How to Install Bind DNS on Ubuntu 20.04 Server (Setup / Configure)

How to Install Bind DNS on Ubuntu 20.04 Server (Setup / Configure). BIND server is the most popular Domain Name System (DNS) server in use today. BIND is used to run a caching DNS server or an authoritative name server and some features are: load balancing, dynamic update, notify, split DNS, DNSSEC, IPv6. We will walk you through the topic what is DNS Server and how does it work and introduce Bind DNS server with its pros and move onto install phase on Ubuntu 20.04. Let’s start!

What is DNS

DNS stands for the Domain Name System. It is a system that converts domain names into IP addresses which are used by a web browser to load internet web pages or other resources on the internet. 

All devices that connect to the internet have their own unique IP address which helps other devices recognize it.

DNS servers make it easier for users to use ordinary names for the browser, say reddit.com, without referring to complex IP addresses for the website. Simply type the name of the website and DNS will get the IP address automatically.

What is a DNS Server

A DNS Server is a computer device with a large database comprising all the IP addresses linked to the website names that an IP address redirects users to. DNS is like your internet phone book where it will find the right IP address linked to the domain names you type in the address bar of a browser.

Once you type the domain name, the DNS server will find the right IP address, and the browsers will use the address to transmit data to CDN (content delivery network) edge data servers. With this, users can easily access the site’s data. The DNS server instigates the process by precisely finding the right IP address for a site’s URL. 

How Does DNS Work

In a DNS query, a user types the site’s URL and it further goes through 4 servers to get the right IP address. These four servers work collaboratively to achieve the correct IP address and provide it to the client. These are as follows:

1. DNS Recursor: The DNS recursor, also popularly known as a DNS resolver is the server that receives the initial DNS query from the DNS client. Further, it does the job of interacting with the rest of the three DNS servers to find the correct IP address. Once a DNS recursor retrieves the query, it now acts as a DNS client itself. It will receive queries and further send them to the rest of the three DNS servers.

2. Root Nameservers: The root nameserver, as name suggests, is consigned specifically to the internet’s DNS root zone. This server will answer the queries that come to it for records in the DNS root zone. As an answer, it will send back a list of the authoritative nameservers that match with the right TLD (top level domain) nameservers.

3. TLD nameservers: A TLD nameserver does the job of keeping the second level domain’s IP address confined inside the TLD name. Next, it releases the site’s IP address and sends the query further to the nameserver of the domain.

4. Authoritative nameservers: An authoritative nameserver will provide the correct answer to your DNS query. Authoritative nameservers are two types viz. A Master Server/Primary nameserver and a Slave Server/Secondary nameserver. Out of these, the master server contains the original copies of the records in root zone, and the slave server is the precise copy of the master server. It does the job of sharing the load of the DNS server and also acts as a backup in case the master server ever fails.

Follow this post to learn how to setup the Bind DNS server on Ubuntu 20.04.

What is BIND server

BIND is a free and open source software package, where you can build your own custom tools to address specific DNS use cases and operational requirements. BIND gives a very granular control over a DNS server. BIND pros are as follows:

BIND Server features

  • DNS server with Authority .
  • Cache Only DNS (provides DNS name resolution for applications or acts as a secondary DNS server for read only copy of the authoritative zone file.
  • DNS load balancing
  • DNS notify – allows primary DNS servers to notify secondary servers of changes to zone data.
  • Dynamic update.
  • Incremental zone transfer (IXFR).
  • Split DNS.
  • Transaction Signatures (TSIG) allows to authenticate DNS messages by cryptographically signing them with a shared secret (defined in RFC 2845).
  • Transaction Key (TKEY)
  • DNSSEC – the latest version of BIND supports cyptographic authentication of DNS information through DNSSEC extensions.
  • IPv6.

Install Bind DNS Server on Ubuntu 20.04

By default, Bind DNS package is available in the Ubuntu 20.04 default repository. You can easily install it by just running the following command:

				
					apt-get install bind9 bind9utils bind9-dnsutils bind9-doc bind9-host -y
				
			

After the installation, verify the Bind 9 version using the following command:

				
					named -v
				
			

You will get the Bind 9 version in the following output:

				
					BIND 9.16.1-Ubuntu (Stable Release) <id:d497c32>
				
			

How to Manage Bind Services

Bind 9 service is managed by systemd. You can start the Bind DNS service and enable it to start at system reboot using the following command:

				
					systemctl start named
systemctl enable named
				
			

You can check the status of the Bind using the following command:

				
					systemctl status named
				
			

You will get the following output:

				
					● named.service - BIND Domain Name Server
     Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2022-05-06 03:30:54 UTC; 27s ago
       Docs: man:named(8)
   Main PID: 1233 (named)
      Tasks: 5 (limit: 2348)
     Memory: 12.4M
     CGroup: /system.slice/named.service
             └─1233 /usr/sbin/named -f -u bind

May 06 03:30:54 ubuntu2004 named[1233]: network unreachable resolving './DNSKEY/IN': 2001:500:1::53#53
May 06 03:30:54 ubuntu2004 named[1233]: network unreachable resolving './NS/IN': 2001:500:1::53#53
May 06 03:30:54 ubuntu2004 named[1233]: network unreachable resolving './DNSKEY/IN': 2001:503:ba3e::2:30#53
May 06 03:30:54 ubuntu2004 named[1233]: network unreachable resolving './NS/IN': 2001:503:ba3e::2:30#53
May 06 03:30:54 ubuntu2004 named[1233]: network unreachable resolving './DNSKEY/IN': 2001:503:c27::2:30#53
May 06 03:30:54 ubuntu2004 named[1233]: network unreachable resolving './NS/IN': 2001:503:c27::2:30#53
May 06 03:30:55 ubuntu2004 named[1233]: network unreachable resolving './DNSKEY/IN': 2001:500:12::d0d#53
May 06 03:30:55 ubuntu2004 named[1233]: network unreachable resolving './DNSKEY/IN': 2001:7fe::53#53

				
			

Configure Bind DNS Server

Bind DNS server’s configuration files are located inside /etc/bind directory. First, you will need to edit /etc/bind/named.conf.options file and add forwarders. DNS query will be forwarded to the forwarders when your local DNS server is unable to resolve the query.

				
					nano /etc/bind/named.conf.options
				
			

Uncomment and change the following lines:

				
					         forwarders {
                8.8.8.8;
         };

				
			

Save and close the file when you are finished. Next, edit the /etc/bind/named.conf.local file to define the zone for your domain.

				
					nano /etc/bind/named.conf.local
				
			

Add the following lines:

				
					zone "mydomain.com" {
 type master;
 file "https://net.cloudinfrastructureservices.co.uk/etc/bind/forward.mydomain.com";
};
zone "0.16.172.in-addr.arpa" {
 type master;
 file "https://net.cloudinfrastructureservices.co.uk/etc/bind/reverse.mydomain.com";
};
				
			

Save and close the file, when you are finished. Then, verify the configuration file for any error using the following command:

				
					named-checkconf
				
			

You will not get any output if everything is fine.

A brief explanation of above file is shown below:

  • mydomain.com is your forward zone.
  • 0.16.172.in-addr.arpa is your reverse zone.
  • forward.mydomain.com is the name of the forward lookup zone file.
  • reverse.mydomain.com is the name of the reverse lookup zone file.

Configure Forward and Reverse Lookup Zone

Next, you will need to configure the forward and reverse lookup zone for your domain. A forward lookup zone is a DNS zone that converts a name to an IP address. When a computer asks for the IP address of a specific hostname, the forward lookup zone is checked and the desired result is returned. A reverse lookup zone is the opposite of a forward lookup zone that converts an IP address to the fully qualified domain name.

First, change the directory to the /etc/bind with the following command:

				
					cd /etc/bind/
				
			

Next, copy a sample forward and reverse lookup zone file with the following command:

				
					cp db.127 reverse.mydomain.com
cp db.local forward.mydomain.com
				
			

Edit the forward lookup zone file:

				
					nano /etc/bind/forward.mydomain.com
				
			

Make the following changes:

				
					$TTL    604800
@       IN      SOA     nameserver.mydomain.com. root.nameserver.mydomain.com. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
@       IN      NS      nameserver.mydomain.com.
nameserver    IN      A       172.16.0.10
www     IN      A       172.16.0.10
@       IN      AAAA    ::1

				
			

Where:

  • 172.16.0.10: IP address of DNS server.
  • NS: Name server record.
  • A: Address record.
  • SOA: Start of authority record.

Save and close the file. Then, edit the reverse lookup zone file:

				
					nano /etc/bind/reverse.mydomain.com
				
			

Make the following changes:

				
					$TTL    604800
@       IN      SOA     nameserver.mydomain.com. root.nameserver.mydomain.com. (
                              1
                         604800
                          86400
                        2419200
                         604800 )
@       IN      NS      nameserver.mydomain.com.
nameserver    IN      A       172.16.0.10
10       IN      PTR     nameserver.mydomain.com.
				
			

Save and close the file. Then, edit the /etc/resolv.conf file and define your DNS server:

				
					nano /etc/resolv.conf
				
			

Add the following lines:

				
					search mydomain.com
nameserver 172.16.0.10
				
			

Save and close the file. Then, restart the Bind DNS service to apply the changes:

				
					systemctl restart named
				
			

Next, check the forward and reverse lookup zone file for any syntax error with the following command:

				
					named-checkzone forward.mydomain forward.mydomain.com 
				
			

If everything is fine. You should see the following output:

				
					zone forward.mydomain/IN: loaded serial 2
OK
				
			

To check the reverse lookup zone file, run the following command:

				
					named-checkzone reverse.mydomain reverse.mydomain.com
				
			

If everything is fine. You should see the following output:

				
					zone reverse.mydomain/IN: loaded serial 1
OK
				
			

Verify Bind DNS Server

Bind DNS server is now installed and configured. It’s time to check whether it is working or not. In this section, we will use the dig command line tool to check DNS.

First, run the dig command against your DNS nameserver:

				
					dig nameserver.mydomain.com
				
			

You should see the following output:

				
					; <<>> DiG 9.16.1-Ubuntu <<>> nameserver.mydomain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29810
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: a5919d692166f92001000000627498b926c5a27d5f9c28a1 (good)
;; QUESTION SECTION:
;nameserver.mydomain.com.	IN	A

;; ANSWER SECTION:
nameserver.mydomain.com. 604800	IN	A	172.16.0.10

;; Query time: 0 msec
;; SERVER: 172.16.0.10#53(172.16.0.10)
;; WHEN: Fri May 06 03:40:41 UTC 2022
;; MSG SIZE  rcvd: 96

				
			

Now, run the dig command against the DNS server’s IP to perform the reverse lookup query as shown below:

				
					dig -x 172.16.0.10
				
			

You will get the following output:

				
					; <<>> DiG 9.16.1-Ubuntu <<>> -x 172.16.0.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55197
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 14afadf1d320160e01000000627498d32b3036329829ce2f (good)
;; QUESTION SECTION:
;10.0.16.172.in-addr.arpa.	IN	PTR

;; ANSWER SECTION:
10.0.16.172.in-addr.arpa. 604800 IN	PTR	nameserver.mydomain.com.

;; Query time: 0 msec
;; SERVER: 172.16.0.10#53(172.16.0.10)
;; WHEN: Fri May 06 03:41:07 UTC 2022
;; MSG SIZE  rcvd: 118

				
			

You can also use nslookup command against the DNS server to confirm DNS server name resolution.

				
					nslookup nameserver.mydomain.com
				
			

You should see name to IP resolution in the following output:

				
					Server:		172.16.0.10
Address:	172.16.0.10#53

Name:	nameserver.mydomain.com
Address: 172.16.0.10

				
			

Now, run the nslookup command against DNS server IP address to confirm the reverse lookup:

				
					nslookup 172.16.0.10
				
			

You should see the IP address to name resolution in the following output:

				
					10.0.16.172.in-addr.arpa	name = nameserver.mydomain.com.
				
			

How to Install Bind DNS on Ubuntu 20.04 Server (Setup / Configure) Conclusion

In this guide, we explained how to setup the Bind DNS server on Ubuntu 20.04. We also explained how to create forward and reverse DNS zones and test the DNS using the Dig command line utility. You can now implement the DNS server in your local environment for local name resolution.

Avatar for Hitesh Jethva
Hitesh Jethva

I am a fan of open source technology and have more than 10 years of experience working with Linux and Open Source technologies. I am one of the Linux technical writers for Cloud Infrastructure Services.

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x