How To Install and Configure DNS (Bind9) on Ubuntu 22.04 Server11 min read
In this tutorial how to install and configure DNS (Bind9) on Ubuntu 22.04 server. DNS is very important service for local and public internet because of it is use for name resolver as like ip to name conversion.
################################## Operating system: Ubuntu 22.04 IP address : 10.66.10.30 RAM : 2GB DISK space : 50GB vCPU : 2 Service : Local DNS Hostname : ns.technologyrss.local ##################################
Step #01: Check server version and upgrade server.
root@ns:~# lsb_release -a && ip r root@ns:~# apt update && apt upgrade -y
Add dns server ip into resolv.conf file.
root@ns:~# vi /etc/resolv.conf
Insert below ip into this file.
nameserver 10.66.10.30
Step #02: Configure DNS (Bind9) service.
Main configuration is 4 files like
1. named.conf.options
2. named.conf.local
3. db.fwd.technologyrss.local
4. db.rev.technologyrss.local
root@ns:~# cd /etc/bind/
Open named.conf.options file then delete all default text.
root@ns/etc/bind/# vi named.conf.options
Then add below text into named.conf.options file.
acl "Trusted" {
10.66.10.30; # ns1 - can be set to localhost
};
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
recursion yes; # enables resursive queries
allow-recursion { trusted; }; # allows recursive queries from "trusted" clients
listen-on { 10.66.10.30; }; # ns1 private IP address - listen on private network only
allow-transfer { none; }; # disable zone transfers by default
forwarders {
8.8.8.8;
8.8.4.4;
};
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
listen-on-v6 { any; };
};
Then save press Esc type :wq then press Enter.
Open named.conf.local file then delete all default text.
root@ns/etc/bind/# vi named.conf.local
Then add below text into named.conf.local file.
zone "technologyrss.local" {
type master;
file "/etc/bind/zones/db.fwd.technologyrss.local"; # zone file path
allow-transfer { 10.66.10.30; }; # ns private IP address
};
zone "66.10.in-addr.arpa" {
type master;
file "/etc/bind/zones/db.rev.technologyrss.local"; # 10.55.0.0/16 subnet
allow-transfer { 10.66.10.30; }; # ns private IP address
};
Then save press Esc type :wq then press Enter.
Create zones folder for store two files.
root@ns/etc/bind/# mkdir zones
Then going to this directory
root@ns/etc/bind/# cd zones/
Then create forwarder zone file.
root@ns/etc/bind/zones# vi db.fwd.technologyrss.local
Insert below all text into this file.
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA ns.technologyrss.local. root.ns.technologyrss.local. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; name servers - NS records
IN NS ns.technologyrss.local.
; name servers - A records
ns.technologyrss.local. IN A 10.66.10.30
;
Then save press Esc type :wq then press Enter.
Then create reverse zone file.
root@ns/etc/bind/zones# vi db.rev.technologyrss.local
Then insert below all text into this file.
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA ns.technologyrss.local. root.ns.technologyrss.local. (
5
604800
86400
2419200
604800 )
; name servers
IN NS ns.technologyrss.local.
30.10 IN PTR ns.technologyrss.local.
Then save press Esc type :wq then press Enter.
Then back one directory
root@ns/etc/bind/zones# cd /etc/bind/
Then show rndc.key info using cat command.
root@ns/etc/bind# cat rndc.key
See output as like below
key "rndc-key" {
algorithm hmac-sha256;
secret "BPHuhhHVX+CoLmmw6hfwh9a0R5CyRHOhNuPyqvogfps=";
};
Now Create rndc.conf file.
root@ns/etc/bind# vi rndc.conf
Then insert below all text into this file.
key "rndc-key" {
algorithm hmac-sha256;
secret "BPHuhhHVX+CoLmmw6hfwh9a0R5CyRHOhNuPyqvogfps=";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
Then save press Esc type :wq then press Enter.
Step #03: Setup permission and restart bind9 service.
root@ns/etc/bind# chown root:bind -R /etc/bind root@ns/etc/bind# chown bind:bind -R /etc/bind/rndc.conf root@ns/etc/bind# service bind9 restart root@ns/etc/bind# service bind9 status
Now Test bind9 service from server.
root@ns:~# dig ns.technologyrss.local ; <<>> DiG 9.18.1-1ubuntu1.1-Ubuntu <<>> ns.technologyrss.local ;; global options: +cmd ;; Got answer: ;; WARNING: .local is reserved for Multicast DNS ;; You are currently testing what happens when an mDNS query is leaked to DNS ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28146 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: a3f823b21fb8bab30100000062efd60632ef06dae70dc94c (good) ;; QUESTION SECTION: ;ns.technologyrss.local. IN A ;; ANSWER SECTION: ns.technologyrss.local. 604800 IN A 10.66.10.30 ;; Query time: 0 msec ;; SERVER: 10.66.10.30#53(10.66.10.30) (UDP) ;; WHEN: Sun Aug 07 15:11:02 UTC 2022 ;; MSG SIZE rcvd: 95
Check PTR resolver using below command.
root@ns:~# dig -x 10.66.10.30 ; <<>> DiG 9.18.1-1ubuntu1.1-Ubuntu <<>> -x 10.66.10.30 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65521 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 771c99bb327d4ea90100000062efd7fc00b78df9640350c7 (good) ;; QUESTION SECTION: ;30.10.66.10.in-addr.arpa. IN PTR ;; ANSWER SECTION: 30.10.66.10.in-addr.arpa. 604800 IN PTR ns.technologyrss.local. ;; Query time: 0 msec ;; SERVER: 10.66.10.30#53(10.66.10.30) (UDP) ;; WHEN: Sun Aug 07 15:19:24 UTC 2022 ;; MSG SIZE rcvd: 117
Check name test.
root@ns:~# nslookup ns Server: 10.66.10.30 Address: 10.66.10.30#53 Name: ns.technologyrss.local Address: 10.66.10.30
Check ip test.
root@ns:~# nslookup 10.66.10.30 30.10.66.10.in-addr.arpa name = ns.technologyrss.local.
Step #04: Now Install how to manage DNS server from web GUI.
root@ns:~# vi /etc/apt/sources.list
Insert below text into this file.
deb http://download.webmin.com/download/repository sarge contrib deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib
or
You can use different method as like below.
root@ns:~# wget -q http://www.webmin.com/jcameron-key.asc -O- | sudo apt-key add - root@ns:~# sudo add-apt-repository "deb http://download.webmin.com/download/repository sarge contrib"
Then update and then install webmin package.
root@ns:~# apt-get update root@ns:~# apt-get install webmin -y
Now access your server ip address using port 10000
https://10.66.10.30:10000
If you see any error so please see my YouTube channel for more details. Please don’t forget subscribe my channel for get latest update.
Thanks to all.
- How To Install Zabbix Server 6.4 On AlmaLinux 8 Server - August 9, 2024
- How To Clear RAM Memory Cache Buffer Linux Server - February 29, 2024
- How To Install Apache Cloud Stack Management Server 4.17 On Ubuntu 22.04 - February 1, 2024
We really appreciate for your support for buying me a coffee.
It takes us a while to compose and upload new content, as they have to be checked to see if Properly works. We appreciate you if you help me for one cup of coffee to keep us awake and always deliver good quality content.
No contribution is small of an amount. We are grateful for any amount you support us with. Thank you!
Thank you very much for this kind of work.
But strangely – after restarting the OS resolv.conf is reset to search . and that’s it. All entries from there disappear after the reboot.
Yes, So you can install permanent resolve dns package for ubuntu then solve your issue.
Thanks.
>vi /etc/resolv.conf
This file will be recreated the first time netplan is restarted.
Please install resolve permanent dns package then solve your issue.
Thanks.
With Ubuntu Server everything is clear. It’s a complete mess.
Thank you so much!
It’s kind of okay, but.
nslookup ns
Server: 192.168.2.1
Address: 192.168.2.1#53
** server can’t find ns: NXDOMAIN
….
cat db.fwd.est001.local | ..
; name servers – NS records
IN NS ns.est001.local.
Must be add your dns server ip address on resolve.conf file.
Thanks.
facing bind9 services not running
Can you server restart then try. Thanks.
I was doing in my VM setup one is server and another is client but server itself go some errors
i setup everything but nslookup it shows like this
nslookup ns
Server: 192.168.15.136
Address: 192.168.15.136#53
** server can’t find ns: NXDOMAIN
For IP
nslookup 192.168.15.136
** server can’t find 136.15.168.192.in-addr.arpa: NXDOMAIN
From the client machine (192.168.15.137) i ping with the domain not works what is the issue here. can you help me with that
I think your domain name not properly working, fist check domain name have A record on your dns server. Thanks.