DNS (Domain Name System) plays a crucial role in mapping human-readable domain names into machine-friendly IP addresses, acting as a “phonebook” in the middle. Whether you’re managing a private network or hosting web services, a reliable DNS solution ensures smooth communication and connectivity. The BIND (Berkeley Internet Name Domain) DNS server, one of the most widely used and trusted DNS software, offers a reliable infrastructure for creating and managing domain name resolution services. Its flexibility, scalability, and support for advanced configurations make it the go-to choice for administrators around the globe.
In this guide, we will walk you through setting up a private BIND 9 DNS server and forward and reverse zone configurations, ensuring your network has a solid foundation for efficient and reliable name resolution.
Prerequisites
- A Virtual Machine (such as the ones provided by NodeShift), with at least:
- 2 vCPUs
- 2 GB RAM
- 10 GB SSD
- Ubuntu 22.04 VM
Note: The prerequisites for this are highly variable across use cases. A high-end configuration could be used for a large-scale deployment.
Step-by-step process to install BIND DNS server on Ubuntu 22.04
For this tutorial, we’ll use a CPU-powered Virtual Machine by NodeShift, which provides high-compute Virtual Machines at a very affordable cost on a scale that meets GDPR, SOC2, and ISO27001 requirements. It also offers an intuitive and user-friendly interface, making it easier for beginners to get started with Cloud deployments. However, feel free to use any cloud provider you choose and follow the same steps for the rest of the tutorial.
Step 1: Setting up a NodeShift Account
Visit app.nodeshift.com and create an account by filling in basic details, or continue signing up with your Google/GitHub account.
If you already have an account, login straight to your dashboard.
Step 2: Create a Compute Node (CPU Virtual Machine)
After accessing your account, you should see a dashboard (see image), now:
- Navigate to the menu on the left side.
- Click on the Compute Nodes option.
- Click on Start to start creating your very first compute node.
These Compute nodes are CPU-powered virtual machines by NodeShift. These nodes are highly customizable and let you control different environmental configurations, such as vCPUs, RAM, and storage, according to your needs.
Step 3: Select configuration for VM
- The first option you see is the Reliability dropdown. This lets you choose the uptime guarantee level you seek for your VM (e.g., 99.9%).
- Next, select a geographical region from the Region dropdown where you want to launch your VM (e.g., United States).
- Most importantly, select the correct specifications for your VM according to your workload requirements by sliding the bars for each option.
Step 4: Choose VM Configuration and Image
- After selecting your required configuration options, you’ll see the available VMs in your region and as per (or very close to) your configuration. In our case, we’ll choose a ‘4 vCPUs/4GB/80GB SSD’ Compute node.
- Next, you’ll need to choose an image for your Virtual Machine. For the scope of this tutorial, we’ll select Ubuntu, as we will deploy the DNS server on Ubuntu 22.04.
Step 5: Choose the Billing cycle and Authentication Method
- Two billing cycle options are available: Hourly, ideal for short-term usage, offering pay-as-you-go flexibility, and Monthly for long-term projects with a consistent usage rate and potentially lower cost.
- Next, you’ll need to select an authentication method. Two methods are available: Password and SSH Key. We recommend using SSH keys, as they are a more secure option. To create one, head over to our official documentation.
Step 6: Finalize Details and Create Deployment
Finally, you can also add a VPC (Virtual Private Cloud), which provides an isolated section for you to launch your cloud resources (Virtual machine, storage, etc.) in a secure, private environment. We’re keeping this option as the default for now, but feel free to create a VPC according to your needs.
Also, you can deploy multiple nodes at once by clicking + in the Quantity option.
That’s it! You are now ready to deploy the node. Finalize the configuration summary; if it looks good, go ahead and click Create to deploy the node.
Step 7: Connect to active Compute Node using SSH
As soon as you create the node, it will be deployed in a few seconds or a minute. Once deployed, you will see a status Running in green, meaning that our Compute node is ready to use!
Once your node shows this status, follow the below steps to connect to the running VM via SSH:
- Open your terminal and run the below SSH command:
(replace root with your username and paste the IP of your VM in place of ip after copying it from the dashboard)
ssh root@ip
- If SSH keys are set up, the terminal will authenticate automatically.
- In some cases, your terminal may take your consent before connecting. Enter ‘yes’, and you should be connected.
Output:
Step 8: Install BIND 9
- Before moving to the installation of BIND 9, let’s first update the package source list and upgrade the softwares
apt update -y && apt upgrade -y
Output:
2. Install packages for BIND 9
We’ll install the below three packages to install BIND 9 on our DNS server
bind9 – BIND 9 DNS server software.bind9utils – Utilities for BIND 9.bind9-doc – A documentation package for BIND 9.
apt install bind9 bind9utils bind9-doc -y
Output:
3. Check if the BIND 9 service is running
systemctl status bind9
Step 9: Configure BIND DNS Server
We’ll configure the BIND 9 DNS server with its two configuration files: named.conf.options, which is its main configuration file, and named.conf.local, which is used to define local DNS zones for a private domain.
1. Configure named.conf.options
a) Open the file with the Nano editor
sudo nano /etc/bind/named.conf.options
The file that opens up looks like this:
b) Edit the file content
Modify your named.conf.options file to look similar to this
acl LAN {
192.168.2.0/24; // allow LAN Traffic range
};
options {
directory "/var/cache/bind";
allow-query { localhost; LAN; };
forwarders {
1.1.1.1; // fwd unresolved queries to Cloudfare
1.0.0.1;
};
recursion yes;
};
Once you’ve made the changes, save the file (Ctrl + O > ENTER) and exit the editor (Ctrl + X).
c) Check the syntax with named-checkconf
named-checkconf /etc/bind/named.conf.options
If it executes successfully without any errors/outputs, the syntax is correct.
2. Configure named.conf.local
a) Open the file using Nano Editor
sudo nano /etc/bind/named.conf.local
the opened file looks like this:
b) Edit the content of the file
(replace <YOUR_REVERSE_IP_NAME> with your reverse zone IP name)
zone "nodeshift.local" IN { //define forward zone
type master;
file "/etc/bind/zones/forward.nodeshift";
};
zone "<YOUR_REVERSE_IP_NAME>.in-addr.arpa" IN { // define reverse zone
type master;
file "/etc/bind/zones/reverse.nodeshift.rev";
};
c) Check the syntax
named-checkconf /etc/bind/named.conf.local
If it executes successfully without any errors/outputs, the syntax is correct.
Step 10: Configure the Zone files
Now, let’s configure the zone files we defined in the previous step.
First, create a directory for zone files to save our files.
mkdir /etc/bind/zones
1. Create forward zone file
First, we’ll create a forward zone file /etc/bind/zones/forward.nodeshift , which will be responsible for helping the BIND DNS server to resolve names (e.g., bindserver.nodeshift.local) to IP addresses (e.g., 192.168.2.2).
a) Copy the default db.local zone file to /etc/bind/zones/forward.nodeshift
cp /etc/bind/db.local /etc/bind/zones/forward.nodeshift
b) Open forward.nodeshift file in Nano editor
sudo nano /etc/bind/zones/forward.nodeshift
c) Make the necessary edits
$TTL 604800
; SOA record for forward.nodeshift zone
@ IN SOA nodeshift.local. root.nodeshift.local. (
1 ; Serial (increment after each change)
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
; NS record pointing to the authoritative nameserver
@ IN NS bindserver.nodeshift.local.
; A record for name server
bindserver IN A 192.168.2.2
; A record for clients
client1 IN A 192.168.2.3
client2 IN A 192.168.2.4
the edited file looks something like this:
d) Check the configuration with named-checkzone
named-checkzone nodeshift.local /etc/bind/zones/forward.nodeshift
Output:
2. Configure the reverse zone file
Next, we’ll create and configure the reverse zone file /etc/bind/zones/reverse.nodeshift.rev . It is responsible for helping the DNS server to resolve IP addresses -> Names (for e.g., 192.168.2.2 -> bindserver.nodeshift.local)
a) Copy the default db.local file to /etc/bind/zones/reverse.nodeshift.rev
cp /etc/bind/db.local /etc/bind/zones/reverse.nodeshift.rev
b) Edit the content of the file, according to the below instructions
(replace <YOUR_SERVER_IP> with your server’s IP address)
$TTL 604800
; SOA record for reverse.nodeshift zone
@ IN SOA nodeshift.local. root.nodeshift.local. (
1 ; Serial (increment after each change)
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
; NS record for reverse zone
@ IN NS bindserver.nodeshift.local.
; A record for name server
bindserver IN A <YOUR_SERVER_IP>
; PTR record for name server
2 IN PTR bindserver.nodeshift.local
; PTR record for clients
3 IN PTR client1.nodeshift.local
4 IN PTR client2.nodeshift.local
the file should look similar to this:
c) Check configuration with named-checkzone
named-checkzone nodeshift.local /etc/bind/zones/reverse.nodeshit.rev
Output:
3. Restart BIND 9 server
Once you’re done with the above zone files configurations, restart the server for changes to take effect.
systemctl restart bind9
Step 11: Configure Clients for using BIND DNS
Now, when our private BIND DNS is configured, let’s configure clients to use the server.
- Check the interface
(replace <YOUR_SERVER_IP> with your server’s IP address)
ip -brief addr show to <YOUR_SERVER_IP>/24
Output:
As shown, enp0s5 is the interface in our case.
2. Configure Netplan
Next, configure netplan YAML file to include settings concerning the DNS server.
a) Move inside /etc/netplan and type ls to see the file name
Output:
b) Open the file (shown in the above output)
Come back to the root directory and open the YAML file using Nano
sudo nano /etc/netplan/50-cloud-init.yaml
c) Make the necessary edits as per the below template
network:
version: 2
ethernets:
enp0s5:
addresses:
- 192.168.2.3/24 # IP of client1
- 192.168.2.4/24 # IP of client2
match:
macaddress: ca:06:71:90:38:f9
mtu: 1500
nameservers:
addresses:
- 192.168.2.2 # Private DNS server IP
search: [ nodeshift.local ] # Domain name of your private DNS
set-name: enp0s5
this is how the edited file looks:
3. Test the configuration
Once the configuration is done, test it with the command below:
netplan try
It will ask you to accept the changes, press ENTER, and it’s done!
Step 12: Test the DNS Server
Since our configuration is done, it is recommended to test the server with the following example commands to verify if it is looking up correctly:
nslookup client1nslookup client2nslookup bindservernslookup client1.nodeshift.localnslookup client2.nodeshift.localnslookup bindserver.nodeshift.local
Below is the output we got after using some of the above commands:
nslookup client1
Output:
nslookup client2
Output:
nslookup bindserver
Output:
Conclusion
Setting up a private BIND DNS server is essential in managing domain name resolution for your internal network. In this tutorial, we’ve walked you through configuring BIND 9, forward and reverse zones, ensuring your private DNS is set up properly. By deploying this setup on NodeShift’s cloud platform, we took advantage of a high-performance virtual machine, which simplified our deployment process and also provided a reliable foundation for deploying critical services like DNS servers.
