{"id":898,"date":"2018-04-10T15:08:41","date_gmt":"2018-04-10T12:08:41","guid":{"rendered":"https:\/\/helia.ee\/koolitus\/?page_id=898"},"modified":"2018-04-10T15:08:41","modified_gmt":"2018-04-10T12:08:41","slug":"configure-dns-server-debian-9-ubuntu-16-04","status":"publish","type":"page","link":"https:\/\/helia.ee\/koolitus\/?page_id=898","title":{"rendered":"Configure DNS Server On Debian 9 \/ Ubuntu 16.04"},"content":{"rendered":"

Domain Name System<\/a><\/strong> (in short, DNS) is an internet service that is used to resolve Domain Name to IP Address and vice versa.<\/p>\n

BIND (Berkeley Internet Name Domain) provides the functionality of name to ip conversion.<\/p>\n

This post will help you configure DNS server<\/a><\/strong> on Debian 9<\/a><\/strong> \/ Ubuntu 16.04<\/a><\/strong>.<\/p>\n

Environment<\/h2>\n

Domain: itzgeek.local<\/strong><\/p>\n

Primary DNS server:\u00a0 (It is the master server, and DNS records are created here.)
\n<\/strong><\/p>\n

Server Name: ns1.itzgeek.local<\/p>\n

IP Address: 192.168.1.10<\/p>\n

Secondary DNS server: (It is the slave server, gets DNS records from the Master server. It acts as a backup DNS server for the primary server if the primary server goes down.)
\n<\/strong><\/p>\n

Server Name: ns2.itzgeek.local<\/p>\n

IP Address: 192.168.1.20<\/p>\n

In this post, we set up only the primary DNS server. In case if you are planning to implement secondary server then take a look at configuring slave DNS server on Debian 9 \/ Ubuntu 16.04<\/a>.<\/strong><\/p>\n

Prerequisites<\/h2>\n

Switch to the root user.<\/p>\n

su -<\/pre>\n
OR<\/p>\n
sudo su -<\/pre>\n
Update the repository index.<\/p>\n
apt-get update<\/pre>\n
Make sure both primary and secondary server has a static IP address.<\/strong><\/p>\n
\n
<\/div>\n<\/div>\n
READ<\/strong>: How to configure static ip address in Debian \/ Ubuntu \/ LinuxMint<\/a><\/strong><\/p>\n
Install DNS Server<\/h2>\n
The package name of DNS in Debian \/ Ubuntu is bind9 and is available in the base repository<\/strong>. You can use apt command to install bind9 package.<\/p>\n
apt-get install -y bind9 bind9utils bind9-doc dnsutils<\/pre>\n
Configure DNS Server<\/h2>\n
\/etc\/bind\/ is the configuration directory of bind9<\/strong>, holds configuration files and zone lookup files. Global configuration file is \/etc\/bind\/named.conf.<\/strong><\/p>\n
Create Zone\u2019s<\/h3>\n
Let us begin with creating forward zone for your domain.<\/p>\n
You should not use the global configuration file for local DNS zone rather you can use \/etc\/bind\/named.conf.local file.<\/strong><\/p>\n
nano \/etc\/bind\/named.conf.local<\/pre>\n
Forward Zone:<\/strong><\/p>\n
The following is the forward zone entry for the itzgeek.local domain in the named.conf.local file.<\/p>\n
zone \"itzgeek.local\" IN { \/\/Domain name<\/strong>\r\n     type master; \/\/Primary DNS<\/strong>\r\n     file \"\/etc\/bind\/fwd.itzgeek.local.db\"; \/\/Forward lookup file<\/strong>\r\n     allow-update { none; }; \/\/ Since this is the primary DNS, it should be none.<\/strong>\r\n};\r\n<\/pre>\n
Reverse Zone:<\/strong><\/p>\n
The following is for the reverse zone in the named.conf.local file.<\/p>\n
zone \"1.168.192.in-addr.arpa\" IN { \/\/Reverse lookup name, should match your network in reverse order<\/strong>\r\n     type master; \/\/ Primary DNS<\/strong>\r\n     file \"\/etc\/bind\/rev.itzgeek.local.db\"; \/\/Reverse lookup file<\/strong>\r\n     allow-update { none; }; \/\/Since this is the primary DNS, it should be none.<\/strong>\r\n};\r\n<\/pre>\n
Create Zone lookup file<\/h3>\n
Once zones are created, you can go ahead and create zone data files for the forward zone and reverse zone.<\/p>\n
Forward Zone lookup file:<\/strong><\/p>\n
Copy the sample entries to zone file called fwd.itzgeek.local.db for forward zone under \/etc\/bind directory.<\/p>\n
Record types in zone file,<\/p>\n
SOA \u2013 Start of Authority<\/strong>
\nNS \u2013 Name Server<\/strong>
\nA \u2013 A record<\/strong>
\nMX \u2013 Mail for Exchange<\/strong>
\nCN \u2013 Canonical Name<\/strong><\/p>\n
Domain names should end with a dot (.).<\/strong><\/p>\n
\n
<\/div>\n<\/div>\n
cp \/etc\/bind\/db.local \/etc\/bind\/fwd.itzgeek.local.db<\/pre>\n
Edit the zone.<\/p>\n
nano \/etc\/bind\/fwd.itzgeek.local.db<\/pre>\n
Update the content shown like below. Whenever you change any records in the lookup file, make sure you update the serial number to some random number, higher than current.<\/strong><\/p>\n
;\r\n; BIND data file for local loopback interface\r\n;\r\n$TTL    604800\r\n@       IN      SOA     ns1.itzgeek.local. root.itzgeek.local. (\r\n                             20         ; Serial<\/strong>\r\n                         604800         ; Refresh\r\n                          86400         ; Retry\r\n                        2419200         ; Expire\r\n                         604800 )       ; Negative Cache TTL\r\n;\r\n;@      IN      NS      localhost.\r\n;@      IN      A       127.0.0.1\r\n;@      IN      AAAA    ::1\r\n\r\n;Name Server Information<\/strong>\r\n       IN      NS      ns1.itzgeek.local.\r\n       IN      NS      ns2.itzgeek.local.\r\n;IP address of Name Server<\/strong>\r\nns1     IN      A       192.168.1.10\r\nns2     IN      A       192.168.1.20\r\n\r\n;Mail Exchanger<\/strong>\r\nitzgeek.local.   IN     MX   10   mail.itzgeek.local.\r\n\r\n;A - Record HostName To Ip Address<\/strong>\r\nwww     IN       A      192.168.1.100\r\nmail    IN       A      192.168.1.150\r\n@       IN       A      192.168.1.200\r\n;CNAME record<\/strong>\r\nftp     IN      CNAME   www.itgeek.local.\r\n<\/pre>\n
Reverse Zone lookup file:<\/strong><\/p>\n
Copy the sample entries to zone file called rev.itzgeek.local.db for reverse zone under \/etc\/bind directory and create reverse pointers for the above forward zone records.<\/p>\n
PTR \u2013 Pointer<\/strong>
\nSOA \u2013 Start of Authority<\/strong><\/p>\n
cp \/etc\/bind\/db.127 \/etc\/bind\/rev.itzgeek.local.db<\/pre>\n
Edit the reverse zone file.<\/p>\n
nano \/etc\/bind\/rev.itzgeek.local.db<\/pre>\n
Update the content shown like below. Whenever you change any records in the lookup file, make sure you update the serial number to some random number, higher than current.<\/strong><\/p>\n
;\r\n; BIND reverse data file for local loopback interface\r\n;\r\n$TTL    604800\r\n@       IN      SOA     itzgeek.local. root.itzgeek.local. (\r\n                             20         ; Serial<\/strong>\r\n                         604800         ; Refresh\r\n                          86400         ; Retry\r\n                        2419200         ; Expire\r\n                         604800 )       ; Negative Cache TTL\r\n;\r\n;@      IN      NS      localhost.\r\n;1.0.0  IN      PTR     localhost.\r\n\r\n;Name Server Information<\/strong>\r\n       IN      NS     ns1.itzgeek.local.\r\n       IN      NS     ns2.itzgeek.local.\r\n;Reverse lookup for Name Server<\/strong>\r\n10      IN      PTR    ns1.itzgeek.local.\r\n20      IN      PTR    ns2.itzgeek.local.\r\n;PTR Record IP address to HostName<\/strong>\r\n100     IN      PTR    www.itzgeek.local.\r\n150     IN      PTR    mail.itzgeek.local.\r\n200     IN      PTR    itzgeek.local.\r\n<\/pre>\n
Check BIND Configuration Syntax<\/h3>\n
Use named-checkconf<\/strong> command to check the syntax of named.conf* files for any errors.<\/p>\n
named-checkconf<\/pre>\n
Command will return to the shell if there are no errors.<\/strong><\/p>\n
Also, you can use named-checkzone <\/strong>to check the syntax errors in zone files.<\/p>\n
For foward zone:<\/p>\n
named-checkzone itzgeek.local \/etc\/bind\/fwd.itzgeek.local.db<\/pre>\n
Output:<\/strong><\/p>\n
zone itzgeek.local\/IN: loaded serial 20\r\nOK<\/pre>\n
For reverse zone:<\/p>\n
named-checkzone 1.168.192.in-addr.arpa \/etc\/bind\/rev.itzgeek.local.db<\/pre>\n
Output:<\/strong><\/p>\n
zone 1.168.192.in-addr.arpa\/IN: loaded serial 20\r\nOK<\/pre>\n
Restart bind service.<\/p>\n
\n
<\/div>\n<\/div>\n
systemctl restart bind9<\/pre>\n
Enable it on system startup.<\/p>\n
systemctl enable bind9<\/pre>\n
Check the status of bind9 service.<\/p>\n
systemctl status bind9<\/pre>\n
Output:<\/strong><\/p>\n
\u25cf<\/strong> bind9.service - BIND Domain Name Server\r\n   Loaded: loaded (\/lib\/systemd\/system\/bind9.service; enabled; vendor preset: enabled)\r\n   Active: active (running)<\/strong> since Mon 2017-10-09 13:31:54 EDT; 1min 51s ago\r\n     Docs: man:named(8)\r\n Main PID: 778 (named)\r\n    Tasks: 4 (limit: 4915)\r\n   CGroup: \/system.slice\/bind9.service\r\n           \u2514\u2500778 \/usr\/sbin\/named -f -u bind\r\n\r\nOct 09 13:31:55 ns1.itzgeek.local named[778]: managed-keys-zone: loaded serial 4\r\nOct 09 13:31:55 ns1.itzgeek.local named[778]: zone 0.in-addr.arpa\/IN: loaded serial 1\r\nOct 09 13:31:55 ns1.itzgeek.local named[778]: zone 127.in-addr.arpa\/IN: loaded serial 1\r\nOct 09 13:31:55 ns1.itzgeek.local named[778]: zone localhost\/IN: loaded serial 2\r\nOct 09 13:31:55 ns1.itzgeek.local named[778]: zone 1.168.192.in-addr.arpa\/IN: loaded serial 20\r\nOct 09 13:31:55 ns1.itzgeek.local named[778]: zone itzgeek.local\/IN: loaded serial 20\r\nOct 09 13:31:55 ns1.itzgeek.local named[778]: zone 255.in-addr.arpa\/IN: loaded serial 1\r\nOct 09 13:31:55 ns1.itzgeek.local named[778]: all zones loaded\r\nOct 09 13:31:55 ns1.itzgeek.local named[778]: running\r\nOct 09 13:31:55 ns1.itzgeek.local named[778]: zone 1.168.192.in-addr.arpa\/IN: sending notifies (serial 20)\r\n<\/pre>\n
Verify DNS<\/h2>\n
Go to any client machine and add our new DNS server IP Address in \/etc\/resolv.conf file.<\/p>\n
nano \/etc\/resolv.conf<\/pre>\n
Make an entry like below.<\/p>\n
nameserver 192.168.1.10<\/pre>\n
OR<\/strong><\/p>\n
Follow the below tutorial to add DNS server IP in Ubuntu \/ Debian.<\/p>\n
READ<\/strong>: How to add DNS IP address in Debian \/ Ubuntu \/ LinuxMint<\/a><\/strong><\/p>\n
You can either use nslookup or dig command to verify the DNS server<\/strong>.<\/p>\n
Use the dig command to verify the forward lookup.<\/p>\n
dig www.itzgeek.local<\/pre>\n
If you get command not found, install bind-utils package.<\/strong><\/p>\n
Output:<\/strong><\/p>\n
; <<>> DiG 9.10.3-P4-Debian <<>> www.itzgeek.local @192.168.1.10\r\n;; global options: +cmd\r\n;; Got answer:\r\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13117\r\n;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2\r\n\r\n;; OPT PSEUDOSECTION:\r\n; EDNS: version: 0, flags:; udp: 4096\r\n;; QUESTION SECTION:\r\n;www.itzgeek.local.             IN      A\r\n\r\n;; ANSWER SECTION:\r\nwww.itzgeek.local.      604800  IN      A       192.168.1.100<\/strong>\r\n\r\n;; AUTHORITY SECTION:\r\nitzgeek.local.          604800  IN      NS      ns1.itzgeek.local.\r\n\r\n;; ADDITIONAL SECTION:\r\nns1.itzgeek.local.      604800  IN      A       192.168.1.10\r\n\r\n;; Query time: 0 msec\r\n;; SERVER: 192.168.1.10#53(192.168.1.10)\r\n;; WHEN: Mon Oct 09 13:14:22 EDT 2017\r\n;; MSG SIZE  rcvd: 96\r\n<\/pre>\n
The DNS server\u2019s answer for forward lookup: 192.168.1.100 as IP address for www.itzgeek.local.<\/strong><\/p>\n
Confirm the reverse lookup with dig command.<\/p>\n
dig -x 192.168.1.100<\/pre>\n
Output:<\/strong><\/p>\n
\n
<\/div>\n<\/div>\n
; <<>> DiG 9.10.3-P4-Debian <<>> -x 192.168.1.100 @192.168.1.10\r\n;; global options: +cmd\r\n;; Got answer:\r\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39795\r\n;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2\r\n\r\n;; OPT PSEUDOSECTION:\r\n; EDNS: version: 0, flags:; udp: 4096\r\n;; QUESTION SECTION:\r\n;100.1.168.192.in-addr.arpa.    IN      PTR\r\n\r\n;; ANSWER SECTION:\r\n100.1.168.192.in-addr.arpa. 604800 IN   PTR     www.itzgeek.local.<\/strong>\r\n\r\n;; AUTHORITY SECTION:\r\n1.168.192.in-addr.arpa. 604800  IN      NS      ns1.itzgeek.local.\r\n\r\n;; ADDITIONAL SECTION:\r\nns1.itzgeek.local.      604800  IN      A       192.168.1.10\r\n\r\n;; Query time: 0 msec\r\n;; SERVER: 192.168.1.10#53(192.168.1.10)\r\n;; WHEN: Mon Oct 09 13:15:32 EDT 2017\r\n;; MSG SIZE  rcvd: 120\r\n<\/pre>\n
The DNS server\u2019s answer for reverse lookup: www.itzgeek.local as a name for 192.168.1.100.<\/strong><\/p>\n
This result confirms that both forward and reverse zone lookups are working fine.<\/p>\n
That\u2019s All. You have successfully installed BIND on Debian 9<\/a><\/strong> \/ Ubuntu 16.04<\/a><\/strong> as a master server. In our next article, we will configure Slave DNS server<\/a><\/strong> on Debian 9<\/a><\/strong> \/ Ubuntu 16.04<\/a><\/strong>.<\/p>\n","protected":false},"excerpt":{"rendered":"
Domain Name System (in short, DNS) is an internet service that is used to resolve Domain Name to IP Address and vice versa. BIND (Berkeley Internet Name Domain) provides the functionality of name to ip conversion. This post will help you configure DNS server on Debian 9 \/ Ubuntu 16.04. Environment Domain: itzgeek.local Primary DNS […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":621,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"class_list":["post-898","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/898","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=898"}],"version-history":[{"count":1,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/898\/revisions"}],"predecessor-version":[{"id":899,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/898\/revisions\/899"}],"up":[{"embeddable":true,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/621"}],"wp:attachment":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=898"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}