How to install DNS on Ubuntu server


We’ve been doing this setup in our related post for setting up the DNS service on the CentOS system. We want to cover the same scenario for Ubuntu users. There is a significant difference between this process on Ubuntu and CentOS. We’ll use the BIND9 service for DNS. So, let’s dive into how to install DNS on Ubuntu server!

Specification:

OS Version: Ubuntu 18.04.3 (LTS) x64
IP addresses:
  • 12.13.14.15: Example local network IP
  • 13.14.15.16: Example Ubuntu DNS server IP we are setting up with BIND9
  • 14.15.16.17: Example IP our test domain should resolve to.

Installation

Before we install DNs on Ubuntu server, let’s make sure the system is up to date:

$ sudo apt-get update

Then we should make sure we have the static IP address set! When we set the static IP we can proceed to the BIND9 service installation:

$ sudo apt-get install bind9

Service is installed now! Our next few steps will be:

  1. Creating a database for the domain our DNS will be resolving
  2. Create the DNS “zone” in the configuration file for each domain we want this DNS server to resolve

Create DNS database

DNS server needs to have the list of files that collectively represent the database in order to know what domains it is responsible for. We will create a database file for the example domain bluegrid.awesome and it will resolve to example IP address 14.15.16.17.

Database files are located at /var/cache/bind/ so let’s open/create db.bluegrid.awesome:

$ sudo nano /var/cache/bind/db.bluegrid.awesome

And now, in there and add the following lines (use your own IP addresses, we are using example ones):

$TTL 1d
$ORIGIN bluegrid.awesome.
@    IN   SOA  ns   root (
          2020031201 ; Serial
          12h        ; Refresh
          15m        ; Retry
          3w         ; Expire
          2h         ; Minimum
)
@    IN   A    14.15.16.17
@    IN   NS   ns
ns   IN   A    14.15.16.17
@    IN   MX   10   mail
mail IN   A    14.15.16.17
www  IN   A    14.15.16.17
ftp  IN   CNAME www

We can check the syntax, of course, to make sure we don’t have a typo or similar error in this file:

named-checkzone bluegrid.awesome /var/cache/bind/db.bluegrid.awesome 
zone bluegrid.awesome/IN: loaded serial 2020031201
OK

Creating the DNS zone

BIND9 uses /etc/bind/named.conf as the main configuration file to load all other configuration files. This is important to know because when we create a zone file it will be automatically loaded into the named.conf. The reason is simple, named.conf loads zone configuration file /etc/bind/named.conf.local by default (look at include directives – no action needed here! Just observe):

// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

Let’s create a zone! Open /etc/bind/named.conf.local and add the following lines at the top of the file (use your own example or test domain):

zone "bluegrid.awesome" IN {
    type master;
    file "db.bluegrid.awesome";
};

So, now it should look like this:

zone "bluegrid.awesome" IN {
    type master;
    file "db.bluegrid.awesome";
};

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

Now, we should make sure that options for this BIND9 service are in order. Add the following lines in the /etc/bind/named.conf.options file (replace our example IP’s with your own):

listen-on port 53 { 127.0.0.1; 13.14.15.16;};
listen-on-v6 port 53 { ::1; };
dump-file       "/var/cache/bind/cache_dump.db";
statistics-file "/var/cache/bind/named_stats.txt";
memstatistics-file "/var/cache/bind/named_mem_stats.txt";
secroots-file   "/var/cache/bind/named.secroots";
recursing-file  "/var/cache/bind/named.recursing";
allow-query     { localhost; 12.13.14.0/24;};

It should look like this now:

options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        // forwarders {
        //      0.0.0.0;
        // };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };

        listen-on port 53 { 127.0.0.1; 13.14.15.16;};
        listen-on-v6 port 53 { ::1; };
        dump-file       "/var/cache/bind/cache_dump.db";
        statistics-file "/var/cache/bind/named_stats.txt";
        memstatistics-file "/var/cache/bind/named_mem_stats.txt";
        secroots-file   "/var/cache/bind/named.secroots";
        recursing-file  "/var/cache/bind/named.recursing";
        allow-query     { localhost; 12.13.14.0/24;};
};

If we didn’t mess something up along the way we should be able to fire up the bind9 service or restart it if it was already started:

$ sudo systemctl restart bind9

Test the DNS service resolution

Let’s check out if the server will resolve our example domain bluegrid.awesome (don’t forget to change the IP of your test DNS server accordingly):

dig @13.14.15.16 bluegrid.awesome

; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> @13.14.15.16 bluegrid.awesome
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20574
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: d87b1afa08b3a10595ffb5a25f3693f51dde98812e00e50d (good)
;; QUESTION SECTION:
;bluegrid.awesome.		IN	A

;; ANSWER SECTION:
bluegrid.awesome.	86400	IN	A	14.15.16.17

;; AUTHORITY SECTION:
bluegrid.awesome.	86400	IN	NS	ns.bluegrid.awesome.

;; ADDITIONAL SECTION:
ns.bluegrid.awesome.	86400	IN	A	14.15.16.17

;; Query time: 0 msec
;; SERVER: 13.14.15.16#53(13.14.15.16)
;; WHEN: Fri Aug 14 13:39:01 UTC 2020
;; MSG SIZE  rcvd: 122

That’s it!

Share this post

Share this link via

Or copy link