How to Install and Configure a Private BIND DNS Server on Ubuntu 22.04
Setting up a private BIND (Berkeley Internet Name Domain) DNS server on Ubuntu 22.04 allows you to manage your domain names internally. This can enhance security, improve response times, and provide better control over your network’s DNS configuration. In this guide, we will walk through the installation and configuration of a private BIND DNS server.
Prerequisites
Before you begin, ensure you have:
A server running Ubuntu 22.04.
Root or sudo privileges on the server.
Basic knowledge of DNS concepts.
Step 1: Update Your System
Start by updating your package list and upgrading your existing packages. Open your terminal and run:
sudo apt update
sudo apt upgrade -y
Step 2: Install BIND9
Install BIND9 and the necessary utilities with the following command:
sudo apt install bind9 bind9utils bind9-doc -y
Step 3: Configure BIND
3.1: Edit the BIND Configuration File
The main configuration file for BIND is located at /etc/bind/named.conf.options. Open this file for editing:
sudo nano /etc/bind/named.conf.options
In the options block, ensure the following settings are configured:
options {
directory “/var/cache/bind”;// Allow queries from specific networks
allow-query { any; }; // Change ‘any’ to your specific subnet if needed// Forwarders (optional)
forwarders {
8.8.8.8; // Google Public DNS
8.8.4.4; // Google Public DNS
};dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
Save and exit by pressing CTRL + X, then Y, and ENTER.
3.2: Configure DNS Zones
Next, you need to define the zones for your DNS server. Open the named.conf.local file:
sudo nano /etc/bind/named.conf.local
Add your zone configuration. For example, to create a zone for example.local, add:
zone “example.local” {
type master;
file “/etc/bind/db.example.local”; // Path to the zone file
};
Save and exit.
3.3: Create Zone Files
Create the zone file specified in the previous step:
sudo cp /etc/bind/db.empty /etc/bind/db.example.local
Open the new zone file for editing:
sudo nano /etc/bind/db.example.local
Add the following configuration, adjusting the values to suit your domain:
$TTL 604800
@ IN SOA ns.example.local. admin.example.local. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL; Name servers
@ IN NS ns.example.local.; A records
ns IN A 192.168.1.10 ; Change to your server’s IP
@ IN A 192.168.1.10
www IN A 192.168.1.10
Save and exit.
Step 4: Check BIND Configuration
Before restarting the BIND service, check the configuration for any errors:
sudo named-checkconf
You can also check the zone file for errors:
sudo named-checkzone example.local /etc/bind/db.example.local
Step 5: Restart BIND Service
After confirming there are no errors, restart the BIND service to apply the changes:
sudo systemctl restart bind9
You can also enable BIND to start on boot:
sudo systemctl enable bind9
Step 6: Configure Firewall
If you have a firewall running, ensure that it allows DNS traffic on UDP port 53:
sudo ufw allow 53/udp
Step 7: Test Your DNS Server
To test your DNS server, use the dig command. First, install dnsutils if it is not already installed:
sudo apt install dnsutils -y
Then run:
dig @192.168.1.10 example.local
Replace 192.168.1.10 with your DNS server’s IP address. You should receive a response that includes the A record for example.local.
Step 8: Set Up Client Machines
To use your new DNS server, you’ll need to configure the DNS settings on client machines. Update the DNS settings to point to your server’s IP address. For example, in Ubuntu, you can do this through the Network Settings under IPv4 settings.
Additional Resources
For more in-depth details about BIND configuration and advanced features, refer to the official BIND documentation: BIND 9 Administrator Reference Manual.
Conclusion
You have successfully installed and configured a private BIND DNS server on Ubuntu 22.04. With this setup, you can efficiently manage DNS records for your network, improving control and reliability. Explore additional features of BIND to further enhance your DNS management capabilities.
