Join us at the Alibaba Cloud ACtivate Online Conference on March 5-6 to challenge assumptions, exchange ideas, and explore what is possible through digital transformation.
By Hitesh Jethva, Alibaba Cloud Tech Share Author. Tech Share is Alibaba Cloud's incentive program to encourage the sharing of technical knowledge and best practices within the cloud community.
DNS (Domain Name System) is an internet service that can be used to translate the user-friendly domain into computer-friendly IP addresses. You can also perform reverse translation i.e. from IP addresses to domain name translations using DNS. BIND also known as a Berkeley Internet Name Domain is an open source implementation of DNS. BIND allows you to publish DNS information on the internet and resolve DNS queries for the users. BIND is one of the most widely used DNS software around the world. Putting a DNS server on a network is a great way to improve the management of your servers and desktop systems. You can configure different views in a single BIND server. This allows you to give internal and external users different views of your DNS data, keeping some DNS information private. BIND comes with wide range of features including, TSIG, nsupdate, IPv6, rndc, views, multiprocessor support, Response Rate Limiting (RRL), DNSSEC, Split DNS, DNSSEC Validation and much more.
In this tutorial, we will go through how to set up a Domain Name System (DNS) server using BIND9 on an Alibaba Cloud Elastic Compute Service (ECS) Ubuntu 16.04 server.
First, log in to your Alibaba Cloud ECS Console. Create a new ECS instance, choosing Ubuntu 16.04 as the operating system with at least 2GB RAM. Connect to your ECS instance and log in as the root user.
Once you are logged into your Ubuntu 16.04 instance, run the following command to update your base system with the latest available packages.
apt-get update -y
By default, BIND 9 is available in the Ubuntu 16.04 default repository. You can easily install it by just running the following command:
apt-get install bind9 bind9utils bind9-doc dnsutils -y
After installing BIND 9, you will need to set BIND to IPv4 mode. You can do this by editing /etc/systemd/system/bind9.service file:
nano /etc/systemd/system/bind9.service
Make the following changes:
[Service]
ExecStart=/usr/sbin/named -f -u bind -4
Save and close the file. Then, reload the systemd daemon to read the new configuration into the running system:
systemctl daemon-reload
Next, restart BIND service to apply the changes:
systemctl restart bind9
All the configuration files for BIND 9 are located inside /etc/bind directory. First, you will need to edit /etc/bind/named.conf.options file and add forwarders. Forwarders. DNS query will be forwarded to the forwarders when your local DNS server is unable to resolve the query.
nano /etc/bind/named.conf.options
Add the following lines:
forwarders {
8.8.8.8;
};
Save and close the file. Then, you will need to configure /etc/bind/named.conf.local file. This file will be used to define the zone for your domain.
nano /etc/bind/named.conf.local
Add the following lines:
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "example.com" {
type master;
file "/etc/bind/forward.example.com";
};
zone "0.168.192.in-addr.arpa" {
type master;
file "/etc/bind/reverse.example.com";
};
Save and close the file, when you are finished.
Next, you will need to configure forward and reverse lookup zone for your domain. A forward lookup zone is a DNS zone in which hostname to IP address relations is stored. When a computer asks the IP address of a specific hostname, the forward lookup zone is checked and the desired result is returned.
A reverse lookup zone is the opposite of a forward lookup zone. It returns the fully qualified domain name of a host based on its IP address.
Here, we will use test.example.com as a private Fully-Qualified Domain Name.
First, change the directory to the /etc/bind with the following command:
cd /etc/bind/
Next, copy the sample forward and reverse lookup zone file with the following command:
cp db.127 reverse.example.com
cp db.local forward.example.com
Next, open the forward lookup zone file:
nano /etc/bind/forward.example.com
Make the following changes:
$TTL 604800
@ IN SOA test.example.com. root.test.example.com. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
@ IN NS test.example.com.
test IN A 192.168.0.102
www IN A 192.168.0.102
@ IN AAAA ::1
Save and close the file. Then, open reverse lookup zone file:
nano /etc/bind/reverse.example.com
Make the following changes:
$TTL 604800
@ IN SOA test.example.com. root.test.example.com. (
1
604800
86400
2419200
604800 )
@ IN NS test.example.com.
test IN A 192.168.0.102
102 IN PTR test.example.com.
Save and close the file. Then, open /etc/resolv.conf file:
nano /etc/resolv.conf
Add the following lines:
search example.com
nameserver 192.168.0.102
Save and close the file. Then, restart BIND 9 service to apply the changes:
systemctl restart bind9
Next, check the forward and reverse lookup zone file for any syntax error with the following command:
named-checkzone forward.example forward.example.com
If everything is fine. You should see the following output:
zone forward.example/IN: loaded serial 2
OK
Next, check the reverse lookup zone file:
named-checkzone reverse.example reverse.example.com
If everything is fine. You should see the following output:
zone reverse.example/IN: loaded serial 1
OK
BIND 9 is now configured. It's time to check whether it is working or not.
Here, we will use the dig command line tool to check DNS & its related information with the following command:
dig test.example.com
You should see the following output:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> test.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46893
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test.example.com. IN A
;; ANSWER SECTION:
test.example.com. 604800 IN A 192.168.0.102
;; AUTHORITY SECTION:
example.com. 604800 IN NS test.example.com.
;; Query time: 0 msec
;; SERVER: 192.168.0.102#53(192.168.0.102)
;; WHEN: Sun Sep 16 14:23:46 IST 2018
;; MSG SIZE rcvd: 75
Now, test using the reverse lookup query as shown below:
dig -x 192.168.0.102
Output:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> -x 192.168.0.102
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3223
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;102.0.168.192.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
0.168.192.in-addr.arpa. 604800 IN SOA test.example.com. root.test.example.com. 1 604800 86400 2419200 604800
;; Query time: 1 msec
;; SERVER: 192.168.0.102#53(192.168.0.102)
;; WHEN: Sun Sep 16 14:32:34 IST 2018
;; MSG SIZE rcvd: 112
You can also use nslookup command against your DNS server to confirm the output of dig command:
nslookup test.example.com
You should see the following output:
Server: 192.168.0.102
Address: 192.168.0.102#53
Name: test.example.com
Address: 192.168.0.102
Next, use nslookup command against your DNS server IP address:
nslookup 192.168.0.102
You should see the following output:
Server: 192.168.0.102
Address: 192.168.0.102#53
102.0.168.192.in-addr.arpa name = example.com.
That's it! You have successfully installed and configured BIND 9 on Alibaba Cloud Elastic Compute Service (ECS) Ubuntu 16.04 server.
Trends and Innovations of Image Search in the Retail Industry
December and January Announcement of Alibaba Cloud Community Builder Program
2,599 posts | 764 followers
Followfrancisndungu - October 19, 2018
Alibaba Clouder - April 23, 2019
Alibaba Clouder - June 11, 2019
Alibaba Clouder - May 22, 2018
Alibaba Clouder - November 28, 2017
Alibaba Clouder - February 18, 2019
2,599 posts | 764 followers
FollowElastic and secure virtual cloud servers to cater all your cloud hosting needs.
Learn MoreAlibaba Cloud DNS is an authoritative high-availability and secure domain name resolution and management service.
Learn MoreMarketplace is an online market for users to search and quickly use the software as image for Alibaba Cloud products.
Learn MoreMore Posts by Alibaba Clouder
5265494169759761 November 22, 2020 at 4:11 am
How to configure reverse lookup file if we have multi domain in one dns server ?