Linux, Windows, Virtualization, OpenSource & Blogging

Configure DNS Server On Debian 9 / Ubuntu 16.04

0
Configure DNS Server On Debian 9
Configure DNS Server On Debian 9

Domain Name System (in short, DNS) is an internet service that is used to resolve Domain Name to IP Address and vice versa.

BIND (Berkeley Internet Name Domain) provides the functionality of name to ip conversion.

This post will help you configure DNS server on Debian 9 / Ubuntu 16.04.

Environment

Domain: itzgeek.local

Primary DNS server:  (It is the master server, and DNS records are created here.)

Server Name: ns1.itzgeek.local

IP Address: 192.168.1.10

Secondary DNS server: (It is the slave server, gets DNS records from the Master server. It acts as a backup DNS server for the primary server if the primary server goes down.)

Server Name: ns2.itzgeek.local

IP Address: 192.168.1.20

In this post, we set up only the primary DNS server. In case if you are planning to implement secondary server then take a look at configuring slave DNS server on Debian 9 / Ubuntu 16.04.

Prerequisites

Switch to the root user.

su -

OR

sudo su -

Update the repository index.

apt-get update

Make sure both primary and secondary server has a static IP address.

READ: How to configure static ip address in Debian / Ubuntu / LinuxMint

Install DNS Server

The package name of DNS in Debian / Ubuntu is bind9 and is available in the base repository. You can use apt command to install bind9 package.

apt-get install -y bind9 bind9utils bind9-doc dnsutils

Configure DNS Server

/etc/bind/ is the configuration directory of bind9, holds configuration files and zone lookup files. Global configuration file is /etc/bind/named.conf.

Create Zone’s

Let us begin with creating forward zone for your domain.

You should not use the global configuration file for local DNS zone rather you can use /etc/bind/named.conf.local file.

nano /etc/bind/named.conf.local

Forward Zone:

The following is the forward zone entry for the itzgeek.local domain in the named.conf.local file.

zone "itzgeek.local" IN { //Domain name
     type master; //Primary DNS
     file "/etc/bind/fwd.itzgeek.local.db"; //Forward lookup file
     allow-update { none; }; // Since this is the primary DNS, it should be none.
};

Reverse Zone:

The following is for the reverse zone in the named.conf.local file.

zone "1.168.192.in-addr.arpa" IN { //Reverse lookup name, should match your network in reverse order
     type master; // Primary DNS
     file "/etc/bind/rev.itzgeek.local.db"; //Reverse lookup file
     allow-update { none; }; //Since this is the primary DNS, it should be none.
};

Create Zone lookup file

Once zones are created, you can go ahead and create zone data files for the forward zone and reverse zone.

Forward Zone lookup file:

Copy the sample entries to zone file called fwd.itzgeek.local.db for forward zone under /etc/bind directory.

Record types in zone file,

SOA – Start of Authority
NS – Name Server
A – A record
MX – Mail for Exchange
CN – Canonical Name

Domain names should end with a dot (.).

cp /etc/bind/db.local /etc/bind/fwd.itzgeek.local.db

Edit the zone.

nano /etc/bind/fwd.itzgeek.local.db

Update the content shown like below. Whenever you change any records in the lookup file, make sure you update the serial number to some random number, higher than current.

;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     ns1.itzgeek.local. root.itzgeek.local. (
                             20         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
;@      IN      NS      localhost.
;@      IN      A       127.0.0.1
;@      IN      AAAA    ::1

;Name Server Information
       IN      NS      ns1.itzgeek.local.
       IN      NS      ns2.itzgeek.local.
;IP address of Name Server
ns1     IN      A       192.168.1.10
ns2     IN      A       192.168.1.20

;Mail Exchanger
itzgeek.local.   IN     MX   10   mail.itzgeek.local.

;A - Record HostName To Ip Address
www     IN       A      192.168.1.100
mail    IN       A      192.168.1.150
@       IN       A      192.168.1.200
;CNAME record
ftp     IN      CNAME   www.itgeek.local.

Reverse Zone lookup file:

Copy the sample entries to zone file called rev.itzgeek.local.db for reverse zone under /etc/bind directory and create reverse pointers for the above forward zone records.

PTR – Pointer
SOA – Start of Authority

cp /etc/bind/db.127 /etc/bind/rev.itzgeek.local.db

Edit the reverse zone file.

nano /etc/bind/rev.itzgeek.local.db

Update the content shown like below. Whenever you change any records in the lookup file, make sure you update the serial number to some random number, higher than current.

;
; BIND reverse data file for local loopback interface
;
$TTL    604800
@       IN      SOA     itzgeek.local. root.itzgeek.local. (
                             20         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
;@      IN      NS      localhost.
;1.0.0  IN      PTR     localhost.

;Name Server Information
       IN      NS     ns1.itzgeek.local.
       IN      NS     ns2.itzgeek.local.
;Reverse lookup for Name Server
10      IN      PTR    ns1.itzgeek.local.
20      IN      PTR    ns2.itzgeek.local.
;PTR Record IP address to HostName
100     IN      PTR    www.itzgeek.local.
150     IN      PTR    mail.itzgeek.local.
200     IN      PTR    itzgeek.local.

Check BIND Configuration Syntax

Use named-checkconf command to check the syntax of named.conf* files for any errors.

named-checkconf

Command will return to the shell if there are no errors.

Also, you can use named-checkzone to check the syntax errors in zone files.

For foward zone:

named-checkzone itzgeek.local /etc/bind/fwd.itzgeek.local.db

Output:

zone itzgeek.local/IN: loaded serial 20
OK

For reverse zone:

named-checkzone 1.168.192.in-addr.arpa /etc/bind/rev.itzgeek.local.db

Output:

zone 1.168.192.in-addr.arpa/IN: loaded serial 20
OK

Restart bind service.

systemctl restart bind9

Enable it on system startup.

systemctl enable bind9

Check the status of bind9 service.

systemctl status bind9

Output:

 bind9.service - BIND Domain Name Server
   Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2017-10-09 13:31:54 EDT; 1min 51s ago
     Docs: man:named(8)
 Main PID: 778 (named)
    Tasks: 4 (limit: 4915)
   CGroup: /system.slice/bind9.service
           └─778 /usr/sbin/named -f -u bind

Oct 09 13:31:55 ns1.itzgeek.local named[778]: managed-keys-zone: loaded serial 4
Oct 09 13:31:55 ns1.itzgeek.local named[778]: zone 0.in-addr.arpa/IN: loaded serial 1
Oct 09 13:31:55 ns1.itzgeek.local named[778]: zone 127.in-addr.arpa/IN: loaded serial 1
Oct 09 13:31:55 ns1.itzgeek.local named[778]: zone localhost/IN: loaded serial 2
Oct 09 13:31:55 ns1.itzgeek.local named[778]: zone 1.168.192.in-addr.arpa/IN: loaded serial 20
Oct 09 13:31:55 ns1.itzgeek.local named[778]: zone itzgeek.local/IN: loaded serial 20
Oct 09 13:31:55 ns1.itzgeek.local named[778]: zone 255.in-addr.arpa/IN: loaded serial 1
Oct 09 13:31:55 ns1.itzgeek.local named[778]: all zones loaded
Oct 09 13:31:55 ns1.itzgeek.local named[778]: running
Oct 09 13:31:55 ns1.itzgeek.local named[778]: zone 1.168.192.in-addr.arpa/IN: sending notifies (serial 20)

Verify DNS

Go to any client machine and add our new DNS server IP Address in /etc/resolv.conf file.

nano /etc/resolv.conf

Make an entry like below.

nameserver 192.168.1.10

OR

Follow the below tutorial to add DNS server IP in Ubuntu / Debian.

READ: How to add DNS IP address in Debian / Ubuntu / LinuxMint

You can either use nslookup or dig command to verify the DNS server.

Use the dig command to verify the forward lookup.

dig www.itzgeek.local

If you get command not found, install bind-utils package.

Output:

; <<>> DiG 9.10.3-P4-Debian <<>> www.itzgeek.local @192.168.1.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13117
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.itzgeek.local.             IN      A

;; ANSWER SECTION:
www.itzgeek.local.      604800  IN      A       192.168.1.100

;; AUTHORITY SECTION:
itzgeek.local.          604800  IN      NS      ns1.itzgeek.local.

;; ADDITIONAL SECTION:
ns1.itzgeek.local.      604800  IN      A       192.168.1.10

;; Query time: 0 msec
;; SERVER: 192.168.1.10#53(192.168.1.10)
;; WHEN: Mon Oct 09 13:14:22 EDT 2017
;; MSG SIZE  rcvd: 96

The DNS server’s answer for forward lookup: 192.168.1.100 as IP address for www.itzgeek.local.

Confirm the reverse lookup with dig command.

dig -x 192.168.1.100

Output:

; <<>> DiG 9.10.3-P4-Debian <<>> -x 192.168.1.100 @192.168.1.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39795
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;100.1.168.192.in-addr.arpa.    IN      PTR

;; ANSWER SECTION:
100.1.168.192.in-addr.arpa. 604800 IN   PTR     www.itzgeek.local.

;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 604800  IN      NS      ns1.itzgeek.local.

;; ADDITIONAL SECTION:
ns1.itzgeek.local.      604800  IN      A       192.168.1.10

;; Query time: 0 msec
;; SERVER: 192.168.1.10#53(192.168.1.10)
;; WHEN: Mon Oct 09 13:15:32 EDT 2017
;; MSG SIZE  rcvd: 120

The DNS server’s answer for reverse lookup: www.itzgeek.local as a name for 192.168.1.100.

This result confirms that both forward and reverse zone lookups are working fine.

That’s All. You have successfully installed BIND on Debian 9 / Ubuntu 16.04 as a master server. In our next article, we will configure Slave DNS server on Debian 9 / Ubuntu 16.04.

POSTS YOU MAY LIKE -:)

You might also like

Configure DNS Server On Debian 9 / Ubuntu 16.04

0