Scenario:
This documentation is about configuring bind as a DNS server in Ubuntu. The DNS server is expected to achieve following tasks:
1. Resolve a local FQDN web.ddc to its private IP, 192.168.0.105.
2. Resolve global domains by forwarding the query to google's Public DNS servers at 8.8.8.8 and 8.8.4.4
3. Cache the query results for faster access in the future.
Important Details:
Host Private IP: 192.168.0.105 (This could be a web server.)
Hostname: web
Private FQDN: web.ddc
DNS Server's Private IP: 192.168.0.105
Note: This scenario assumes the DNS Server and the host to be the same node in the network. It is also assumed that bind is already intalled in the OS.
Color Codes:
Commands in blue
File content in green
Expected output in purple
Note in dark grey
Note: # indicates root access
First Part
Summary: Configure hostname, FQDN,DNS resolver and disable dnsmasq
Steps:
1. Configure hostname
# vim /etc/hostname
web
Save and exit
2. Configure FQDN
# vim /etc/hosts
192.168.0.105 web.ddc web
Save and exit
Note: FQDN should be the first entry in this configuration file for the given IP address followed by hostname.
In new version of Ubuntu such as Ubuntu 16.04 this method will not work. In such cases please do the following:
i. Set hostname with following command
hostnamectl set-hostname web
ii. Configure FQDN by editing /etc/hosts file as follows:
192.168.0.105 web.ddc web
3. Check the newly configured hostname and FQDN with following commands
# hostname (checks hostname)
Expected output:
web
# hostname -f (checks FQDN)
Expected output:
web.ddc
4. Configure Ubuntu's resolver to use our BIND DNS server
Main configuration file: /etc/resolv.conf
# vim /etc/resolv.conf
nameserver 192.168.0.105
Save and exit
Usually this file is populated by DHCP procedures which involves getting information from the router.
If we want to make sure that our DNS server is used in the first place, we edit this file, /etc/resolvconf/resolv.conf.d/head
# vim /etc/resolvconf/resolv.conf.d/head
nameserver 192.168.0.105
Save and exit
This will make sure that in case the router provides other information regarding DNS servers, our server at 192.168.0.105 gets top priority.
For example, if the router's DHCP procedure is configured to set DNS server as 8.8.8.8. In this case, the main configuration file will read:
nameserver 192.168.0.105
nameserver 8.8.8.8
The first part came from /etc/resolvconf/resolv.conf.d/head whereas the second part came from the router's DHCP procedure.
5. Regenerate resolv.conf file after making the necessary changes
# resolvconf -u
6. Disable DNSMasq
# vim /etc/NetworkManager/NetworkManager.conf
#dns=dnsmasq (dnsmasq disabled by commenting the line)
Save and exit
Note: dnsmasq is a lightweight DNS and DHCP server which needs to be disabled for bind to work.
Second part
Summary: Configure bind DNS server and trusted clients.
Steps:
1. Configure trusted clients, forwarding to google's DNS server and enable recursion
# vim /etc/bind/named.conf.options
acl "trusted" {
192.168.0.0/24; # this lists the nodes in the network which will have privilege to use this DNS server
};
options {
directory "/var/cache/bind";
recursion yes; #enables DNS recursion
allow-recursion {
trusted; #enables DNS recursion only for trusted DNS clients
};
listen-on {
192.168.0.105; #IP address for the DNS server
};
forwarders {
8.8.8.8; #BIND will forward queries to google's DNS server to resolve global domains
8.8.4.4; #BIND will forward queries to google's DNS server to resolve global domains
};
dnssec-validation auto; #enables dnssec validation
auth-nxdomain no; #conform to RFC1035
};
Save and exit
2. Define a local zone named "ddc" and map the settings to the zone file "db.ddc"
# vim /etc/bind/named.conf.local
zone "ddc" {
type master;
file "/etc/bind/zones/db.ddc"; # path to zone file
};
Save and exit
Note: you can similary define reverse zone and map to the reverse zone file
3. Create the zones folder and db.ddc file
# mkdir zones
# cd zones
# vim db.ddc
$TTL 604800
@ IN SOA web.ddc. admin.web.ddc. (
20160520 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;nameserver NS record
IN NS web.ddc.
;nameserver A record
web.ddc. IN A 192.168.0.105
Save and exit
4. Check for syntax error in the recently configured named.conf.local and named.conf.option file
# named-checkconf
Expected Output: Return to prompt (no output in case of no syntax error)
In case of error, you will receive an error message which you can take reference to fix the error itself.
5. Check the zone file "db.ddc" against the zone "web.ddc"
# named-checkzone web.ddc db.ddc
Expected-output:
zone web.ddc/IN: loaded serial 2
OK
6. Restart bind service
# service bind9 restart
7. Test the configuration
# dig web.ddc
Expected Output:
".....
;; QUESTION SECTION:
;web.ddc. IN A
;; ANSWER SECTION:
web.ddc. 604800 IN A 192.168.0.105
;; AUTHORITY SECTION:
ddc. 604800 IN NS web.ddc.
...."
Finally, we will set DHCP configuration in router to set 192.168.0.105 as primary DNS server. This way, when computers connect to our private network, router will provide 192.168.0.105 as primary DNS server. Secondary DNS server can be any other DNS server. This way, the local domain web.ddc, which will resolve to 192.168.0.105, will be accessible to all the computers in the private network. Likewise, the computers will also be able to access global domains with the help from Google's DNS servers at 8.8.8.8 and 8.8.4.4.
Thanks.