Linux DNS server BIND configuration

The BIND DNS software is one of the most reliable and proven ways to configure name resolution on a Linux system. Having been around since the 1980s, it remains the most popular Domain Name Server (DNS) currently in use. This article serves as a quick configuration manual of a Linux DNS server using BIND.

This article is not an introduction to DNS or an explanation of how the protocol works. Rather we will simply concentrate on a simple configuration of a custom zone and config file for a given domain / host supporting www and mail services. Follow along with the instructions below to get BIND DNS set up and configured on your own server.

WARNING
Before you proceed with the installation and configuration of BIND nameserver, make sure that BIND DNS server is exactly what you want. Default setup and execution of BIND on Debian or Ubuntu may take around 200MB of RAM with no zones added to the config file. Unless you reduce the memory usage of a BIND via various BIND “options” config settings, be prepared to have some spare RAM available just for this service. This fact is even more important if you pay for your own VPS server.

In this tutorial you will learn:

  • How to install BIND on major Linux distros
  • How to create a DNS zone file
  • How to configure address to name mappings
  • How to check BIND zone file and configuration
  • How to start or restart the BIND DNS service
  • How to test a BIND configuration with dig command

Configuring and testing a BIND nameserver on Linux

Configuring and testing a BIND nameserver on Linux
Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Any Linux distro
Software BIND
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user

Our test environment



Before diving into all of the BIND configuration, it’s helpful to have some context of how we are configuring our network. Refer to the following list to see how the IP addresses are assigned to various systems on our network.

  • Nameserver IP address: 192.168.135.130
  • Sample domain / host: linuxconfig.org
  • Authoritative nameservers for a linuxconfig.org zone: ns1.linuxconfig.org ( 192.168.0.10 ) and ns2.linuxconfig.org ( 192.168.0.11 )
  • www and mail services that linuxconfig.org will point to: 192.168.0.10

Install BIND on major Linux distros

The simplest way to install the latest version of BIND (BIND9) is by using your system’s package manager.

On a Debian or Ubuntu Linux server you can install a BIND nameserver with the following linux command:

$ sudo apt install bind9 dnsutils

Or with this command on CentOS, Fedora, AlmaLinux, and other RHEL-based distros:

$ sudo dnf install bind dnsutils

The dnsutils software is not a compulsory package to run BIND nameserver, but we will use the dig command which is part of this package as a testing tool of your BIND configuration.

Creating a DNS zone file

At this stage we will need to create a new zone file for a domain linuxconfig.org. Follow the steps below as we do that.

  1. Navigate to /etc/bind/ directory and then execute following sequence of commands to navigate to zones/master/.
    $ cd /etc/bind
    $ sudo mkdir -p zones/master
    $ cd zones/master/
    
  2. The /etc/bind/zones/master directory will contain a zone file for the linuxconfig.org domain name. If you prefer to use another directory to hold this file, you are free to do so. The following zone file, named db.linuxconfig.org, will hold a DNS record to assist a nameserver to resolve a fully qualified domain name to an IP address. Create the db.linuxconfig.org with nano or your preferred text editor.


    $ sudo nano /etc/bind/zones/master/db.linuxconfig.org
    
  3. Then, paste the following template into the file:
    ;
    ; BIND data file for linuxconfig.org
    ;
    $TTL    3h
    @       IN      SOA     ns1.linuxconfig.org. admin.linuxconfig.org. (
                              1        ; Serial
                              3h       ; Refresh after 3 hours
                              1h       ; Retry after 1 hour
                              1w       ; Expire after 1 week
                              1h )     ; Negative caching TTL of 1 day
    ;
    @       IN      NS      ns1.linuxconfig.org.
    @       IN      NS      ns2.linuxconfig.org.
    
    
    linuxconfig.org.    IN      MX      10      mail.linuxconfig.org.
    linuxconfig.org.    IN      A       192.168.0.10
    ns1                     IN      A       192.168.0.10
    ns2                     IN      A       192.168.0.11
    www                     IN      CNAME   linuxconfig.org.
    mail                    IN      A       192.168.0.10
    ftp                     IN      CNAME   linuxconfig.org.

    Save your changes and exit this configuration file when done. Here is just a quick review of some lines from the above bind DNS zone file:

    SOA Record: nameserver authoritative for a zone linuxconfig.org is ns1.linuxconfig.org and admin.linuxconfig.org is an email address of a person responsible for this DNS zone.
    NS Records: two nameservers for the linuxconfig.org zone are ns[1,2].linuxconfig.org
    MX ( Mail Exchange): linuxconfig.org mail exachange record. Number 10 means a preference for discarding a records A – A simply means address or in other words in linuxconfig.org’s zone a ns1 would have an A ( address ) 192.168.0.10.
    CNAME Record ( Canonical Name record ): restart the query using the canonical name instead of the original name

The BIND zone file we have configured

The BIND zone file we have configured


Configure address to name mappings

At this stage, the BIND DNS server can resolve an IP address mapped to a linuxconfig.org host. What we should do now is the teach our nameserver the other way around, which is, to resolve a host from an IP address.

  1. For this, we are going to need yet another file and that is named db.192.168.0.
    $ sudo nano /etc/bind/zones/master/db.192.168.0
    
  2. Inside this file, paste the following content:
    ;
    ; BIND reverse data file for 0.168.192.in-addr.arpa
    ;
    $TTL    604800
    0.168.192.in-addr.arpa.      IN      SOA     ns1.linuxconfig.org. admin.linuxconfig.org. (
                              1         ; Serial
                              3h       ; Refresh after 3 hours
                              1h       ; Retry after 1 hour
                              1w       ; Expire after 1 week
                              1h )     ; Negative caching TTL of 1 day
    ;
    0.168.192.in-addr.arpa.       IN      NS      ns1.linuxconfig.org.
    0.168.192.in-addr.arpa.       IN      NS      ns2.linuxconfig.org.
    
    10.0.168.192.in-addr.arpa.   IN      PTR     linuxconfig.org.

    PTR: a NDS record used for a mapping of an IP address to a host name.

The reverse BIND record

The reverse BIND record

Updating a BIND configuration file

At this point we should have two files ready:

  • /etc/bind/zones/master/db.linuxconfig.org
  • /etc/bind/zones/master/db.192.168.0
  1. All we need to do now is to insert both zone file names into the BIND configuration file named.conf.local.
    $ sudo nano /etc/bind/named.conf.local
    


  2. Then, add following lines into this file:
    zone "linuxconfig.org" {
           type master;
           file "/etc/bind/zones/master/db.linuxconfig.org";
    };
    
    zone "0.168.192.in-addr.arpa" {
           type master;
           file "/etc/bind/zones/master/db.192.168.0";
    };
  3. Telling BIND where our zone files are located

    Telling BIND where our zone files are located
  4. Last thing before we go ahead and check the configuration is to add an IP address of a stable DNS server to the named.conf.options file. This IP address is used in case that a local DNS server does not know the answer to a name resolution query. The IP address of a DNS server in many cases is provided by your Internet provider. Alternatively, you can use Google’s public DNS servers at IP addresses 8.8.8.8 or 8.8.4.4.
    $ sudo nano /etc/bind/named.conf.options
    
  5. Replace the forwarder address (by default it’s 0.0.0.0) with the 8.8.8.8 IP address.
            forwarders {
                  8.8.8.8;
             };
    


  6. Configure a forwarding address to a reliable DNS server from your ISP or Google

    Configure a forwarding address to a reliable DNS server from your ISP or Google

Checking BIND’s zone files and configuration

Before we attempt to start a BIND nameserver with a new zone and configuration, here are some tools to check to make sure we have not done some typo or misconfiguration.

  1. To check the configuration files run a following Linux command:
    $ sudo named-checkconf
    

    With this named-checkconf command, the rule of thumb is: no news is good news. If no output has been produced, your config files are OK.

  2. To check the DNS zone files we can use named-checkzone command:
    $ sudo named-checkzone linuxconfig.org /etc/bind/zones/master/db.linuxconfig.org
    zone linuxconfig.org/IN: loaded serial 1
    OK
    
  3. Or, to check the reverse zone file:
    $ sudo named-checkzone 0.168.192.in-addr.arpa /etc/bind/zones/master/db.192.168.0
    zone 0.168.192.in-addr.arpa/IN: loaded serial 1
    OK
    
Testing our BIND configuration for errors or misconfiguration

Testing our BIND configuration for errors or misconfiguration


Start or restart BIND nameserver

Since the above commands have confirmed that our BIND configuration is valid, we can start the BIND service for all of these changes to take effect.

$ sudo systemctl start bind9

Alternatively, if your BIND server is already running, use the following Linux command to to assist you with its restart:

$ sudo systemctl restart bind9

Testing a bind server configuration

The dig command from dnsutils package will come in handy to help us test a new configuration of the BIND nameserver.

  1. The dig command can be used from any PC which has network access to your DNS server, but preferably you should start your testing from the localhost. In our case, the IP address of our name server is 192.168.135.130. First we will test host-to-IP resolution:
    $ dig @192.168.135.130 www.linuxconfig.org
    
  2. Using dig command to test host to IP resolution

    Using dig command to test host to IP resolution
  3. Next, we test IP-to-host resolution:
    $ dig @192.168.135.130 -x 192.168.0.10
    


  4. Using dig command to test IP to host resolution

    Using dig command to test IP to host resolution

That’s all there is to it. You have just created and configured your own DNS zone using BIND nameserver.

Closing Thoughts

In this guide, we learned how to create and configure a DNS zone using BIND nameserver on major Linux distros. BIND is an excellent DNS software with a long history of reliability. As we’ve seen here, it only takes a little configuration to get it up and running smoothly, and some testing to verify that it’s functioning properly.



Comments and Discussions
Linux Forum