Internet

Set up a DNS server with Bind9 on your Linux server

What is Bind?

Bind, or also known as Berkeley Internet Name Domain, is a software that is responsible for performing the task of DNS server. Bind is currently a standard, and it is widely used in Linux operating systems and also in Unix, therefore, if you have a server based on Linux or Unix and you need a DNS server to handle the queries of the local network, then Bind is what you must use. The current version of Bind is the Bind9 version, and it is the one commonly used on all servers, previous versions are considered insecure and “deprecated”, so it is not recommended to use them.

Bind does not replace DNS servers like the ones we can use from Google (8.8.8.8), Cloudflare (1.1.1.1) or others, but rather complements them. The clients of the local network will have as DNS server the Bind server that we configure in a Linux server, later, in this Bind we will be able to configure different rules to reach local computers through their private IP addresses. If a client on the local network makes a DNS request to an Internet website, logically the DNS server will not have all the Internet IP addresses in its database, in this case, public DNS servers are configured to deal with these requests, by forwarding the server with Bind the request and we will automatically return it to the client that made the request.

The version that is currently used is Bind 9, it was written from scratch to avoid problems of previous versions, in addition, it includes very important features such as DNSSEC to provide security to domains using cryptography, it also includes improvements in parallel processing of different DNS queries, full support for IPv6 networks, and much more. Of course, this latest version of Bind has very important security improvements, in this way, we will be protected against possible attacks that could occur in previous versions.

Prerequisites before installing Bind

Before starting with the configuration of the DNS server with Bind9 in our operating system, it is advisable to put a fixed IP on our server, otherwise, if the DHCP server changes our IP address, the clients of the local network will lose access to our server DNS because they will not be “pointing” to our private IP address. To put a fixed IP we have two possibilities:

  • Configure the Static DHCP in the router / firewall that we have, putting our MAC address of the network card and the IP address that we want it to always obtain.
  • Statically configure our Linux server, in this case, the DHCP server of the router / firewall should have a DHCP range that is outside our private IP address that we set.

To statically configure an IP address in Linux, we have to edit the configuration file “/ etc / network / interfaces” and put the following:

auto lo
iface lo inet loopback

auto ens33
iface eth0 inet static
address 192.168.1.2
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 192.168.1.2

Next, we have to restart the service to apply the changes correctly (if we have changed the IP we currently have):

sudo service networking restart

Once our IP address of the local network is fixed, we can install Bind.

Bind installation on Linux and startup

The first thing we have to do to configure a DNS server (bind) in Linux is to install it from the repositories, we are going to install both the Bind9 DNS server as well as the packages suggested by the Debian operating system, therefore, we must put it in the console the next:

sudo apt install bind9 bind9-doc resolvconf python-ply-doc

Once we have installed all the previous packages, we have to go to the program directory, which is where we will have to start configuring the necessary files:

cd /etc/bind/

It is advisable access this directory as root (sudo su) In order not to have problems with permissions denied when we copy files or modify existing ones, if we do an “ls -l” to list all the files we have here, we will see the following:

As you can see, we have a large number of different configuration files, each of them is specifically oriented to a task, in the official Bind9 documentation you can find what each of them is for. Let’s assume from now on that you are always in super user mode (root) to edit or copy files without restrictions.

Configure Bind forwarders using public DNS servers

The first thing we are going to do is configure forwarding DNS servers, that is, public DNS servers to forward queries to the Internet. The configuration file that is responsible for this task is “named.conf.options”, the first thing we do is make a backup copy of the file, in case we edit it wrong and everything stops working:

cp /etc/bind/named.conf.options /etc/bind/named.conf.options.copia

Now we edit the file adding the DNS servers in the forwarders section, as you can see here:

forwarders {
8.8.8.8;
1.1.1.1;
};

It would be as follows:

Once we have modified it, we restart the Bind9 service to verify that everything works correctly and does not return any error:

sudo service bind9 restart

Now we are going to check if they are working correctly, for this, we execute an nslookup command, and we should see that our DNS server has resolved a domain correctly, in our case the server’s IP address is 192.168.231.130:

Once we have configured Bind to forward the resolutions of Internet websites to the public DNS, we are going to see how to configure it to resolve internal domains.

Configure Bind for local resolutions

The configuration file that we must configure now is named.conf.local, it is advisable to make a backup in case something goes wrong when configuring it, for this we execute:

cp /etc/bind/named.conf.local /etc/bind/named.conf.local.copia

Once we have done the backup, we will have to edit the named.conf.local configuration file to proceed with the configuration. In this configuration file we will have to put the zone we are referring to, and also the bind configuration file that has all the configurations, therefore, we could leave it like this:

zone "redlocal.com" {
type master;
file "/etc/bind/db.redlocal";
};

It is important that the “file” refers to the configuration file that we import and that we are going to configure right now.

Now we have to copy the database that we have in “db.local” give it the name of “db.redlocal»That we have defined in the previous file.

cp /etc/bind/db.local /etc/bind/db.redlocal

Now we edit this configuration file that comes by default with a lot of information, and we adapt it to our interests.

The first thing we have to do is modify the SOA that comes in the upper part by the domain name that we have chosen locally, in this case, it would be “red.redlocal.com”, then we will edit the general configuration file with the domains and subdomains that we want. Our configuration file would be as follows:

;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA ns1.redlocal.com. root.red.redlocal.com. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;

@ IN NS ns1.redlocal.com.
@ IN A 192.168.231.130
ns1 IN A 192.168.231.130
router IN A 10.11.1.1
pc1 IN A 10.11.1.2

Once we have saved the configuration file, we check the syntax with the following command:

named-checkzone redlocal.com /etc/bind/db.redlocal

Now we restart the bind process with the following command:

sudo service bind9 restart

We have everything ready to start the battery of tests and check that we have done everything right. To check that everything works well, we must execute the following commands:

host router.redlocal.com

It will show us the following, the IP address of the router:

root@bron-debian:/etc/bind# host router.redlocal.com
router.redlocal.com has address 10.11.1.1

We can also do the same with PC1:

host pc1.redlocal.com

We will see this:

root@bron-debian:/etc/bind# host pc1.redlocal.com
pc1.redlocal.com has address 10.11.1.2

Once we have managed to resolve the local domains correctly, returning the corresponding IP address, we can ping without problems via domain:

root@bron-debian:/etc/bind# ping router.redlocal.com
PING router.redlocal.com (10.11.1.1) 56(84) bytes of data.
64 bytes from 10.11.1.1 (10.11.1.1): icmp_seq=1 ttl=128 time=0.413 ms
64 bytes from 10.11.1.1 (10.11.1.1): icmp_seq=2 ttl=128 time=0.401 ms
^C
--- router.redlocal.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 28ms
rtt min/avg/max/mdev = 0.401/0.407/0.413/0.006 ms

Now we are going to configure the reverse resolution of domains.

Reverse domain resolution

Now we are going to configure the DNS server to resolve domains in reverse, putting the IP address and telling us which domain that IP address belongs to. To achieve our goal, we must add to the file /etc/bind/named.conf.local that we previously used the following lines:

zone "192.in-addr.arpa" {
type master;
file "/etc/bind/db.192";
};

We must also copy the default configuration file to edit it. From the db.127 file we create the db.192:

cp /etc/bind/db.127 /etc/bind/db.192

Once we have created it, just edit it with the following information:

;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA ns1.redlocal.com. root.red.redlocal.com. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns1.redlocal.com.
ns1 IN A 192.168.231.130
130.231.168 IN PTR redlocal.com

Once we have saved the configuration file, we check the syntax with the following command:

named-checkzone 192.168.231.130 /etc/bind/db.192

We should get something like this:

named-checkzone 168.192.in-addr.arpa db.192
zone 168.192.in-addr.arpa/IN: loaded serial 1
OK

Now we restart the bind process with the following command:

sudo service bind9 restart

And we check that it has worked correctly:

host 192.168.231.130

We hope this complete Bind tutorial has helped you to set up your own DNS server locally.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *