×
Community Blog How to Setup DNS server using Bind9 on Ubuntu 16.04

How to Setup DNS server using Bind9 on Ubuntu 16.04

In this tutorial, we will set up a Domain Name System (DNS) server using BIND9 on an Alibaba Cloud ECS with Ubuntu 16.04.

Join us at the Alibaba Cloud ACtivate Online Conference on March 5-6 to challenge assumptions, exchange ideas, and explore what is possible through digital transformation.

By Hitesh Jethva, Alibaba Cloud Tech Share Author. Tech Share is Alibaba Cloud's incentive program to encourage the sharing of technical knowledge and best practices within the cloud community.

DNS (Domain Name System) is an internet service that can be used to translate the user-friendly domain into computer-friendly IP addresses. You can also perform reverse translation i.e. from IP addresses to domain name translations using DNS. BIND also known as a Berkeley Internet Name Domain is an open source implementation of DNS. BIND allows you to publish DNS information on the internet and resolve DNS queries for the users. BIND is one of the most widely used DNS software around the world. Putting a DNS server on a network is a great way to improve the management of your servers and desktop systems. You can configure different views in a single BIND server. This allows you to give internal and external users different views of your DNS data, keeping some DNS information private. BIND comes with wide range of features including, TSIG, nsupdate, IPv6, rndc, views, multiprocessor support, Response Rate Limiting (RRL), DNSSEC, Split DNS, DNSSEC Validation and much more.

In this tutorial, we will go through how to set up a Domain Name System (DNS) server using BIND9 on an Alibaba Cloud Elastic Compute Service (ECS) Ubuntu 16.04 server.

Prerequisites

  1. A fresh Alibaba Cloud Ubuntu 16.04 instance.
  2. A static IP address 192.168.0.102 setup in your instance.
  3. A root password is set up to your instance.

Launch Alibaba Cloud ECS Instance

First, log in to your Alibaba Cloud ECS Console. Create a new ECS instance, choosing Ubuntu 16.04 as the operating system with at least 2GB RAM. Connect to your ECS instance and log in as the root user.

Once you are logged into your Ubuntu 16.04 instance, run the following command to update your base system with the latest available packages.

apt-get update -y

Install BIND 9

By default, BIND 9 is available in the Ubuntu 16.04 default repository. You can easily install it by just running the following command:

apt-get install bind9 bind9utils bind9-doc dnsutils -y

After installing BIND 9, you will need to set BIND to IPv4 mode. You can do this by editing /etc/systemd/system/bind9.service file:

nano /etc/systemd/system/bind9.service

Make the following changes:

[Service]
ExecStart=/usr/sbin/named -f -u bind -4

Save and close the file. Then, reload the systemd daemon to read the new configuration into the running system:

systemctl daemon-reload

Next, restart BIND service to apply the changes:

systemctl restart bind9

Configure BIND 9

All the configuration files for BIND 9 are located inside /etc/bind directory. First, you will need to edit /etc/bind/named.conf.options file and add forwarders. Forwarders. DNS query will be forwarded to the forwarders when your local DNS server is unable to resolve the query.

nano /etc/bind/named.conf.options

Add the following lines:

         forwarders {
                8.8.8.8;
         };

Save and close the file. Then, you will need to configure /etc/bind/named.conf.local file. This file will be used to define the zone for your domain.

nano /etc/bind/named.conf.local

Add the following lines:

// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "example.com" {
 type master;
 file "/etc/bind/forward.example.com";
};
zone "0.168.192.in-addr.arpa" {
 type master;
 file "/etc/bind/reverse.example.com";
};

Save and close the file, when you are finished.

Configure Forward and Reverse Lookup Zone

Next, you will need to configure forward and reverse lookup zone for your domain. A forward lookup zone is a DNS zone in which hostname to IP address relations is stored. When a computer asks the IP address of a specific hostname, the forward lookup zone is checked and the desired result is returned.

A reverse lookup zone is the opposite of a forward lookup zone. It returns the fully qualified domain name of a host based on its IP address.

Here, we will use test.example.com as a private Fully-Qualified Domain Name.

First, change the directory to the /etc/bind with the following command:

cd /etc/bind/

Next, copy the sample forward and reverse lookup zone file with the following command:

cp db.127 reverse.example.com
cp db.local forward.example.com

Next, open the forward lookup zone file:

nano /etc/bind/forward.example.com

Make the following changes:

$TTL    604800
@       IN      SOA     test.example.com. root.test.example.com. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
@       IN      NS      test.example.com.
test    IN      A       192.168.0.102
www     IN      A       192.168.0.102
@       IN      AAAA    ::1

Save and close the file. Then, open reverse lookup zone file:

nano /etc/bind/reverse.example.com

Make the following changes:

$TTL    604800
@       IN      SOA     test.example.com. root.test.example.com. (
                              1
                         604800
                          86400
                        2419200
                         604800 )
@       IN      NS      test.example.com.
test    IN      A       192.168.0.102
102       IN      PTR     test.example.com.

Save and close the file. Then, open /etc/resolv.conf file:

nano /etc/resolv.conf

Add the following lines:

search example.com
nameserver 192.168.0.102

Save and close the file. Then, restart BIND 9 service to apply the changes:

systemctl restart bind9

Next, check the forward and reverse lookup zone file for any syntax error with the following command:

named-checkzone forward.example forward.example.com 

If everything is fine. You should see the following output:

zone forward.example/IN: loaded serial 2
OK

Next, check the reverse lookup zone file:

named-checkzone reverse.example reverse.example.com

If everything is fine. You should see the following output:

zone reverse.example/IN: loaded serial 1
OK

Test BIND 9 DNS Server

BIND 9 is now configured. It's time to check whether it is working or not.

Here, we will use the dig command line tool to check DNS & its related information with the following command:

dig test.example.com

You should see the following output:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> test.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46893
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test.example.com.        IN    A

;; ANSWER SECTION:
test.example.com.    604800    IN    A    192.168.0.102

;; AUTHORITY SECTION:
example.com.        604800    IN    NS    test.example.com.

;; Query time: 0 msec
;; SERVER: 192.168.0.102#53(192.168.0.102)
;; WHEN: Sun Sep 16 14:23:46 IST 2018
;; MSG SIZE  rcvd: 75

Now, test using the reverse lookup query as shown below:

dig -x 192.168.0.102

Output:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> -x 192.168.0.102
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3223
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;102.0.168.192.in-addr.arpa.    IN    PTR

;; AUTHORITY SECTION:
0.168.192.in-addr.arpa.    604800    IN    SOA    test.example.com. root.test.example.com. 1 604800 86400 2419200 604800

;; Query time: 1 msec
;; SERVER: 192.168.0.102#53(192.168.0.102)
;; WHEN: Sun Sep 16 14:32:34 IST 2018
;; MSG SIZE  rcvd: 112

You can also use nslookup command against your DNS server to confirm the output of dig command:

nslookup test.example.com

You should see the following output:

Server:        192.168.0.102
Address:    192.168.0.102#53

Name:    test.example.com
Address: 192.168.0.102

Next, use nslookup command against your DNS server IP address:

nslookup 192.168.0.102

You should see the following output:

Server:         192.168.0.102
Address:        192.168.0.102#53
102.0.168.192.in-addr.arpa name = example.com.

That's it! You have successfully installed and configured BIND 9 on Alibaba Cloud Elastic Compute Service (ECS) Ubuntu 16.04 server.

1 0 0
Share on

Alibaba Clouder

2,599 posts | 764 followers

You may also like

Comments

5265494169759761 November 22, 2020 at 4:11 am

How to configure reverse lookup file if we have multi domain in one dns server ?