In this tutorial how to install and configure DNS (Bind9) on Ubuntu 22.04 server. DNS is very important service for local and public internet because of it is use for name resolver as like ip to name conversion.
################################## Operating system: Ubuntu 22.04 IP address : 10.66.10.30 RAM : 2GB DISK space : 50GB vCPU : 2 Service : Local DNS Hostname : ns.technologyrss.local ##################################
Step #01: Check server version and upgrade server.
root@ns:~# lsb_release -a && ip r root@ns:~# apt update && apt upgrade -y
Add dns server ip into resolv.conf file.
root@ns:~# vi /etc/resolv.conf
Insert below ip into this file.
nameserver 10.66.10.30
Step #02: Configure DNS (Bind9) service.
Main configuration is 4 files like
1. named.conf.options
2. named.conf.local
3. db.fwd.technologyrss.local
4. db.rev.technologyrss.local
root@ns:~# cd /etc/bind/
Open named.conf.options file then delete all default text.
root@ns/etc/bind/# vi named.conf.options
Then add below text into named.conf.options file.
acl "Trusted" {
10.66.10.30; # ns1 - can be set to localhost
};
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
recursion yes; # enables resursive queries
allow-recursion { trusted; }; # allows recursive queries from "trusted" clients
listen-on { 10.66.10.30; }; # ns1 private IP address - listen on private network only
allow-transfer { none; }; # disable zone transfers by default
forwarders {
8.8.8.8;
8.8.4.4;
};
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
listen-on-v6 { any; };
};
Then save press Esc type :wq then press Enter.
Open named.conf.local file then delete all default text.
root@ns/etc/bind/# vi named.conf.local
Then add below text into named.conf.local file.
zone "technologyrss.local" {
type master;
file "/etc/bind/zones/db.fwd.technologyrss.local"; # zone file path
allow-transfer { 10.66.10.30; }; # ns private IP address
};
zone "66.10.in-addr.arpa" {
type master;
file "/etc/bind/zones/db.rev.technologyrss.local"; # 10.55.0.0/16 subnet
allow-transfer { 10.66.10.30; }; # ns private IP address
};
Then save press Esc type :wq then press Enter.
Create zones folder for store two files.
root@ns/etc/bind/# mkdir zones
Then going to this directory
root@ns/etc/bind/# cd zones/
Then create forwarder zone file.
root@ns/etc/bind/zones# vi db.fwd.technologyrss.local
Insert below all text into this file.
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA ns.technologyrss.local. root.ns.technologyrss.local. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; name servers - NS records
IN NS ns.technologyrss.local.
; name servers - A records
ns.technologyrss.local. IN A 10.66.10.30
;
Then save press Esc type :wq then press Enter.
Then create reverse zone file.
root@ns/etc/bind/zones# vi db.rev.technologyrss.local
Then insert below all text into this file.
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA ns.technologyrss.local. root.ns.technologyrss.local. (
5
604800
86400
2419200
604800 )
; name servers
IN NS ns.technologyrss.local.
30.10 IN PTR ns.technologyrss.local.
Then save press Esc type :wq then press Enter.
Then back one directory
root@ns/etc/bind/zones# cd /etc/bind/
Then show rndc.key info using cat command.
root@ns/etc/bind# cat rndc.key
See output as like below
key "rndc-key" {
algorithm hmac-sha256;
secret "BPHuhhHVX+CoLmmw6hfwh9a0R5CyRHOhNuPyqvogfps=";
};
Now Create rndc.conf file.
root@ns/etc/bind# vi rndc.conf
Then insert below all text into this file.
key "rndc-key" {
algorithm hmac-sha256;
secret "BPHuhhHVX+CoLmmw6hfwh9a0R5CyRHOhNuPyqvogfps=";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
Then save press Esc type :wq then press Enter.
Step #03: Setup permission and restart bind9 service.
root@ns/etc/bind# chown root:bind -R /etc/bind root@ns/etc/bind# chown bind:bind -R /etc/bind/rndc.conf root@ns/etc/bind# service bind9 restart root@ns/etc/bind# service bind9 status
Now Test bind9 service from server.
root@ns:~# dig ns.technologyrss.local ; <<>> DiG 9.18.1-1ubuntu1.1-Ubuntu <<>> ns.technologyrss.local ;; global options: +cmd ;; Got answer: ;; WARNING: .local is reserved for Multicast DNS ;; You are currently testing what happens when an mDNS query is leaked to DNS ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28146 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: a3f823b21fb8bab30100000062efd60632ef06dae70dc94c (good) ;; QUESTION SECTION: ;ns.technologyrss.local. IN A ;; ANSWER SECTION: ns.technologyrss.local. 604800 IN A 10.66.10.30 ;; Query time: 0 msec ;; SERVER: 10.66.10.30#53(10.66.10.30) (UDP) ;; WHEN: Sun Aug 07 15:11:02 UTC 2022 ;; MSG SIZE rcvd: 95
Check PTR resolver using below command.
root@ns:~# dig -x 10.66.10.30 ; <<>> DiG 9.18.1-1ubuntu1.1-Ubuntu <<>> -x 10.66.10.30 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65521 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 771c99bb327d4ea90100000062efd7fc00b78df9640350c7 (good) ;; QUESTION SECTION: ;30.10.66.10.in-addr.arpa. IN PTR ;; ANSWER SECTION: 30.10.66.10.in-addr.arpa. 604800 IN PTR ns.technologyrss.local. ;; Query time: 0 msec ;; SERVER: 10.66.10.30#53(10.66.10.30) (UDP) ;; WHEN: Sun Aug 07 15:19:24 UTC 2022 ;; MSG SIZE rcvd: 117
Check name test.
root@ns:~# nslookup ns Server: 10.66.10.30 Address: 10.66.10.30#53 Name: ns.technologyrss.local Address: 10.66.10.30
Check ip test.
root@ns:~# nslookup 10.66.10.30 30.10.66.10.in-addr.arpa name = ns.technologyrss.local.
Step #04: Now Install how to manage DNS server from web GUI.
root@ns:~# vi /etc/apt/sources.list
Insert below text into this file.
deb http://download.webmin.com/download/repository sarge contrib deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib
or
You can use different method as like below.
root@ns:~# wget -q http://www.webmin.com/jcameron-key.asc -O- | sudo apt-key add - root@ns:~# sudo add-apt-repository "deb http://download.webmin.com/download/repository sarge contrib"
Then update and then install webmin package.
root@ns:~# apt-get update root@ns:~# apt-get install webmin -y
Now access your server ip address using port 10000
https://10.66.10.30:10000
If you see any error so please see my YouTube channel for more details. Please don’t forget subscribe my channel for get latest update.
- How To Install Zabbix Server 6.4 On AlmaLinux 8 Server - August 9, 2024
- How To Clear RAM Memory Cache Buffer Linux Server - February 29, 2024
- How To Install Apache Cloud Stack Management Server 4.17 On Ubuntu 22.04 - February 1, 2024
Leave a Comment