home
Home
 info
About
 video_library
Topics
search

How to setup a DNS server using a Debian based distro like Ubuntu

Table of contents

Network Configuration

  • Router IP Address: 192.168.1.1
  • Server IP Address: 192.168.1.10
  • Hostname: nixway.loc

Installation

To set up a DNS server on Debian, follow these steps: Install Required Packages

sudo apt-get install bind9 dnsutils

Configuring the options

Edit the named.conf.options file:

sudo vim /etc/bind/named.conf.options

Update the file to the following form:


acl mynetwork {192.168.1.0/24; 127.0.0.1; };
options {
  directory "/var/cache/bind";
  auth-nxdomain no;
  forwarders {192.168.1.1; 8.8.8.8; };
  listen-on-v6 { none; };
  allow-query { mynetwork; };
};

Explanation

  • acl mynetwork: Creates an Access Control List (ACL) to limit the range of addresses that can request zone information from our server. In this example, the allowed subnet is 192.168.1.0/24 and the local host.
  • allow-query { mynetwork; }: Specifies a list of entities with the right to request information. You can restrict using ACL or set allow-query { any; }; to allow queries from any source.
  • forwarders {192.168.1.1; 8.8.8.8; }: Specifies your DNS providers, or any others from whom you can obtain information on unknown domains for your server.
  • listen-on-v6 { none; }: Allows working with IPv6.

Save the changes and exit the editor.

This configuration sets up a basic DNS server on Debian, restricting access, specifying DNS providers for forwarding, and enabling IPv6 support.

The Configuration of Zones

This file, named.conf.local, serves as the local DNS server configuration and plays a crucial role in defining the zones associated with the domains managed by this server. It is responsible for specifying the forward lookup zone and reverse lookup zone for the server's domains.

Edit the named.conf.local File

To make changes to the zone configuration, open the named.conf.local file using a text editor. In this example, we use Vim:

sudo vim /etc/bind/named.conf.local

Within the named.conf.local file, you'll define the zones for which this DNS server is authoritative. Below is an example of how to configure zones for the domain "nixway.loc" and its associated reverse lookup zone "1.168.192.in-addr.arpa":

zone "nixway.loc" {
    type master;
    file "/etc/bind/zones/nixway/flz.nixway.zone";
};

zone "1.168.192.in-addr.arpa" {
    type master;
    file "/etc/bind/zones/nixway/rlz.nixway.zone";
};

Explanation of Zone Configuration

  • zone "nixway.loc": This block defines the forward lookup zone for the domain "nixway.loc". The type master; directive indicates that this DNS server is the authoritative master server for this zone. The associated zone file, containing the forward lookup zone data, is specified with file "/etc/bind/zones/nixway/flz.nixway.zone";.

  • zone "1.168.192.in-addr.arpa": This block defines the reverse lookup zone for the IP addresses in the domain "nixway.loc". Like the forward lookup zone, it is set as a master server with type master;. The associated zone file for reverse lookup, containing the mapping of IP addresses to domain names, is specified with file "/etc/bind/zones/nixway/rlz.nixway.zone";.

These configurations are crucial for the DNS server to correctly resolve domain names to IP addresses (forward lookup) and IP addresses to domain names (reverse lookup). Ensure that the specified zone files contain accurate and up-to-date information for proper DNS functionality.

Forward Lookup Zone

To configure the forward lookup zone for the "nixway.loc" domain, you need to edit the zone file. Open the file using a text editor. In this example, we use Vim:

sudo vim /etc/bind/zones/nixway/flz.nixway.zone

Forward lookup zones

Below is an example of a forward lookup zone file for the "nixway.loc" domain:

;
; Forward Lookup Zone
;
$TTL 30
$ORIGIN nixway.loc.
 
@               IN      SOA     ns1.nixway.loc. admin.nixway.loc. (
        2015050101      ; Serial
                1d      ; Refresh
                1h      ; Retry
                1w      ; Expire
                2h      ; Negative Cache TTL
)

@               IN      NS      ns1.nixway.loc.
@               IN      NS      ns.provider.org.
@               IN      A       192.168.1.10

ns1             IN      A       192.168.1.10
nixway.loc      IN      A       192.168.1.10

www             IN      CNAME   nixway.loc.

Explanation of Forward Lookup Zone Configuration:

  • $TTL 30: Time-to-Live value for the zone, in seconds. It signifies the duration for which a DNS resolver should cache the information.
  • $ORIGIN nixway.loc.: Specifies the base domain for relative domain names within the zone.
  • @ IN SOA ns1.nixway.loc. admin.nixway.loc. (...): Start of Authority (SOA) record. It includes information about the domain, such as the primary DNS server (ns1.nixway.loc.), the email of the domain administrator (admin.nixway.loc.), and various timing parameters.
  • @ IN NS ns1.nixway.loc.: Indicates that the primary DNS server for this domain is ns1.nixway.loc.
  • @ IN NS ns.provider.org.: Specifies another authoritative DNS server for redundancy.
  • @ IN A 192.168.1.10: Maps the domain's root (@) to the IP address 192.168.1.10.
  • ns1 IN A 192.168.1.10: Maps the hostname "ns1" to the IP address 192.168.1.10.
  • nixway.loc IN A 192.168.1.10: Maps the domain "nixway.loc" to the IP address 192.168.1.10.
  • www IN CNAME nixway.loc.: Creates an alias (CNAME) for the "www" subdomain, directing it to "nixway.loc."

Ensure that there is a blank line at the end of the zone file, as indicated. This is crucial for proper parsing of the file.

This forward lookup zone configuration provides the necessary information for DNS resolution, associating domain names with their corresponding IP addresses and aliases.

Reverse Lookup Zone

To perform the conversion of IP addresses to domain names, the reverse lookup zone must be configured. Create and edit the reverse lookup zone file using a text editor. In this example, we use Vim:

sudo vim /etc/bind/zones/nixway/rlz.nixway.zone

Reverse Lookup Zone File Configuration

Below is an example of a reverse lookup zone file for the "nixway.loc" domain:

;
; Reverse Lookup Zone for nixway.loc
;
$TTL 30
@               IN      SOA     ns1.nixway.loc. root.nixway.loc. (
         201505013      ; Serial
                1d      ; Refresh
                1h      ; Retry
                1w      ; Expire
                2h      ; Negative Cache TTL
)
 
@               IN      NS      nixway.loc.

10              IN      PTR     ns1.nixway.loc.

Explanation of Reverse Lookup Zone Configuration

  • $TTL 30: Time-to-Live value for the zone, in seconds. Similar to the forward lookup zone, it signifies the duration for which a DNS resolver should cache the information.
  • @ IN SOA ns1.nixway.loc. root.nixway.loc. (...): Start of Authority (SOA) record. It includes information about the domain, such as the primary DNS server (ns1.nixway.loc.), the email of the domain administrator (root.nixway.loc.), and various timing parameters.
  • @ IN NS nixway.loc.: Indicates the authoritative DNS server for this reverse lookup zone.
  • 10 IN PTR ns1.nixway.loc.: Maps the IP address ending in ".10" to the domain name "ns1.nixway.loc." This is a Pointer (PTR) record, which is the key record type in reverse lookup zones.

Adding Additional Reverse Lookup Records

You can add more reverse lookup records for specific IP addresses. For example, to map the IP address 192.168.1.1 to the domain name "router," you can add the following line:

router          IN      A       192.168.1.1

This line states that the IP address 192.168.1.1 corresponds to the domain name "router" in the reverse lookup zone.

Ensure that there is a blank line at the end of the zone file.

This reverse lookup zone configuration facilitates the translation of IP addresses to domain names, providing crucial information for DNS resolution in the opposite direction.

Check Zone Files for Errors

Verify the zone files for errors using the command:

named-checkconf -z

If there are no errors, update the information about the zones:

rndc reload

Edit resolv.conf

Edit the resolv.conf file using a text editor:

sudo vim /etc/resolv.conf

Present it in the following form:

domain nixway.loc
search nixway.loc
nameserver 192.168.1.10
nameserver 192.168.1.1

DNS Test

Perform a DNS test with the following commands:


nslookup nixway.loc
nslookup 192.168.1.10

The expected result should be:

Server:   nixway.loc
Address: 192.168.1.10

The Finishing Touches

If your DHCP server is responsible for assigning IP addresses, ensure it provides the router's IP (192.168.1.10) as the default DNS server. Confirm correctness using the following commands:

For Windows:

tracert nixway.loc

For Unix based Operating Systems:

traceroute nixway.loc

If the route goes directly to the address 192.168.1.10, everything is working correctly. If not, try clearing the DNS cache and rebuilding:

For Windows:

ipconfig /flushdns

Don't forget to forward necessary ports on the router if needed.

Related Content
Svelte Kit placeholder

Hosting a SvelteKit app with ASP.NET Core

How to modify and implement a better SSH login message

How to do port forwarding with SSH

Author
I’m a passionate full-stack software engineer, architect and Debian lover.