How to Install Bind DNS on Debian 11 Server (Setup / Configure). DNS (Domain Name Server) is one of the most integral components of the internet. There are very many different DNS server software today and in this blog we will talk about Bind dns.
BIND stands for Berkeley Internet Name Domain, a leading DNS server developed in the 1980s. The system is free to download and used by multiple companies to run a caching DNS server and other authoritative servers.
It also supports various features, including IPv6, load balancing, split DNS, DNSSEC, Incremental zone transfer (IXFR), Transaction Signatures (TSIG), DNS Notify, Transaction Key (TKEY), etc.
Douglas Terry, Mark Painter, David Riggle, and Songnian Zhou (graduate students at the University of California’s Berkeley campus) had written the code for the server as part of the DARPA project. Later, in the mid 1980s, Paul Vixie of Digital Equipment Corporation took over the development task. BIND is a 100% standards compliant, open source software package.
What is Bind9 DNS
BIND 9 is one of the fully featured, transparent, open source DNS systems licensed under the MPL 2.0 license. It is used by many applications for publishing DNS root zone, hosting providers responsible for publishing small or large zone files and organizations for different zones.
It is a combination of tools and servers with various components, such as
- Name Server (maintains DNS zone files and responds to DNS requests),
- Lightweight Resolver (run on DNS clients and local host using UDP based Lightweight Resolver Protocol),
- Name Server Tools (help manage a DNS system).
Currently, Version 9 is the latest version of the popular open source system . Bind DNS is a popular software for translating domain names into IP addresses and usually found with Linux servers.
BIND implements the DNS protocols. The DNS protocols are part of the core Internet standards. It is a process in which one computer can find another computer on the basis of its name. The BIND software distribution contains all of the software necessary for asking and answering name service questions.
Today, many network administrators and system administrators use Bind9 DNS, the popular DNS system software to resolve DNS queries, publish DNS information on the internet, translate domain names to IP addresses, perform reverse translations, etc.
It is customizable and provides administrators with granular control over a DNS server. Before discussing its benefits, let us tell you that BIND 9 is one of the most commonly used servers, compatible with almost all Linux distributions, and can run on Windows hosts.
Benefits of Bind9 DNS
Here are a few benefits of Bind9 DNS server software that make it one of the most popular DNS servers:
Supports a Strong Community – BIND is a flexible DNS server that has achieved a dominant position for DNS in Linux servers. It also manages a large open source community with active members available to resolve your queries.
Stable and Broad Usage – Many companies choose BIND over other servers to produce DNS servers, translate domain names to IP addresses, and vice versa. It has more additional functions that make it a widely used server known to offer stable and predictable operations.
Offers Good platform support – BIND versions are compatible with various platforms, including Linux, OpenBSD, macOS, Windows, NetBSD, and FreeBSD.
Comprehensive features – It is the only DNS server that comprises all basic DNS functionality and a large set of features, including load balancing, split DNS, Transaction Signatures, etc.
Authoritative DNS– it publishes DNS records under the server’s authoritative control.
Basic DNS load balancing – can be achieved using multiple A records for one name.
Follow this post to learn how to Install Bind DNS on Debian 11 Server (Setup / Configure).
Install Bind DNS Server on Debian 11
By default, Bind DNS package is available in the Debian 11 default repository. You can easily install it by just running the following command:
apt-get install bind9 bind9utils bind9-dnsutils bind9-doc bind9-host -y
After the installation, verify the Bind 9 version using the following command:
named -v
You will get the Bind 9 version in the following output:
BIND 9.16.27-Debian (Extended Support Version) <id:96094c5>
How to Manage Bind Services
Bind 9 service is managed by systemd. You can start the Bind DNS service and enable it to start at system reboot using the following command:
systemctl start named
systemctl enable named
You can check the status of the Bind using the following command:
systemctl status named
You will get the following output:
● named.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2022-05-24 04:07:18 UTC; 26s ago
Docs: man:named(8)
Main PID: 24201 (named)
Tasks: 4 (limit: 2341)
Memory: 11.4M
CPU: 57ms
CGroup: /system.slice/named.service
└─24201 /usr/sbin/named -f -u bind
May 24 04:07:18 debian11 named[24201]: network unreachable resolving './NS/IN': 2001:7fd::1#53
May 24 04:07:18 debian11 named[24201]: zone 127.in-addr.arpa/IN: loaded serial 1
May 24 04:07:18 debian11 named[24201]: network unreachable resolving './DNSKEY/IN': 2001:503:ba3e::2:30#53
May 24 04:07:18 debian11 named[24201]: network unreachable resolving './NS/IN': 2001:503:ba3e::2:30#53
May 24 04:07:18 debian11 named[24201]: zone localhost/IN: loaded serial 2
May 24 04:07:18 debian11 named[24201]: zone 255.in-addr.arpa/IN: loaded serial 1
May 24 04:07:18 debian11 named[24201]: all zones loaded
May 24 04:07:18 debian11 named[24201]: running
Configure Bind DNS Server
Bind DNS server stores all their configuration files inside the /etc/bind directory. You can list all of them with the following command:
ls -l /etc/bind/
You will get the following output:
-rw-r--r-- 1 root root 1991 Mar 14 14:25 bind.keys
-rw-r--r-- 1 root root 237 Mar 14 14:25 db.0
-rw-r--r-- 1 root root 271 Mar 14 14:25 db.127
-rw-r--r-- 1 root root 237 Mar 14 14:25 db.255
-rw-r--r-- 1 root root 353 Mar 14 14:25 db.empty
-rw-r--r-- 1 root root 270 Mar 14 14:25 db.local
-rw-r--r-- 1 root bind 463 Mar 14 14:25 named.conf
-rw-r--r-- 1 root bind 498 Mar 14 14:25 named.conf.default-zones
-rw-r--r-- 1 root bind 165 Mar 14 14:25 named.conf.local
-rw-r--r-- 1 root bind 846 Mar 14 14:25 named.conf.options
-rw-r----- 1 bind bind 100 May 24 04:07 rndc.key
-rw-r--r-- 1 root root 1317 Mar 14 14:25 zones.rfc1918
Next, edit /etc/bind/named.conf.options file and add forwarders. DNS query will be forwarded to the forwarders when your local DNS server is unable to resolve the query.
nano /etc/bind/named.conf.options
Uncomment and change the following lines:
forwarders {
8.8.8.8;
};
Save and close the file when you are finished. Next, edit the /etc/bind/named.conf.local file to define the forward and reverse lookup zone for your domain.
nano /etc/bind/named.conf.local
Add the following lines:
zone "exampledomain.com" {
type master;
file "https://net.cloudinfrastructureservices.co.uk/etc/bind/forward.exampledomain.com";
};
zone "0.168.192.in-addr.arpa" {
type master;
file "https://net.cloudinfrastructureservices.co.uk/etc/bind/reverse.exampledomain.com";
};
Save and close the file, when you are finished. Then, verify the configuration file for any error using the following command:
named-checkconf
You should not get any output if everything is fine.
A brief explanation of configuration file is shown below:
- exampledomain.com is your forward zone.
- 0.168.192.in-addr.arpa is your reverse zone.
- forward.exampledomain.com is the name of the forward lookup zone file.
- reverse.exampledomain.com is the name of the reverse lookup zone file.
Create Zone Configuration File
Next, you will need to create a forward and reverse lookup zone configuration file for your domain. A forward lookup zone is a DNS zone that converts a name to an IP address. When a computer asks for the IP address of a specific hostname, the forward lookup zone is checked and the desired result is returned. A reverse lookup zone is the opposite of a forward lookup zone that converts an IP address to the fully qualified domain name.
First, navigate to the /etc/bind directory with the following command:
cd /etc/bind/
Next, copy a sample forward and reverse lookup zone file with the following command:
cp db.127 reverse.exampledomain.com
cp db.local forward.exampledomain.com
Next, edit the forward lookup zone file:
nano /etc/bind/forward.exampledomain.com
Make the following changes:
$TTL 604800
@ IN SOA nameserver.exampledomain.com. root.nameserver.exampledomain.com. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
@ IN NS nameserver.exampledomain.com.
nameserver IN A 192.168.0.100
www IN A 192.168.0.100
@ IN AAAA ::1
Save and close the file. Then, edit the reverse lookup zone file:
nano /etc/bind/reverse.exampledomain.com
Make the following changes:
$TTL 604800
@ IN SOA nameserver.exampledomain.com. root.nameserver.exampledomain.com. (
1
604800
86400
2419200
604800 )
@ IN NS nameserver.exampledomain.com.
nameserver IN A 192.168.0.100
100 IN PTR nameserver.exampledomain.com.
Save and close the file. Then, edit /etc/resolv.conf file and define your DNS server:
nano /etc/resolv.conf
Add your DNS server domain and IP as shown below:
search exampledomain.com
nameserver 192.168.0.100
Save and close the file. Then, restart the Bind DNS service to apply the changes:
systemctl restart named
Next, run the named-checkzone command-line tool to check the forward and reverse lookup zone file for any syntax error:
named-checkzone forward.exampledomain forward.exampledomain.com
If everything is fine. You should see the following output:
zone forward.exampledomain/IN: loaded serial 2
OK
To check the reverse lookup zone file, run the following command:
named-checkzone reverse.exampledomain reverse.exampledomain.com
If everything is fine. You should see the following output:
zone reverse.exampledomain/IN: loaded serial 1
OK
Test Bind DNS Server Functionality
At this point, Bind DNS serevr is installed and configured. Now, you will need to test it whether it function properly or not. You can use the dig tool to test the DNS server.
Run the dig command against your DNS nameserver as shown below:
dig nameserver.exampledomain.com
You should see the following output:
; <<>> DiG 9.16.27-Debian <<>> nameserver.exampledomain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63637
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 40d93d44b7ca565601000000628c5ad56dcac6f0b1514a42 (good)
;; QUESTION SECTION:
;nameserver.exampledomain.com. IN A
;; ANSWER SECTION:
nameserver.exampledomain.com. 604800 IN A 192.168.0.100
;; Query time: 0 msec
;; SERVER: 192.168.0.100#53(192.168.0.100)
;; WHEN: Tue May 24 04:11:01 UTC 2022
;; MSG SIZE rcvd: 101
Now, run the dig command against the DNS server’s IP to perform the reverse lookup query as shown below:
dig -x 192.168.0.100
You will get the following output:
; <<>> DiG 9.16.27-Debian <<>> -x 192.168.0.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30781
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 4a5142404834525201000000628c5ae3121db292d16d361a (good)
;; QUESTION SECTION:
;100.0.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
100.0.168.192.in-addr.arpa. 604800 IN PTR nameserver.exampledomain.com.
;; Query time: 0 msec
;; SERVER: 192.168.0.100#53(192.168.0.100)
;; WHEN: Tue May 24 04:11:15 UTC 2022
;; MSG SIZE rcvd: 125
You can also use nslookup command against the DNS server to confirm DNS server name resolution.
nslookup nameserver.exampledomain.com
You should see name to IP resolution in the following output:
Server: 192.168.0.100
Address: 192.168.0.100#53
Name: nameserver.exampledomain.com
Address: 192.168.0.100
Now, run the nslookup command against DNS server IP address to confirm the reverse lookup:
nslookup 192.168.0.100
You should see the IP address to name resolution in the following output:
100.0.168.192.in-addr.arpa name = nameserver.exampledomain.com.
Great effort. We have learned How to Install Bind DNS on Debian 11 Server (Setup / Configure).
How to Install Bind DNS on Debian 11 Server (Setup / Configure) Conclusion
BIND allows for finer configuration and has full DNS Security Extensions support.
In this post, we learned how to install and configure the Bind DNS server on Debian 11. We also create a forward and reverse lookup zone file and test the DNS functionality using the dig command. You can now setup the local DNS server in your environment to resolve local DNS queries.
