How to install bind9 DNS server on debian
How to install bind9 DNS server on debian
I’ve been wanting to write a tutorial about this for a long time now, this is also something I’ve learned the very first time I started playing with servers. In this article I’m going to show you how to install bind9 DNS server on debian (or ubuntu since these are similar) and set your own domain name to resolve directly on your own VPS server.
Required packages
You mostly need to install your DNS server, bind9, on your server. That’s it.
1 |
apt-get install bind9 |
From here you can start directly and setup your DNS server settings.
Setting up Bind9 on Debian / Ubuntu
Start by editing the file /etc/bind/named.conf.local:
1 |
vim /etc/bind/named.conf.local |
In this file add the following content:
1 2 3 4 5 6 |
zone "mydomain.net" { type master; file "/etc/bind/zones/mydomain.net.conf"; allow-query { any; }; allow-transfer { xfer; }; }; |
Let’s now create the zones folder since it doesn’t exist:
1 |
mkdir -p /etc/bind/zones |
Create your own DNS zone for your domain name, I’ll paste here a template that you can use. Of course it needs updated with your own domain and server IPs and proper serial number!
1 |
vi /etc/bind/zones/mydomain.net.conf |
And the contents are:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
; BIND db file for mydomain.net $TTL 86400 $ORIGIN mydomain.net. @ IN SOA ns1.mydomain.net. admin.mydomain.net. ( 2014013101 ; serial number YYMMDDNN 28800 ; Refresh 7200 ; Retry 864000 ; Expire 86400 ; Min TTL ) mydomain.net. 86400 NS ns1.mydomain.net. mydomain.net. 86400 NS ns2.mydomain.net. ns1.mydomain.net. 14000 IN A 192.168.1.105 ns2.mydomain.net. 14000 IN A 192.168.1.105 mydomain.net. 14000 IN A 192.168.1.105 d.mydomain.net. 14000 IN A 192.168.1.105 mail.mydomain.net. 14000 IN A 192.168.1.105 mydomain.net. 14000 IN MX 0 mail.mydomain.net. imap 14000 IN CNAME mail.mydomain.net. smtp 14000 IN CNAME mail.mydomain.net. www 14000 IN CNAME mydomain.net. mydomain.net. 14000 IN TXT "v=spf1 a mx ~all" |
Next you have the bind9 settings that you need to add. Lets first backup our current file and add the below content:
1 2 |
mv /etc/bind/named.conf.options /etc/bind/named.conf.options.org vi /etc/bind/named.conf.options |
Here are my current settings which you can use. Don’t forget to update with your own IP:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
/* * Allow transfer for your own nameservers only, add here if you have any */ acl "xfer" { 192.168.1.102; }; /* * Enter only your server IP or servers that you want to allow * to use the dns server cache */ acl "trusted" { 127.0.0.0/8; }; options { listen-on-v6 { none; }; listen-on { any; }; directory "/var/cache/bind"; pid-file "/var/run/named/named.pid"; /* * Allow queries from our "trusted" ACL. */ allow-query { trusted; }; /* Allow cache for the "trusted" ACL. */ allow-query-cache { trusted; }; /* Allow trusted addresses to use recursion. */ allow-recursion { trusted; }; /* Do not allow zone transfers */ allow-transfer { none; }; allow-update { none; }; dnssec-validation auto; auth-nxdomain no; // forwarders { // 0.0.0.0; // }; }; |
What you are left is to test if everything is ok, you can use named-checkzone to check your DNS zone is correct:
1 2 3 |
~# named-checkzone mydomain.net /etc/bind/zones/mydomain.net.conf zone mydomain.net/IN: loaded serial 2014013101 OK |
Restart bind and you are done.
1 |
service bind9 restart |
DNS query output
Here is a DNS query output I tested, it should show something similar for you also:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
:~$ dig @192.168.1.105 mydomain.net ; <<>> DiG 9.8.1-P1 <<>> @192.168.1.105 mydomain.net ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63020 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;mydomain.net. IN A ;; ANSWER SECTION: mydomain.net. 14000 IN A 192.168.1.105 ;; AUTHORITY SECTION: mydomain.net. 86400 IN NS ns2.mydomain.net. mydomain.net. 86400 IN NS ns1.mydomain.net. ;; ADDITIONAL SECTION: ns1.mydomain.net. 14000 IN A 192.168.1.105 ns2.mydomain.net. 14000 IN A 192.168.1.105 ;; Query time: 1 msec ;; SERVER: 192.168.1.105#53(192.168.1.105) ;; WHEN: Fri Jan 31 21:00:32 2014 ;; MSG SIZE rcvd: 114 |
Keep in mind that if you made any mistakes, you need to check the following log file for the errors:
1 |
/var/log/daemon.log |
For example, I removed the zone file on purpose and restarted bind9, here are the errors:
1 2 3 4 5 6 7 8 9 10 11 |
root@debian:/etc/bind/zones# tail /var/log/daemon.log Jan 31 14:47:13 debian named[14038]: command channel listening on 127.0.0.1#953 Jan 31 14:47:13 debian named[14038]: command channel listening on ::1#953 Jan 31 14:47:13 debian named[14038]: zone 0.in-addr.arpa/IN: loaded serial 1 Jan 31 14:47:13 debian named[14038]: zone 127.in-addr.arpa/IN: loaded serial 1 Jan 31 14:47:13 debian named[14038]: zone 255.in-addr.arpa/IN: loaded serial 1 Jan 31 14:47:13 debian named[14038]: zone localhost/IN: loaded serial 2 Jan 31 14:47:13 debian named[14038]: zone mydomain.net/IN: loading from master file /etc/bind/zones/mydomain.net.conf failed: file not found Jan 31 14:47:13 debian named[14038]: zone mydomain.net/IN: not loaded due to errors. Jan 31 14:47:13 debian named[14038]: managed-keys-zone ./IN: loaded serial 4 Jan 31 14:47:13 debian named[14038]: running |
That’s it for now, I hope it helped and we will see you again in our next tutorial.