The BIND DNS software is one of the most reliable and proven ways to configure name resolution on a Linux system. Having been around since the 1980s, it remains the most popular Domain Name Server (DNS) currently in use. This article serves as a quick configuration manual of a Linux DNS server using BIND.
This article is not an introduction to DNS or an explanation of how the protocol works. Rather we will simply concentrate on a simple configuration of a custom zone and config file for a given domain / host supporting www and mail services. Follow along with the instructions below to get BIND DNS set up and configured on your own server.
Before you proceed with the installation and configuration of BIND nameserver, make sure that BIND DNS server is exactly what you want. Default setup and execution of BIND on Debian or Ubuntu may take around 200MB of RAM with no zones added to the config file. Unless you reduce the memory usage of a BIND via various BIND “options” config settings, be prepared to have some spare RAM available just for this service. This fact is even more important if you pay for your own VPS server.
In this tutorial you will learn:
- How to install BIND on major Linux distros
- How to create a DNS zone file
- How to configure address to name mappings
- How to check BIND zone file and configuration
- How to start or restart the BIND DNS service
- How to test a BIND configuration with
dig
command
Category | Requirements, Conventions or Software Version Used |
---|---|
System | Any Linux distro |
Software | BIND |
Other | Privileged access to your Linux system as root or via the sudo command. |
Conventions |
# – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command$ – requires given linux commands to be executed as a regular non-privileged user |
Our test environment
Before diving into all of the BIND configuration, it’s helpful to have some context of how we are configuring our network. Refer to the following list to see how the IP addresses are assigned to various systems on our network.
- Nameserver IP address: 192.168.135.130
- Sample domain / host: linuxconfig.org
- Authoritative nameservers for a linuxconfig.org zone: ns1.linuxconfig.org ( 192.168.0.10 ) and ns2.linuxconfig.org ( 192.168.0.11 )
- www and mail services that linuxconfig.org will point to: 192.168.0.10
Install BIND on major Linux distros
The simplest way to install the latest version of BIND (BIND9) is by using your system’s package manager.
On a Debian or Ubuntu Linux server you can install a BIND nameserver with the following linux command:
$ sudo apt install bind9 dnsutils
Or with this command on CentOS, Fedora, AlmaLinux, and other RHEL-based distros:
$ sudo dnf install bind dnsutils
The dnsutils software is not a compulsory package to run BIND nameserver, but we will use the dig
command which is part of this package as a testing tool of your BIND configuration.
Creating a DNS zone file
At this stage we will need to create a new zone file for a domain linuxconfig.org. Follow the steps below as we do that.
- Navigate to
/etc/bind/
directory and then execute following sequence of commands to navigate tozones/master/
.$ cd /etc/bind $ sudo mkdir -p zones/master $ cd zones/master/
- The
/etc/bind/zones/master
directory will contain a zone file for thelinuxconfig.org
domain name. If you prefer to use another directory to hold this file, you are free to do so. The following zone file, nameddb.linuxconfig.org
, will hold a DNS record to assist a nameserver to resolve a fully qualified domain name to an IP address. Create thedb.linuxconfig.org
with nano or your preferred text editor.
$ sudo nano /etc/bind/zones/master/db.linuxconfig.org
- Then, paste the following template into the file:
; ; BIND data file for linuxconfig.org ; $TTL 3h @ IN SOA ns1.linuxconfig.org. admin.linuxconfig.org. ( 1 ; Serial 3h ; Refresh after 3 hours 1h ; Retry after 1 hour 1w ; Expire after 1 week 1h ) ; Negative caching TTL of 1 day ; @ IN NS ns1.linuxconfig.org. @ IN NS ns2.linuxconfig.org. linuxconfig.org. IN MX 10 mail.linuxconfig.org. linuxconfig.org. IN A 192.168.0.10 ns1 IN A 192.168.0.10 ns2 IN A 192.168.0.11 www IN CNAME linuxconfig.org. mail IN A 192.168.0.10 ftp IN CNAME linuxconfig.org.
Save your changes and exit this configuration file when done. Here is just a quick review of some lines from the above bind DNS zone file:
SOA Record: nameserver authoritative for a zone linuxconfig.org is ns1.linuxconfig.org and admin.linuxconfig.org is an email address of a person responsible for this DNS zone.
NS Records: two nameservers for the linuxconfig.org zone are ns[1,2].linuxconfig.org
MX ( Mail Exchange): linuxconfig.org mail exachange record. Number 10 means a preference for discarding a records A – A simply means address or in other words in linuxconfig.org’s zone a ns1 would have an A ( address ) 192.168.0.10.
CNAME Record ( Canonical Name record ): restart the query using the canonical name instead of the original name
Configure address to name mappings
At this stage, the BIND DNS server can resolve an IP address mapped to a linuxconfig.org host. What we should do now is the teach our nameserver the other way around, which is, to resolve a host from an IP address.
- For this, we are going to need yet another file and that is named
db.192.168.0
.$ sudo nano /etc/bind/zones/master/db.192.168.0
- Inside this file, paste the following content:
; ; BIND reverse data file for 0.168.192.in-addr.arpa ; $TTL 604800 0.168.192.in-addr.arpa. IN SOA ns1.linuxconfig.org. admin.linuxconfig.org. ( 1 ; Serial 3h ; Refresh after 3 hours 1h ; Retry after 1 hour 1w ; Expire after 1 week 1h ) ; Negative caching TTL of 1 day ; 0.168.192.in-addr.arpa. IN NS ns1.linuxconfig.org. 0.168.192.in-addr.arpa. IN NS ns2.linuxconfig.org. 10.0.168.192.in-addr.arpa. IN PTR linuxconfig.org.
PTR: a NDS record used for a mapping of an IP address to a host name.
Updating a BIND configuration file
At this point we should have two files ready:
- /etc/bind/zones/master/db.linuxconfig.org
- /etc/bind/zones/master/db.192.168.0
- All we need to do now is to insert both zone file names into the BIND configuration file
named.conf.local
.$ sudo nano /etc/bind/named.conf.local
- Then, add following lines into this file:
zone "linuxconfig.org" { type master; file "/etc/bind/zones/master/db.linuxconfig.org"; }; zone "0.168.192.in-addr.arpa" { type master; file "/etc/bind/zones/master/db.192.168.0"; };
- Last thing before we go ahead and check the configuration is to add an IP address of a stable DNS server to the
named.conf.options
file. This IP address is used in case that a local DNS server does not know the answer to a name resolution query. The IP address of a DNS server in many cases is provided by your Internet provider. Alternatively, you can use Google’s public DNS servers at IP addresses8.8.8.8
or8.8.4.4
.$ sudo nano /etc/bind/named.conf.options
- Replace the forwarder address (by default it’s 0.0.0.0) with the 8.8.8.8 IP address.
forwarders { 8.8.8.8; };
Checking BIND’s zone files and configuration
Before we attempt to start a BIND nameserver with a new zone and configuration, here are some tools to check to make sure we have not done some typo or misconfiguration.
- To check the configuration files run a following Linux command:
$ sudo named-checkconf
With this
named-checkconf
command, the rule of thumb is: no news is good news. If no output has been produced, your config files are OK. - To check the DNS zone files we can use
named-checkzone
command:$ sudo named-checkzone linuxconfig.org /etc/bind/zones/master/db.linuxconfig.org zone linuxconfig.org/IN: loaded serial 1 OK
- Or, to check the reverse zone file:
$ sudo named-checkzone 0.168.192.in-addr.arpa /etc/bind/zones/master/db.192.168.0 zone 0.168.192.in-addr.arpa/IN: loaded serial 1 OK
Start or restart BIND nameserver
Since the above commands have confirmed that our BIND configuration is valid, we can start the BIND service for all of these changes to take effect.
$ sudo systemctl start bind9
Alternatively, if your BIND server is already running, use the following Linux command to to assist you with its restart:
$ sudo systemctl restart bind9
Testing a bind server configuration
The dig
command from dnsutils package will come in handy to help us test a new configuration of the BIND nameserver.
- The
dig
command can be used from any PC which has network access to your DNS server, but preferably you should start your testing from the localhost. In our case, the IP address of our name server is192.168.135.130
. First we will test host-to-IP resolution:$ dig @192.168.135.130 www.linuxconfig.org
- Next, we test IP-to-host resolution:
$ dig @192.168.135.130 -x 192.168.0.10
That’s all there is to it. You have just created and configured your own DNS zone using BIND nameserver.
Closing Thoughts
In this guide, we learned how to create and configure a DNS zone using BIND nameserver on major Linux distros. BIND is an excellent DNS software with a long history of reliability. As we’ve seen here, it only takes a little configuration to get it up and running smoothly, and some testing to verify that it’s functioning properly.