTL    604800
@ IN SOA ns.donatolabs.net. root.ns.donatolabs.net. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@      IN      NS     ns.
138    IN      PTR    esx1.donatolabs.net.

Add Forward Zones

The forward zone is next added.

root@service-host:~# cat /etc/bind/db.donatolabs.net
; BIND data file for local loopback interface
;
$TTL    604800
@ IN SOA ns.donatolabs.net. root.ns.donatolabs.net. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      ns.donatolabs.net.
@       IN      A       172.29.236.139
@       IN      AAAA    ::1
ns      IN      A       172.29.236.139
esx1    IN      A       172.29.236.138
vcenter IN      A       192.168.102.8
nsxmgr  IN      A       192.168.102.9

Restart BIND

We restart BIND, so all of our changes take effect.

service bind9 restart

Check Zones

To ensure the syntax of our zone files is correct, we run the command named-checkzone.

named-checkzone 236.29.172.in-addr.arpa /etc/bind/zones/db.172 named-checkzone donatolabs.net db.172.236

Test DNS Lookups

And finally, to ensure everything is fully we run a series of nslookups.

// Reverse DNS lookup

root@service-host:~# nslookup 172.29.236.138 172.29.236.139 Server: UnKnown
Address: 172.29.236.139 138.236.29.172.in-addr.arpa name = esx1.donatolabs.net.

// Forward DNS lookup
 root@service-host:~# nslookup esx1.donatolabs.net 172.29.236.139 Server: UnKnown
Address: 172.29.236.139  Name:   esx1.donatolabs.net Address: 172.29.236.138
// Test Forwarders
C:\Users\donato>nslookup www.fir3net.com 172.29.236.139
Server: UnKnown
Address: 172.29.236.139
Non-authoritative answer:
Name: www.fir3net.com
Addresses: 2a02:e980:16::62
2a02:e980:15::62
199.83.131.98
199.83.129.98
Rick Donato

Want to become a Linux expert?

Here is our hand-picked selection of the best courses you can find online:
Linux Mastery course
Linux Administration Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial