How To Install and Configure DNS (Bind9) on Ubuntu 22.04 Server11 min read
In this tutorial how to install and configure DNS (Bind9) on Ubuntu 22.04 server. DNS is very important service for local and public internet because of it is use for name resolver as like ip to name conversion.
################################## Operating system: Ubuntu 22.04 IP address : 10.66.10.30 RAM : 2GB DISK space : 50GB vCPU : 2 Service : Local DNS Hostname : ns.technologyrss.local ##################################
Step #01: Check server version and upgrade server.
[email protected]:~# lsb_release -a && ip r [email protected]:~# apt update && apt upgrade -y
Add dns server ip into resolv.conf file.
[email protected]:~# vi /etc/resolv.conf
Insert below ip into this file.
nameserver 10.66.10.30
Step #02: Configure DNS (Bind9) service.
Main configuration is 4 files like
1. named.conf.options
2. named.conf.local
3. db.fwd.technologyrss.local
4. db.rev.technologyrss.local
[email protected]:~# cd /etc/bind/
Open named.conf.options file then delete all default text.
[email protected]/etc/bind/# vi named.conf.options
Then add below text into named.conf.options file.
acl "Trusted" { 10.66.10.30; # ns1 - can be set to localhost }; options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. recursion yes; # enables resursive queries allow-recursion { trusted; }; # allows recursive queries from "trusted" clients listen-on { 10.66.10.30; }; # ns1 private IP address - listen on private network only allow-transfer { none; }; # disable zone transfers by default forwarders { 8.8.8.8; 8.8.4.4; }; // forwarders { // 0.0.0.0; // }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto; listen-on-v6 { any; }; };
Then save press Esc type :wq then press Enter.
Open named.conf.local file then delete all default text.
[email protected]/etc/bind/# vi named.conf.local
Then add below text into named.conf.local file.
zone "technologyrss.local" { type master; file "/etc/bind/zones/db.fwd.technologyrss.local"; # zone file path allow-transfer { 10.66.10.30; }; # ns private IP address }; zone "66.10.in-addr.arpa" { type master; file "/etc/bind/zones/db.rev.technologyrss.local"; # 10.55.0.0/16 subnet allow-transfer { 10.66.10.30; }; # ns private IP address };
Then save press Esc type :wq then press Enter.
Create zones folder for store two files.
[email protected]/etc/bind/# mkdir zones
Then going to this directory
[email protected]/etc/bind/# cd zones/
Then create forwarder zone file.
[email protected]/etc/bind/zones# vi db.fwd.technologyrss.local
Insert below all text into this file.
; ; BIND data file for local loopback interface ; $TTL 604800 @ IN SOA ns.technologyrss.local. root.ns.technologyrss.local. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; ; name servers - NS records IN NS ns.technologyrss.local. ; name servers - A records ns.technologyrss.local. IN A 10.66.10.30 ;
Then save press Esc type :wq then press Enter.
Then create reverse zone file.
[email protected]/etc/bind/zones# vi db.rev.technologyrss.local
Then insert below all text into this file.
; ; BIND data file for local loopback interface ; $TTL 604800 @ IN SOA ns.technologyrss.local. root.ns.technologyrss.local. ( 5 604800 86400 2419200 604800 ) ; name servers IN NS ns.technologyrss.local. 30.10 IN PTR ns.technologyrss.local.
Then save press Esc type :wq then press Enter.
Then back one directory
[email protected]/etc/bind/zones# cd /etc/bind/
Then show rndc.key info using cat command.
[email protected]/etc/bind# cat rndc.key
See output as like below
key "rndc-key" { algorithm hmac-sha256; secret "BPHuhhHVX+CoLmmw6hfwh9a0R5CyRHOhNuPyqvogfps="; };
Now Create rndc.conf file.
[email protected]/etc/bind# vi rndc.conf
Then insert below all text into this file.
key "rndc-key" { algorithm hmac-sha256; secret "BPHuhhHVX+CoLmmw6hfwh9a0R5CyRHOhNuPyqvogfps="; }; options { default-key "rndc-key"; default-server 127.0.0.1; default-port 953; };
Then save press Esc type :wq then press Enter.
Step #03: Setup permission and restart bind9 service.
[email protected]/etc/bind# chown root:bind -R /etc/bind [email protected]/etc/bind# chown bind:bind -R /etc/bind/rndc.conf [email protected]/etc/bind# service bind9 restart [email protected]/etc/bind# service bind9 status
Now Test bind9 service from server.
[email protected]:~# dig ns.technologyrss.local ; <<>> DiG 9.18.1-1ubuntu1.1-Ubuntu <<>> ns.technologyrss.local ;; global options: +cmd ;; Got answer: ;; WARNING: .local is reserved for Multicast DNS ;; You are currently testing what happens when an mDNS query is leaked to DNS ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28146 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: a3f823b21fb8bab30100000062efd60632ef06dae70dc94c (good) ;; QUESTION SECTION: ;ns.technologyrss.local. IN A ;; ANSWER SECTION: ns.technologyrss.local. 604800 IN A 10.66.10.30 ;; Query time: 0 msec ;; SERVER: 10.66.10.30#53(10.66.10.30) (UDP) ;; WHEN: Sun Aug 07 15:11:02 UTC 2022 ;; MSG SIZE rcvd: 95
Check PTR resolver using below command.
[email protected]:~# dig -x 10.66.10.30 ; <<>> DiG 9.18.1-1ubuntu1.1-Ubuntu <<>> -x 10.66.10.30 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65521 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 771c99bb327d4ea90100000062efd7fc00b78df9640350c7 (good) ;; QUESTION SECTION: ;30.10.66.10.in-addr.arpa. IN PTR ;; ANSWER SECTION: 30.10.66.10.in-addr.arpa. 604800 IN PTR ns.technologyrss.local. ;; Query time: 0 msec ;; SERVER: 10.66.10.30#53(10.66.10.30) (UDP) ;; WHEN: Sun Aug 07 15:19:24 UTC 2022 ;; MSG SIZE rcvd: 117
Check name test.
[email protected]:~# nslookup ns Server: 10.66.10.30 Address: 10.66.10.30#53 Name: ns.technologyrss.local Address: 10.66.10.30
Check ip test.
[email protected]:~# nslookup 10.66.10.30 30.10.66.10.in-addr.arpa name = ns.technologyrss.local.
Step #04: Now Install how to manage DNS server from web GUI.
[email protected]:~# vi /etc/apt/sources.list
Insert below text into this file.
deb http://download.webmin.com/download/repository sarge contrib deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib
or
You can use different method as like below.
[email protected]:~# wget -q http://www.webmin.com/jcameron-key.asc -O- | sudo apt-key add - [email protected]:~# sudo add-apt-repository "deb http://download.webmin.com/download/repository sarge contrib"
Then update and then install webmin package.
[email protected]:~# apt-get update [email protected]:~# apt-get install webmin -y
Now access your server ip address using port 10000
https://10.66.10.30:10000
If you see any error so please see my YouTube channel for more details. Please don’t forget subscribe my channel for get latest update.
- How To Install Odoo 16 on Ubuntu 22.04 - May 14, 2023
- 12 Steps to Organize Photos on Your Computer - March 20, 2023
- 9 Ways to Speed Up Your MacBook Yosemite - February 21, 2023
We really appreciate for your support for buying me a coffee.
It takes us a while to compose and upload new content, as they have to be checked to see if Properly works. We appreciate you if you help me for one cup of coffee to keep us awake and always deliver good quality content.
No contribution is small of an amount. We are grateful for any amount you support us with. Thank you!
Thank you very much for this kind of work.
But strangely – after restarting the OS resolv.conf is reset to search . and that’s it. All entries from there disappear after the reboot.
Yes, So you can install permanent resolve dns package for ubuntu then solve your issue.
Thanks.
>vi /etc/resolv.conf
This file will be recreated the first time netplan is restarted.
Please install resolve permanent dns package then solve your issue.
Thanks.
With Ubuntu Server everything is clear. It’s a complete mess.
Thank you so much!
It’s kind of okay, but.
nslookup ns
Server: 192.168.2.1
Address: 192.168.2.1#53
** server can’t find ns: NXDOMAIN
….
cat db.fwd.est001.local | ..
; name servers – NS records
IN NS ns.est001.local.
Must be add your dns server ip address on resolve.conf file.
Thanks.