DNS, also known as name server, is a service on the Internet that provides mapping between IP addresses and domain names and vice versa. DNS maintains a database of names and related IP addresses. When an application queries with a domain name, DNS responds with a mapped IP address. Applications can also ask for a domain name by providing an IP address.
DNS is quite a big topic, and an entire chapter can be written just on the DNS setup. This recipe assumes some basic understanding of the working of the DNS protocol. We will cover the installation of BIND, installation of DNS server application, configuration of BIND as a caching DNS, and setup of Primary Master and Secondary Master. We will also cover some best practices to secure your DNS server.
In this recipe, I will be using four servers. You can create virtual machines if you want to simply test the setup:
ns1
: Name server one/Primary Masterns2
: Name server two/Secondary Masterhost1
: Host system onehost2
: Host system two, optional10.0.2.0/24
networkInstall BIND and set up a caching name server through the following steps:
ns1
, install BIND and dnsutils
with the following command:$ sudo apt-get update $ sudo apt-get install bind9 dnsutils
/etc/bind/named.conf.optoins
, enable the forwarders
section, and add your preferred DNS servers:forwarders { 8.8.8.8; 8.8.4.4; };
$ sudo service bind9 restart
$ dig -x 127.0.0.1
;; Query time: 1 msec ;; SERVER: 10.0.2.53#53(10.0.2.53)
dig
to external domain and check the query time:Set up Primary Master through the following steps:
ns1
server, edit /etc/bind/named.conf.options
and add the acl
block above the options
block:acl "local" { 10.0.2.0/24; # local network };
options
block:recursion yes; allow-recursion { local; }; listen-on { 10.0.2.53; }; # ns1 IP address allow-transfer { none; };
/etc/bind/named.conf.local
file to add forward and reverse zones:$ sudo nano /etc/bind/named.conf.local
zone
:zone "example.com" { type master; file "/etc/bind/zones/db.example.com"; };
zone
:zone "2.0.10.in-addr.arpa" { type master; file "/etc/bind/zones/db.10"; };
zones
directory under /etc/bind/
:$ sudo mkdir /etc/bind/zones
zone
file using the existing zone
file, db.local
, as a template:$ cd /etc/bind/ $ sudo cp db.local zones/db.example.com
SOA
entry and replace localhost
with FQDN of your server.201507071100
)localhost
, 127.0.0.1
and ::1
.; name server - NS records @ IN NS ns.exmple.com ; name server A records ns IN A 10.0.2.53 ; local - A records host1 IN A 10.0.2.58
zone
file using /etc/bind/db.127
as a template:$ sudo cp db.127 zones/db.10
SOA
record and increment the serial number.NS
and PTR
records for localhost
.NS
, PTR
, and host records
:; NS records @ IN NS ns.example.com ; PTR records 53 IN PTR ns.example.com ; host records 58 IN PTR host1.example.com
$ sudo named-checkconf
zone
files for syntax errors:$ sudo named-checkzone example.com /etc/bind/zones/db.example.com
zone example.com/IN: loaded serial 3 OK
zone
file, zones/db.10
:$ sudo named-checkzone example.com /etc/bind/zones/db.10
zone example.com/IN: loaded serial 3 OK
$ sudo service bind9 restart
ns.example.com
as a DNS server. Add ns.example.com
to /etc/resolve.conf
on host2.nslookup
command:$ nslookup host1.example.com
$ nslookup host1.example.com Server: 10.0.2.53 Address: 10.0.2.53#53 Name: host1.example.com Address: 10.0.2.58
$ nslookup 10.0.2.58
$ nslookup 10.0.2.58 Server: 10.0.2.53 Address: 10.0.2.53#53 58.2.0.10.in-addr.arpa name = host1.example.com
Set up Secondary Master through the following steps:
allow-transfer
option in /etc/bind/named.conf.local
:zone "example.com" { type master; file "/etc/bind/zones/db.example.com"; allow-transfer { 10.0.2.54; }; }; zone "2.0.10.in-addr.arpa" { type master; file "/etc/bind/zones/db.10"; allow-transfer { 10.0.2.54; }; };
$ sudo service bind9 restart
ns2
), install the BIND package./etc/bind/named.conf.local
to add zone
declarations as follows:zone "example.com" { type slave; file "db.example.com"; masters { 10.0.2.53; }; }; zone "2.0.10.in-addr.arpa" { type slave; file "db.10"; masters { 10.0.2.53; }; };
named.conf.local
.$ sudo service bind9 restart
/var/log/syslog
to verify the zone transfer.In the first section, we have installed the BIND server and enabled a simple caching DNS server. A caching server helps to reduce bandwidth and latency in name resolution. The server will try to resolve queries locally from the cache. If the entry is not available in the cache, the query will be forwarded to external DNS servers and the result will be cached.
In the second and third sections, we have set Primary Master and Secondary Master respectively. Primary Master is the first DNS server. Secondary Master will be used as an alternate server in case the Primary server becomes unavailable.
Under Primary Master, we have declared a forward zone and reverse zone for the example.com
domain. The forward zone is declared with domain name as the identifier and contains the type and filename for the database file. On Primary Master, we have set type
to master
. The reverse zone is declared with similar attributes and uses part of an IP address as an identifier. As we are using a 24-bit network address (10.0.2.0
/24
), we have included the first three octets of the IP address in reverse order (2.0.10
) for the reverse zone name.
Lastly, we have created zone files by using existing files as templates. Zone files are the actual database that contains records of the IP address mapped to FQDN and vice versa. It contains SOA record, A records, and NS records. An SOA record defines the domain for this zone; A records and AAAA records are used to map the hostname to the IP address.
When the DNS server receives a query for the example.com
domain, it checks for zone files for that domain. After finding the zone file, the host part from the query will be used to find the actual IP address to be returned as a result for query. Similarly, when a query with an IP address is received, the DNS server will look for a reverse zone file matching with the queried IP address.
$ man named