How To Configure DNS Server On Debian 10 / Debian 9

0
Configure DNS Server On Debian 10
Configure DNS Server On Debian 10

Domain Name System (in short, DNS) is an internet service that is used to resolve Domain Name to IP Address and vice versa.

BIND (Berkeley Internet Name Domain) provides the functionality of the name to ip conversion.

This post will help you configure DNS server on Debian 10 / Debian 9.

THIS DOCUMENT IS ALSO AVAILABLE FOR

Environment

Domain Name: itzgeek.local
ns1.itzgeek.local 192.168.0.10 Master DNS Server

Prerequisites

Update the repository index.

sudo apt-get update

Make sure the DNS server has a static IP address.

READ: How to configure static ip address in Debian

Install DNS Server

The package name of the DNS server in Debian is bind9 and is available in the base repository. You can use apt command to install bind9 package.

sudo apt-get install -y bind9 bind9utils bind9-doc dnsutils

Configure DNS Server

The /etc/bind/ is the configuration directory of bind9, holds configuration files and zone lookup files. The global configuration file is /etc/bind/named.conf.

Create Zones

Let us begin by creating a forward zone for your domain.

You should not use the global configuration file for the local DNS zone rather you can use /etc/bind/named.conf.local file.

sudo nano /etc/bind/named.conf.local

Forward Zone

The following is the forward zone entry for the itzgeek.local domain in the named.conf.local file.

zone "itzgeek.local" IN { //Domain name

     type master; //Primary DNS

     file "/etc/bind/forward.itzgeek.local.db"; //Forward lookup file

     allow-update { none; }; // Since this is the primary DNS, it should be none.

};

Reverse Zone

The following is for the reverse zone in the named.conf.local file.

zone "0.168.192.in-addr.arpa" IN { //Reverse lookup name, should match your network in reverse order

     type master; // Primary DNS

     file "/etc/bind/reverse.itzgeek.local.db"; //Reverse lookup file

     allow-update { none; }; //Since this is the primary DNS, it should be none.

};

Create Zone lookup file

Once zones are created, you can go ahead and create zone data files for the forward zone and reverse zone.

Forward Zone

Copy the sample entries to zone file called forward.itzgeek.local.db for the forward zone under /etc/bind directory.

Record types in the zone file,

SOA – Start of Authority
NS – Name Server
A – A record
MX – Mail for Exchange
CN – Canonical Name

Domain names should end with a dot (.).

sudo cp /etc/bind/db.local /etc/bind/forward.itzgeek.local.db

Edit the zone.

sudo nano /etc/bind/forward.itzgeek.local.db

Update the content as shown below.

Whenever you change any records in the lookup file, make sure you update the serial number to some random number, higher than current.
;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     ns1.itzgeek.local. root.itzgeek.local. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
; Commentout below three lines
;@      IN      NS      localhost.
;@      IN      A       127.0.0.1
;@      IN      AAAA    ::1

;Name Server Information

@       IN      NS      ns1.itzgeek.local.

;IP address of Name Server

ns1     IN      A       192.168.0.10

;Mail Exchanger

itzgeek.local.   IN     MX   10   mail.itzgeek.local.

;A – Record HostName To Ip Address

www     IN       A      192.168.0.100
mail    IN       A      192.168.0.150

;CNAME record

ftp     IN      CNAME   www.itgeek.local.

Reverse Zone

Copy the sample entries to zone file called reverse.itzgeek.local.db for the reverse zone under /etc/bind directory and create reverse pointers for the above forward zone records.

PTR – Pointer
SOA – Start of Authority

sudo cp /etc/bind/db.127 /etc/bind/reverse.itzgeek.local.db

Edit the reverse zone file.

sudo nano /etc/bind/reverse.itzgeek.local.db

Update the content as shown below.

Whenever you change any records in the lookup file, make sure you update the serial number to some random number, higher than current.
;
; BIND reverse data file for local loopback interface
;
$TTL    604800
@       IN      SOA     itzgeek.local. root.itzgeek.local. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
; Commentout below two lines

;@      IN      NS      localhost.
;1.0.0  IN      PTR     localhost.

;Name Server Information

@       IN      NS     ns1.itzgeek.local.

;Reverse lookup for Name Server

10      IN      PTR    ns1.itzgeek.local.

;PTR Record IP address to HostName

100     IN      PTR    www.itzgeek.local.
150     IN      PTR    mail.itzgeek.local.

Check BIND Configuration Syntax

Use named-checkconf command to check the syntax of named.conf* files for any errors.

sudo named-checkconf

Command will return to the shell if there are no errors.

Also, you can use named-checkzone to check the syntax errors in zone files.

Forward Zone

sudo named-checkzone itzgeek.local /etc/bind/forward.itzgeek.local.db

Output:

zone itzgeek.local/IN: loaded serial 2
OK

Reverse Zone

sudo named-checkzone 0.168.192.in-addr.arpa /etc/bind/reverse.itzgeek.local.db

Output:

zone 0.168.192.in-addr.arpa/IN: loaded serial 2
OK

Restart bind service.

sudo systemctl restart bind9

Check the status of the bind9 service.

sudo systemctl status bind9

Verify DNS

Go to any client machine and add our new DNS server IP Address in /etc/resolv.conf file.

sudo nano /etc/resolv.conf

Make an entry like below.

nameserver 192.168.0.10

OR

Read the below tutorial to set DNS server IP in Linux.

READ: How to Set DNS IP address in CentOS / Fedora

READ: How to Set DNS IP address in Ubuntu / Debian – ifupdown

READ: How To Set DNS IP Address in Ubuntu 18.04 – Netplan

You can either use nslookup or dig command to verify the DNS server.

Use the dig command to verify the forward lookup.

dig www.itzgeek.local

If you get command not found, install bind-utils on Red Hat derivatives or dnsutils on the Debian derivatives package.

Output:

; <<>> DiG 9.11.5-P4-5.1-Debian <<>> www.itzgeek.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41979
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: c51856f159ddf40dadc13b835e1024a996e2a306d7888afe (good)
;; QUESTION SECTION:
;www.itzgeek.local.             IN      A

;; ANSWER SECTION:
www.itzgeek.local.      604800  IN      A       192.168.0.100

;; AUTHORITY SECTION:
itzgeek.local.          604800  IN      NS      ns1.itzgeek.local.

;; ADDITIONAL SECTION:
ns1.itzgeek.local.      604800  IN      A       192.168.0.10

;; Query time: 1 msec
;; SERVER: 192.168.0.10#53(192.168.0.10)
;; WHEN: Sat Jan 04 05:37:45 UTC 2020
;; MSG SIZE  rcvd: 124

The DNS server’s answer for the forward lookup www.itzgeek.local is 192.168.0.100.

Confirm the reverse lookup with dig command.

dig -x 192.168.0.100

Output:

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> -x 192.168.0.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33889
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 9806a5ee8f6645c178aa65b25e102530e49ae9a15456fbe1 (good)
;; QUESTION SECTION:
;100.0.168.192.in-addr.arpa.    IN      PTR

;; ANSWER SECTION:
100.0.168.192.in-addr.arpa. 604800 IN   PTR     www.itzgeek.local.

;; AUTHORITY SECTION:
0.168.192.in-addr.arpa. 604800  IN      NS      ns1.itzgeek.local.

;; ADDITIONAL SECTION:
ns1.itzgeek.local.      604800  IN      A       192.168.0.10

;; Query time: 0 msec
;; SERVER: 192.168.0.10#53(192.168.0.10)
;; WHEN: Sat Jan 04 05:40:00 UTC 2020
;; MSG SIZE  rcvd: 148

The DNS server’s answer for the reverse lookup 192.168.0.100 is www.itzgeek.local.

This result confirms that both forward and reverse zone lookups are working fine.

Conclusion

That’s All. You have successfully installed DNS server on Debian 10 / Debian 9. In our next article, we will configure the Slave DNS server on Debian 10 / Debian 9.

You might also like