How to Install Bind DNS on Debian 11 Server (Setup / Configure)

How to Install Bind DNS on Debian 11 Server (Setup / Configure). DNS (Domain Name Server) is one of the most integral components of the internet. There are very many different DNS server software today and in this blog we will talk about Bind dns. 

 

BIND stands for Berkeley Internet Name Domain, a leading DNS server developed in the 1980s. The system is free to download and used by multiple companies to run a caching DNS server and other authoritative servers.

It also supports various features, including IPv6, load balancing, split DNS, DNSSEC, Incremental zone transfer (IXFR), Transaction Signatures (TSIG), DNS Notify, Transaction Key (TKEY), etc.

Douglas Terry, Mark Painter, David Riggle, and Songnian Zhou (graduate students at the University of California’s Berkeley campus) had written the code for the server as part of the DARPA project. Later, in the mid 1980s, Paul Vixie of Digital Equipment Corporation took over the development task. BIND is a 100% standards compliant, open source software package.

What is Bind9 DNS

BIND 9 is one of the fully featured, transparent, open source DNS systems licensed under the MPL 2.0 license. It is used by many applications for publishing DNS root zone, hosting providers responsible for publishing small or large zone files and organizations for different zones.

It is a combination of tools and servers with various components, such as 

  • Name Server (maintains DNS zone files and responds to DNS requests),
  • Lightweight Resolver (run on DNS clients and local host using UDP based Lightweight Resolver Protocol),
  • Name Server Tools (help manage a DNS system).

Currently, Version 9 is the latest version of the popular open source system . Bind DNS is a popular software for translating domain names into IP addresses and usually found  with Linux servers.

BIND implements the DNS protocols. The DNS protocols are part of the core Internet standards. It is a process in which one computer can find another computer on the basis of its name. The BIND software distribution contains all of the software necessary for asking and answering name service questions.

Today, many network administrators and system administrators use Bind9 DNS, the popular DNS system software to resolve DNS queries, publish DNS information on the internet, translate domain names to IP addresses, perform reverse translations, etc.

It is customizable and provides administrators with granular control over a DNS server. Before discussing its benefits, let us tell you that BIND 9 is one of the most commonly used servers, compatible with almost all Linux distributions, and can run on Windows hosts.

Benefits of Bind9 DNS

Here are a few benefits of Bind9 DNS server software that make it one of the most popular DNS servers:

Supports a Strong Community – BIND is a flexible DNS server that has achieved a dominant position for DNS in Linux servers. It also manages a large open source community with active members available to resolve your queries.

Stable and Broad Usage – Many companies choose BIND over other servers to produce DNS servers, translate domain names to IP addresses, and vice versa. It has more additional functions that make it a widely used server known to offer stable and predictable operations.

Offers Good platform support – BIND versions are compatible with various platforms, including Linux, OpenBSD, macOS, Windows, NetBSD, and FreeBSD.

Comprehensive features – It is the only DNS server that comprises all basic DNS functionality and a large set of features, including load balancing, split DNS, Transaction Signatures, etc.

Authoritative DNS– it publishes DNS records under the server’s authoritative control.

Basic DNS load balancing – can be achieved using multiple A records for one name.

Follow this post to learn how to Install Bind DNS on Debian 11 Server (Setup / Configure).

Install Bind DNS Server on Debian 11

By default, Bind DNS package is available in the Debian 11 default repository. You can easily install it by just running the following command:

				
					apt-get install bind9 bind9utils bind9-dnsutils bind9-doc bind9-host -y
				
			

After the installation, verify the Bind 9 version using the following command:

				
					named -v
				
			

You will get the Bind 9 version in the following output:

				
					BIND 9.16.27-Debian (Extended Support Version) <id:96094c5>
				
			

How to Manage Bind Services

Bind 9 service is managed by systemd. You can start the Bind DNS service and enable it to start at system reboot using the following command:

				
					systemctl start named
systemctl enable named
				
			

You can check the status of the Bind using the following command:

				
					systemctl status named
				
			

You will get the following output:

				
					● named.service - BIND Domain Name Server
     Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2022-05-24 04:07:18 UTC; 26s ago
       Docs: man:named(8)
   Main PID: 24201 (named)
      Tasks: 4 (limit: 2341)
     Memory: 11.4M
        CPU: 57ms
     CGroup: /system.slice/named.service
             └─24201 /usr/sbin/named -f -u bind

May 24 04:07:18 debian11 named[24201]: network unreachable resolving './NS/IN': 2001:7fd::1#53
May 24 04:07:18 debian11 named[24201]: zone 127.in-addr.arpa/IN: loaded serial 1
May 24 04:07:18 debian11 named[24201]: network unreachable resolving './DNSKEY/IN': 2001:503:ba3e::2:30#53
May 24 04:07:18 debian11 named[24201]: network unreachable resolving './NS/IN': 2001:503:ba3e::2:30#53
May 24 04:07:18 debian11 named[24201]: zone localhost/IN: loaded serial 2
May 24 04:07:18 debian11 named[24201]: zone 255.in-addr.arpa/IN: loaded serial 1
May 24 04:07:18 debian11 named[24201]: all zones loaded
May 24 04:07:18 debian11 named[24201]: running

				
			

Configure Bind DNS Server

Bind DNS server stores all their configuration files inside the /etc/bind directory. You can list all of them with the following command:

				
					ls -l /etc/bind/
				
			

You will get the following output:

				
					-rw-r--r-- 1 root root 1991 Mar 14 14:25 bind.keys
-rw-r--r-- 1 root root  237 Mar 14 14:25 db.0
-rw-r--r-- 1 root root  271 Mar 14 14:25 db.127
-rw-r--r-- 1 root root  237 Mar 14 14:25 db.255
-rw-r--r-- 1 root root  353 Mar 14 14:25 db.empty
-rw-r--r-- 1 root root  270 Mar 14 14:25 db.local
-rw-r--r-- 1 root bind  463 Mar 14 14:25 named.conf
-rw-r--r-- 1 root bind  498 Mar 14 14:25 named.conf.default-zones
-rw-r--r-- 1 root bind  165 Mar 14 14:25 named.conf.local
-rw-r--r-- 1 root bind  846 Mar 14 14:25 named.conf.options
-rw-r----- 1 bind bind  100 May 24 04:07 rndc.key
-rw-r--r-- 1 root root 1317 Mar 14 14:25 zones.rfc1918

				
			

Next, edit /etc/bind/named.conf.options file and add forwarders. DNS query will be forwarded to the forwarders when your local DNS server is unable to resolve the query.

				
					nano /etc/bind/named.conf.options

				
			

Uncomment and change the following lines:

				
					         forwarders {
                8.8.8.8;
         };
				
			

Save and close the file when you are finished. Next, edit the /etc/bind/named.conf.local file to define the forward and reverse lookup zone for your domain.

				
					nano /etc/bind/named.conf.local
				
			

Add the following lines:

				
					zone "exampledomain.com" {
 type master;
 file "https://net.cloudinfrastructureservices.co.uk/etc/bind/forward.exampledomain.com";
};
zone "0.168.192.in-addr.arpa" {
 type master;
 file "https://net.cloudinfrastructureservices.co.uk/etc/bind/reverse.exampledomain.com";
};
				
			

Save and close the file, when you are finished. Then, verify the configuration file for any error using the following command:

				
					named-checkconf
				
			

You should not get any output if everything is fine.

A brief explanation of configuration file is shown below:

  • exampledomain.com is your forward zone.
  • 0.168.192.in-addr.arpa is your reverse zone.
  • forward.exampledomain.com is the name of the forward lookup zone file.
  • reverse.exampledomain.com is the name of the reverse lookup zone file.

Create Zone Configuration File

Next, you will need to create a forward and reverse lookup zone configuration file for your domain. A forward lookup zone is a DNS zone that converts a name to an IP address. When a computer asks for the IP address of a specific hostname, the forward lookup zone is checked and the desired result is returned. A reverse lookup zone is the opposite of a forward lookup zone that converts an IP address to the fully qualified domain name.

First, navigate to the /etc/bind directory with the following command:

				
					cd /etc/bind/
				
			

Next, copy a sample forward and reverse lookup zone file with the following command:

				
					cp db.127 reverse.exampledomain.com
cp db.local forward.exampledomain.com
				
			

Next, edit the forward lookup zone file:

				
					nano /etc/bind/forward.exampledomain.com
				
			

Make the following changes:

				
					$TTL    604800
@       IN      SOA     nameserver.exampledomain.com. root.nameserver.exampledomain.com. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
@       IN      NS      nameserver.exampledomain.com.
nameserver    IN      A       192.168.0.100
www     IN      A       192.168.0.100
@       IN      AAAA    ::1
				
			

Save and close the file. Then, edit the reverse lookup zone file:

				
					nano /etc/bind/reverse.exampledomain.com
				
			

Make the following changes:

				
					$TTL    604800
@       IN      SOA     nameserver.exampledomain.com. root.nameserver.exampledomain.com. (
                              1
                         604800
                          86400
                        2419200
                         604800 )
@       IN      NS      nameserver.exampledomain.com.
nameserver    IN      A       192.168.0.100
100       IN      PTR     nameserver.exampledomain.com.

				
			

Save and close the file. Then, edit /etc/resolv.conf file and define your DNS server:

				
					nano /etc/resolv.conf
				
			

Add your DNS server domain and IP as shown below:

				
					search exampledomain.com
nameserver 192.168.0.100
				
			

Save and close the file. Then, restart the Bind DNS service to apply the changes:

				
					systemctl restart named
				
			

Next, run the named-checkzone command-line tool to check the forward and reverse lookup zone file for any syntax error:

				
					named-checkzone forward.exampledomain forward.exampledomain.com 
				
			

If everything is fine. You should see the following output:

				
					zone forward.exampledomain/IN: loaded serial 2
OK
				
			

To check the reverse lookup zone file, run the following command:

				
					named-checkzone reverse.exampledomain reverse.exampledomain.com
				
			

If everything is fine. You should see the following output:

				
					zone reverse.exampledomain/IN: loaded serial 1
OK
				
			

Test Bind DNS Server Functionality

At this point, Bind DNS serevr is installed and configured. Now, you will need to test it whether it function properly or not. You can use the dig tool to test the DNS server.

Run the dig command against your DNS nameserver as shown below:

				
					dig nameserver.exampledomain.com
				
			

You should see the following output:

				
					; <<>> DiG 9.16.27-Debian <<>> nameserver.exampledomain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63637
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 40d93d44b7ca565601000000628c5ad56dcac6f0b1514a42 (good)
;; QUESTION SECTION:
;nameserver.exampledomain.com.	IN	A

;; ANSWER SECTION:
nameserver.exampledomain.com. 604800 IN	A	192.168.0.100

;; Query time: 0 msec
;; SERVER: 192.168.0.100#53(192.168.0.100)
;; WHEN: Tue May 24 04:11:01 UTC 2022
;; MSG SIZE  rcvd: 101

				
			

Now, run the dig command against the DNS server’s IP to perform the reverse lookup query as shown below:

				
					dig -x 192.168.0.100
				
			

You will get the following output:

				
					
; <<>> DiG 9.16.27-Debian <<>> -x 192.168.0.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30781
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 4a5142404834525201000000628c5ae3121db292d16d361a (good)
;; QUESTION SECTION:
;100.0.168.192.in-addr.arpa.	IN	PTR

;; ANSWER SECTION:
100.0.168.192.in-addr.arpa. 604800 IN	PTR	nameserver.exampledomain.com.

;; Query time: 0 msec
;; SERVER: 192.168.0.100#53(192.168.0.100)
;; WHEN: Tue May 24 04:11:15 UTC 2022
;; MSG SIZE  rcvd: 125
				
			

You can also use nslookup command against the DNS server to confirm DNS server name resolution.

				
					nslookup nameserver.exampledomain.com
				
			

You should see name to IP resolution in the following output:

				
					Server:		192.168.0.100
Address:	192.168.0.100#53

Name:	nameserver.exampledomain.com
Address: 192.168.0.100

				
			

Now, run the nslookup command against DNS server IP address to confirm the reverse lookup:

				
					nslookup 192.168.0.100
				
			

You should see the IP address to name resolution in the following output:

				
					100.0.168.192.in-addr.arpa	name = nameserver.exampledomain.com.
				
			

Great effort. We have learned How to Install Bind DNS on Debian 11 Server (Setup / Configure).

How to Install Bind DNS on Debian 11 Server (Setup / Configure) Conclusion

 BIND allows for finer configuration and has full DNS Security Extensions support.

In this post, we learned how to install and configure the Bind DNS server on Debian 11. We also create a forward and reverse lookup zone file and test the DNS functionality using the dig command. You can now setup the local DNS server in your environment to resolve local DNS queries.

Avatar for Hitesh Jethva
Hitesh Jethva

I am a fan of open source technology and have more than 10 years of experience working with Linux and Open Source technologies. I am one of the Linux technical writers for Cloud Infrastructure Services.

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x