My experience of DNS servers was largely based around Windows Servers until a few years ago when I had to work on a linux bind9 box. I have to admit that until this point I never fully appreciated just how complex these little things are. They are however a fundamental part of the internet – without them, the internet wouldnt be half as much fun as it is!
Hopefully this short guide will help others build a simple DNS server in Linux.
Steps
Download and install ubuntu 18.04
Ensure DNS Server is selected during installation (if you are using a different OS version then once the OS is installed and you have ran apt update, then run apt install dnsutils
Configure your network, hostname (also if this is running as a VM then disk size, CPU count, etc – doesnt need anything powerful)
Once the server is installed and up to date with the latest patches so run apt update followed by apt upgrade
You need to work on some settings files, in my example the files are:
| File | Description |
|---|---|
| /etc/bind/named.conf | This is the primary configuration file, we dont need to touch it. |
| /etc/bind/named.conf.local | Here we define the zone files used for DNS lookups |
| /etc/bind/named.conf.options | In this configuration file we define things like where to forward requests, and what networks we will accept requests from. |
| /var/cache/bind/db.domain.rev | This is a sample reverse lookup file |
| /var/cache/bind/domain.com.zone | This is a sample DNS and contains a list of hostnames and corresponding IP addresses |
Now lets look at the contents of each file in turn, starting with named.conf.local
named.conf.local
zone "domain.com" IN {
type master;
file "domain.com.zone";
};
zone "10.1.in-addr.arpa" {
type master;
file "db.domain.rev";
};In this file 2 zone files are defined, we can see they are both master files and we can see the network is 10.1.x.x
named.conf.options
options {
directory "/var/cache/bind";
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on port 53 { localhost; 10.1.0.0/16; 10.55.55.0/24; };
allow-query { localhost; 10.1.0.0/16; 10.55.55.0/24; };
forwarders { 8.8.8.8; };
recursion yes;
};Here we see the directory containing the zone files defined as /var/cache/bind, the security level is set to auto, the server will only respond to requests from the DNS server, 10.1.0.0/16 and 10.55.55.0/24 networks and we are forwarding DNS requests out to Googles 8.8.8.8 server.
/var/cache/bind/domain.com.zone
$TTL 86400
@ IN SOA domain.com root.domain.com (
2022180203
3600
900
604800
86400
)
@ IN NS dns
dns IN A 10.1.0.2
files IN A 10.1.5.176
win7 IN A 10.1.5.61
tester IN A 10.10.10.10
poopot IN A 9.9.9.9
cbs2 IN A 10.1.5.211/var/cache/bind/db.domain.rev
$TTL 86400
@ IN SOA dns.domain.com. hostmaster.domain.com. (
2022180203
10800
3600
604800
86400 )
IN NS dns.domain.com.
$ORIGIN 0.1.10.in-addr.arpa.
2 IN PTR dns.domain.com.
4 IN PTR pc123.domain.com.
$ORIGIN 5.1.10.in-addr.arpa.
211 IN PTR cbs2.domain.com.Set your dns servers dns server to use the same IP by editing your /etc/network/interfaces file so it includes something like:
dns-nameservers 10.1.0.2 8.8.8.8
dns-search domain.comhints
systemctl status bind9 provides some pretty useful information on the DNS service.