How To Install and Configure DNS (Bind9) on Ubuntu 22.04 Server11 min read

by Admin · Published August 8, 2022 · Updated August 8, 2022

In this tutorial how to install and configure DNS (Bind9) on Ubuntu 22.04 server. DNS is very important service for local and public internet because of it is use for name resolver as like ip to name conversion.

##################################
Operating system: Ubuntu 22.04
IP address	: 10.66.10.30
RAM		: 2GB
DISK space	: 50GB
vCPU		: 2
Service		: Local DNS
Hostname	: ns.technologyrss.local
##################################

Step #01: Check server version and upgrade server.

root@ns:~# lsb_release -a && ip r
root@ns:~# apt update && apt upgrade -y

Add dns server ip into resolv.conf file.

root@ns:~# vi /etc/resolv.conf

Insert below ip into this file.

nameserver 10.66.10.30

Step #02: Configure DNS (Bind9) service.

Main configuration is 4 files like
1. named.conf.options
2. named.conf.local
3. db.fwd.technologyrss.local
4. db.rev.technologyrss.local

root@ns:~# cd /etc/bind/

Open named.conf.options file then delete all default text.

root@ns/etc/bind/# vi named.conf.options

Then add below text into named.conf.options file.

acl "Trusted" {
        10.66.10.30;    # ns1 - can be set to localhost
};


options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        recursion yes;                 # enables resursive queries
        allow-recursion { trusted; };  # allows recursive queries from "trusted" clients
        listen-on { 10.66.10.30; };   # ns1 private IP address - listen on private network only
        allow-transfer { none; };      # disable zone transfers by default


        forwarders {
                8.8.8.8;
                8.8.4.4;
        };



        // forwarders {
        //      0.0.0.0;
        // };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        listen-on-v6 { any; };
};

Then save press Esc type :wq then press Enter.

Open named.conf.local file then delete all default text.

root@ns/etc/bind/# vi named.conf.local

Then add below text into named.conf.local file.

zone "technologyrss.local" {
    type master;
    file "/etc/bind/zones/db.fwd.technologyrss.local"; # zone file path
    allow-transfer { 10.66.10.30; };           # ns private IP address
};


zone "66.10.in-addr.arpa" {
    type master;
    file "/etc/bind/zones/db.rev.technologyrss.local";  # 10.55.0.0/16 subnet
    allow-transfer { 10.66.10.30; };  # ns private IP address
};

Then save press Esc type :wq then press Enter.

Create zones folder for store two files.

root@ns/etc/bind/# mkdir zones

Then going to this directory

root@ns/etc/bind/# cd zones/

Then create forwarder zone file.

root@ns/etc/bind/zones# vi db.fwd.technologyrss.local

Insert below all text into this file.

;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     ns.technologyrss.local. root.ns.technologyrss.local. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
; name servers - NS records
     IN      NS      ns.technologyrss.local.

; name servers - A records
ns.technologyrss.local.          IN      A       10.66.10.30
;

Then save press Esc type :wq then press Enter.

Then create reverse zone file.

root@ns/etc/bind/zones# vi db.rev.technologyrss.local

Then insert below all text into this file.

;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     ns.technologyrss.local. root.ns.technologyrss.local. (
                        5
                        604800
                        86400
                        2419200
                        604800 )

; name servers
      IN      NS      ns.technologyrss.local.


30.10      IN      PTR    ns.technologyrss.local.

Then save press Esc type :wq then press Enter.

Then back one directory

root@ns/etc/bind/zones# cd /etc/bind/

Then show rndc.key info using cat command.

root@ns/etc/bind# cat rndc.key

See output as like below

key "rndc-key" {
        algorithm hmac-sha256;
        secret "BPHuhhHVX+CoLmmw6hfwh9a0R5CyRHOhNuPyqvogfps=";
};

Now Create rndc.conf file.

root@ns/etc/bind# vi rndc.conf

Then insert below all text into this file.

key "rndc-key" {
        algorithm hmac-sha256;
        secret "BPHuhhHVX+CoLmmw6hfwh9a0R5CyRHOhNuPyqvogfps=";
};
options {
        default-key "rndc-key";
        default-server 127.0.0.1;
        default-port 953;
};

Then save press Esc type :wq then press Enter.

Step #03: Setup permission and restart bind9 service.

root@ns/etc/bind# chown root:bind -R /etc/bind
root@ns/etc/bind# chown bind:bind -R /etc/bind/rndc.conf
root@ns/etc/bind# service bind9 restart
root@ns/etc/bind# service bind9 status

Now Test bind9 service from server.

root@ns:~# dig ns.technologyrss.local

; <<>> DiG 9.18.1-1ubuntu1.1-Ubuntu <<>> ns.technologyrss.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28146
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: a3f823b21fb8bab30100000062efd60632ef06dae70dc94c (good)
;; QUESTION SECTION:
;ns.technologyrss.local.                IN      A

;; ANSWER SECTION:
ns.technologyrss.local. 604800  IN      A       10.66.10.30

;; Query time: 0 msec
;; SERVER: 10.66.10.30#53(10.66.10.30) (UDP)
;; WHEN: Sun Aug 07 15:11:02 UTC 2022
;; MSG SIZE  rcvd: 95

Check PTR resolver using below command.

root@ns:~# dig -x  10.66.10.30

; <<>> DiG 9.18.1-1ubuntu1.1-Ubuntu <<>> -x 10.66.10.30
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65521
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 771c99bb327d4ea90100000062efd7fc00b78df9640350c7 (good)
;; QUESTION SECTION:
;30.10.66.10.in-addr.arpa.      IN      PTR

;; ANSWER SECTION:
30.10.66.10.in-addr.arpa. 604800 IN     PTR     ns.technologyrss.local.

;; Query time: 0 msec
;; SERVER: 10.66.10.30#53(10.66.10.30) (UDP)
;; WHEN: Sun Aug 07 15:19:24 UTC 2022
;; MSG SIZE  rcvd: 117

Check name test.

root@ns:~# nslookup ns
Server:         10.66.10.30
Address:        10.66.10.30#53

Name:   ns.technologyrss.local
Address: 10.66.10.30

Check ip test.

root@ns:~# nslookup 10.66.10.30
30.10.66.10.in-addr.arpa        name = ns.technologyrss.local.

Step #04: Now Install how to manage DNS server from web GUI.

root@ns:~# vi /etc/apt/sources.list

Insert below text into this file.

deb http://download.webmin.com/download/repository sarge contrib
deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib

You can use different method as like below.

root@ns:~# wget -q http://www.webmin.com/jcameron-key.asc -O- | sudo apt-key add -
root@ns:~# sudo add-apt-repository "deb http://download.webmin.com/download/repository sarge contrib"

Then update and then install webmin package.

root@ns:~# apt-get update
root@ns:~# apt-get install webmin -y

Now access your server ip address using port 10000

https://10.66.10.30:10000

If you see any error so please see my YouTube channel for more details. Please don’t forget subscribe my channel for get latest update.

Author
Recent Posts

Admin

I am system administrator as Windows and Linux platform. I have 4 years skilled from the professional period. I have to configure Linux based system such as an Asterisk VOIP system, Network monitoring tools (ZABBIX), Virtualization (XEN Server), Cloud computing (Apache CloudStack) etc. Now share my professional skill each interested person.
Thanks to all.

We really appreciate for your support for buying me a coffee.

It takes us a while to compose and upload new content, as they have to be checked to see if Properly works. We appreciate you if you help me for one cup of coffee to keep us awake and always deliver good quality content.

No contribution is small of an amount. We are grateful for any amount you support us with. Thank you!