In this tutorial how to install and configure DNS (Bind9) on Ubuntu 22.04 server. DNS is very important service for local and public internet because of it is use for name resolver as like ip to name conversion.

##################################
Operating system: Ubuntu 22.04
IP address	: 10.66.10.30
RAM		: 2GB
DISK space	: 50GB
vCPU		: 2
Service		: Local DNS
Hostname	: ns.technologyrss.local
##################################

Step #01: Check server version and upgrade server.

[email protected]:~# lsb_release -a && ip r
[email protected]:~# apt update && apt upgrade -y

Add dns server ip into resolv.conf file.

[email protected]:~# vi /etc/resolv.conf

Insert below ip into this file.

nameserver 10.66.10.30

Step #02: Configure DNS (Bind9) service.

Main configuration is 4 files like
1. named.conf.options
2. named.conf.local
3. db.fwd.technologyrss.local
4. db.rev.technologyrss.local

[email protected]:~# cd /etc/bind/

Open named.conf.options file then delete all default text.

[email protected]/etc/bind/# vi named.conf.options

Then add below text into named.conf.options file.

acl "Trusted" {
        10.66.10.30;    # ns1 - can be set to localhost
};


options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        recursion yes;                 # enables resursive queries
        allow-recursion { trusted; };  # allows recursive queries from "trusted" clients
        listen-on { 10.66.10.30; };   # ns1 private IP address - listen on private network only
        allow-transfer { none; };      # disable zone transfers by default


        forwarders {
                8.8.8.8;
                8.8.4.4;
        };



        // forwarders {
        //      0.0.0.0;
        // };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        listen-on-v6 { any; };
};

Then save press Esc type :wq then press Enter.

Open named.conf.local file then delete all default text.

[email protected]/etc/bind/# vi named.conf.local

Then add below text into named.conf.local file.

zone "technologyrss.local" {
    type master;
    file "/etc/bind/zones/db.fwd.technologyrss.local"; # zone file path
    allow-transfer { 10.66.10.30; };           # ns private IP address
};


zone "66.10.in-addr.arpa" {
    type master;
    file "/etc/bind/zones/db.rev.technologyrss.local";  # 10.55.0.0/16 subnet
    allow-transfer { 10.66.10.30; };  # ns private IP address
};

Then save press Esc type :wq then press Enter.

Create zones folder for store two files.

[email protected]/etc/bind/# mkdir zones

Then going to this directory

[email protected]/etc/bind/# cd zones/

Then create forwarder zone file.

[email protected]/etc/bind/zones# vi db.fwd.technologyrss.local

Insert below all text into this file.

;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     ns.technologyrss.local. root.ns.technologyrss.local. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
; name servers - NS records
     IN      NS      ns.technologyrss.local.

; name servers - A records
ns.technologyrss.local.          IN      A       10.66.10.30
;

Then save press Esc type :wq then press Enter.

Then create reverse zone file.

[email protected]/etc/bind/zones# vi db.rev.technologyrss.local

Then insert below all text into this file.

;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     ns.technologyrss.local. root.ns.technologyrss.local. (
                        5
                        604800
                        86400
                        2419200
                        604800 )

; name servers
      IN      NS      ns.technologyrss.local.


30.10      IN      PTR    ns.technologyrss.local.

Then save press Esc type :wq then press Enter.

Then back one directory

[email protected]/etc/bind/zones# cd /etc/bind/

Then show rndc.key info using cat command.

[email protected]/etc/bind# cat rndc.key

See output as like below

key "rndc-key" {
        algorithm hmac-sha256;
        secret "BPHuhhHVX+CoLmmw6hfwh9a0R5CyRHOhNuPyqvogfps=";
};

Now Create rndc.conf file.

[email protected]/etc/bind# vi rndc.conf

Then insert below all text into this file.

key "rndc-key" {
        algorithm hmac-sha256;
        secret "BPHuhhHVX+CoLmmw6hfwh9a0R5CyRHOhNuPyqvogfps=";
};
options {
        default-key "rndc-key";
        default-server 127.0.0.1;
        default-port 953;
};

Then save press Esc type :wq then press Enter.

Step #03: Setup permission and restart bind9 service.

[email protected]/etc/bind# chown root:bind -R /etc/bind
[email protected]/etc/bind# chown bind:bind -R /etc/bind/rndc.conf
[email protected]/etc/bind# service bind9 restart
[email protected]/etc/bind# service bind9 status

Now Test bind9 service from server.

[email protected]:~# dig ns.technologyrss.local

; <<>> DiG 9.18.1-1ubuntu1.1-Ubuntu <<>> ns.technologyrss.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28146
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: a3f823b21fb8bab30100000062efd60632ef06dae70dc94c (good)
;; QUESTION SECTION:
;ns.technologyrss.local.                IN      A

;; ANSWER SECTION:
ns.technologyrss.local. 604800  IN      A       10.66.10.30

;; Query time: 0 msec
;; SERVER: 10.66.10.30#53(10.66.10.30) (UDP)
;; WHEN: Sun Aug 07 15:11:02 UTC 2022
;; MSG SIZE  rcvd: 95

Check PTR resolver using below command.

[email protected]:~# dig -x  10.66.10.30

; <<>> DiG 9.18.1-1ubuntu1.1-Ubuntu <<>> -x 10.66.10.30
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65521
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 771c99bb327d4ea90100000062efd7fc00b78df9640350c7 (good)
;; QUESTION SECTION:
;30.10.66.10.in-addr.arpa.      IN      PTR

;; ANSWER SECTION:
30.10.66.10.in-addr.arpa. 604800 IN     PTR     ns.technologyrss.local.

;; Query time: 0 msec
;; SERVER: 10.66.10.30#53(10.66.10.30) (UDP)
;; WHEN: Sun Aug 07 15:19:24 UTC 2022
;; MSG SIZE  rcvd: 117

Check name test.

[email protected]:~# nslookup ns
Server:         10.66.10.30
Address:        10.66.10.30#53

Name:   ns.technologyrss.local
Address: 10.66.10.30

Check ip test.

[email protected]:~# nslookup 10.66.10.30
30.10.66.10.in-addr.arpa        name = ns.technologyrss.local.

Step #04: Now Install how to manage DNS server from web GUI.

[email protected]:~# vi /etc/apt/sources.list

Insert below text into this file.

deb http://download.webmin.com/download/repository sarge contrib
deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib

or

You can use different method as like below.

[email protected]:~# wget -q http://www.webmin.com/jcameron-key.asc -O- | sudo apt-key add -
[email protected]:~# sudo add-apt-repository "deb http://download.webmin.com/download/repository sarge contrib"

Then update and then install webmin package.

[email protected]:~# apt-get update
[email protected]:~# apt-get install webmin -y

Now access your server ip address using port 10000

https://10.66.10.30:10000

If you see any error so please see my YouTube channel for more details. Please don’t forget subscribe my channel for get latest update.

• Author
• Recent Posts

Admin

I am system administrator as Windows and Linux platform. I have 4 years skilled from the professional period. I have to configure Linux based system such as an Asterisk VOIP system, Network monitoring tools (ZABBIX), Virtualization (XEN Server), Cloud computing (Apache CloudStack) etc. Now share my professional skill each interested person.
Thanks to all.

Latest posts by Admin (see all)

• How To Install Odoo 16 on Ubuntu 22.04 - May 14, 2023
• 12 Steps to Organize Photos on Your Computer - March 20, 2023
• 9 Ways to Speed Up Your MacBook Yosemite - February 21, 2023