How to setup a DNS server using a Debian based distro like Ubuntu
Table of contents
- Network Configuration
- Installation
- Configuring the options
- The Configuration of Zones
- Forward Lookup Zone
- Forward lookup zones
- Reverse Lookup Zone
- Adding Additional Reverse Lookup Records
- Check Zone Files for Errors
- DNS Test
- The Finishing Touches
Network Configuration
- Router IP Address: 192.168.1.1
- Server IP Address: 192.168.1.10
- Hostname: nixway.loc
Installation
To set up a DNS server on Debian, follow these steps: Install Required Packages
sudo apt-get install bind9 dnsutils
Configuring the options
Edit the named.conf.options file:
sudo vim /etc/bind/named.conf.options
Update the file to the following form:
acl mynetwork {192.168.1.0/24; 127.0.0.1; };
options {
directory "/var/cache/bind";
auth-nxdomain no;
forwarders {192.168.1.1; 8.8.8.8; };
listen-on-v6 { none; };
allow-query { mynetwork; };
};
Explanation
- acl mynetwork: Creates an Access Control List (ACL) to limit the range of addresses that can request zone information from our server. In this example, the allowed subnet is 192.168.1.0/24 and the local host.
- allow-query { mynetwork; }: Specifies a list of entities with the right to request information. You can restrict using ACL or set allow-query { any; }; to allow queries from any source.
- forwarders {192.168.1.1; 8.8.8.8; }: Specifies your DNS providers, or any others from whom you can obtain information on unknown domains for your server.
- listen-on-v6 { none; }: Allows working with IPv6.
Save the changes and exit the editor.
This configuration sets up a basic DNS server on Debian, restricting access, specifying DNS providers for forwarding, and enabling IPv6 support.
The Configuration of Zones
This file, named.conf.local, serves as the local DNS server configuration and plays a crucial role in defining the zones associated with the domains managed by this server. It is responsible for specifying the forward lookup zone and reverse lookup zone for the server's domains.
Edit the named.conf.local File
To make changes to the zone configuration, open the named.conf.local file using a text editor. In this example, we use Vim:
sudo vim /etc/bind/named.conf.local
Within the named.conf.local file, you'll define the zones for which this DNS server is authoritative. Below is an example of how to configure zones for the domain "nixway.loc" and its associated reverse lookup zone "1.168.192.in-addr.arpa":
zone "nixway.loc" {
type master;
file "/etc/bind/zones/nixway/flz.nixway.zone";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/nixway/rlz.nixway.zone";
};
Explanation of Zone Configuration
zone "nixway.loc": This block defines the forward lookup zone for the domain "nixway.loc". The type master; directive indicates that this DNS server is the authoritative master server for this zone. The associated zone file, containing the forward lookup zone data, is specified with file "/etc/bind/zones/nixway/flz.nixway.zone";.
zone "1.168.192.in-addr.arpa": This block defines the reverse lookup zone for the IP addresses in the domain "nixway.loc". Like the forward lookup zone, it is set as a master server with type master;. The associated zone file for reverse lookup, containing the mapping of IP addresses to domain names, is specified with file "/etc/bind/zones/nixway/rlz.nixway.zone";.
These configurations are crucial for the DNS server to correctly resolve domain names to IP addresses (forward lookup) and IP addresses to domain names (reverse lookup). Ensure that the specified zone files contain accurate and up-to-date information for proper DNS functionality.
Forward Lookup Zone
To configure the forward lookup zone for the "nixway.loc" domain, you need to edit the zone file. Open the file using a text editor. In this example, we use Vim:
sudo vim /etc/bind/zones/nixway/flz.nixway.zone
Forward lookup zones
Below is an example of a forward lookup zone file for the "nixway.loc" domain:
;
; Forward Lookup Zone
;
$TTL 30
$ORIGIN nixway.loc.
@ IN SOA ns1.nixway.loc. admin.nixway.loc. (
2015050101 ; Serial
1d ; Refresh
1h ; Retry
1w ; Expire
2h ; Negative Cache TTL
)
@ IN NS ns1.nixway.loc.
@ IN NS ns.provider.org.
@ IN A 192.168.1.10
ns1 IN A 192.168.1.10
nixway.loc IN A 192.168.1.10
www IN CNAME nixway.loc.
Explanation of Forward Lookup Zone Configuration:
- $TTL 30: Time-to-Live value for the zone, in seconds. It signifies the duration for which a DNS resolver should cache the information.
- $ORIGIN nixway.loc.: Specifies the base domain for relative domain names within the zone.
- @ IN SOA ns1.nixway.loc. admin.nixway.loc. (...): Start of Authority (SOA) record. It includes information about the domain, such as the primary DNS server (ns1.nixway.loc.), the email of the domain administrator (admin.nixway.loc.), and various timing parameters.
- @ IN NS ns1.nixway.loc.: Indicates that the primary DNS server for this domain is ns1.nixway.loc.
- @ IN NS ns.provider.org.: Specifies another authoritative DNS server for redundancy.
- @ IN A 192.168.1.10: Maps the domain's root (@) to the IP address 192.168.1.10.
- ns1 IN A 192.168.1.10: Maps the hostname "ns1" to the IP address 192.168.1.10.
- nixway.loc IN A 192.168.1.10: Maps the domain "nixway.loc" to the IP address 192.168.1.10.
- www IN CNAME nixway.loc.: Creates an alias (CNAME) for the "www" subdomain, directing it to "nixway.loc."
Ensure that there is a blank line at the end of the zone file, as indicated. This is crucial for proper parsing of the file.
This forward lookup zone configuration provides the necessary information for DNS resolution, associating domain names with their corresponding IP addresses and aliases.
Reverse Lookup Zone
To perform the conversion of IP addresses to domain names, the reverse lookup zone must be configured. Create and edit the reverse lookup zone file using a text editor. In this example, we use Vim:
sudo vim /etc/bind/zones/nixway/rlz.nixway.zone
Reverse Lookup Zone File Configuration
Below is an example of a reverse lookup zone file for the "nixway.loc" domain:
;
; Reverse Lookup Zone for nixway.loc
;
$TTL 30
@ IN SOA ns1.nixway.loc. root.nixway.loc. (
201505013 ; Serial
1d ; Refresh
1h ; Retry
1w ; Expire
2h ; Negative Cache TTL
)
@ IN NS nixway.loc.
10 IN PTR ns1.nixway.loc.
Explanation of Reverse Lookup Zone Configuration
- $TTL 30: Time-to-Live value for the zone, in seconds. Similar to the forward lookup zone, it signifies the duration for which a DNS resolver should cache the information.
- @ IN SOA ns1.nixway.loc. root.nixway.loc. (...): Start of Authority (SOA) record. It includes information about the domain, such as the primary DNS server (ns1.nixway.loc.), the email of the domain administrator (root.nixway.loc.), and various timing parameters.
- @ IN NS nixway.loc.: Indicates the authoritative DNS server for this reverse lookup zone.
- 10 IN PTR ns1.nixway.loc.: Maps the IP address ending in ".10" to the domain name "ns1.nixway.loc." This is a Pointer (PTR) record, which is the key record type in reverse lookup zones.
Adding Additional Reverse Lookup Records
You can add more reverse lookup records for specific IP addresses. For example, to map the IP address 192.168.1.1 to the domain name "router," you can add the following line:
router IN A 192.168.1.1
This line states that the IP address 192.168.1.1 corresponds to the domain name "router" in the reverse lookup zone.
Ensure that there is a blank line at the end of the zone file.
This reverse lookup zone configuration facilitates the translation of IP addresses to domain names, providing crucial information for DNS resolution in the opposite direction.
Check Zone Files for Errors
Verify the zone files for errors using the command:
named-checkconf -z
If there are no errors, update the information about the zones:
rndc reload
Edit resolv.conf
Edit the resolv.conf file using a text editor:
sudo vim /etc/resolv.conf
Present it in the following form:
domain nixway.loc
search nixway.loc
nameserver 192.168.1.10
nameserver 192.168.1.1
DNS Test
Perform a DNS test with the following commands:
nslookup nixway.loc
nslookup 192.168.1.10
The expected result should be:
Server: nixway.loc
Address: 192.168.1.10
The Finishing Touches
If your DHCP server is responsible for assigning IP addresses, ensure it provides the router's IP (192.168.1.10) as the default DNS server. Confirm correctness using the following commands:
For Windows:
tracert nixway.loc
For Unix based Operating Systems:
traceroute nixway.loc
If the route goes directly to the address 192.168.1.10, everything is working correctly. If not, try clearing the DNS cache and rebuilding:
For Windows:
ipconfig /flushdns
Don't forget to forward necessary ports on the router if needed.