Note
Replace example.com and the IP address of your primary server.
Jump toSuggest an edit
Implementing a DNS server using BIND
Reviewed on 18 November 2024 • Published on 05 December 2018
- dns
- bind
DNS (Domain Name System) is a service that translates the IP address of computers connected to the internet into human-readable domain names, and vice versa. In an environment with a limited amount of Linux machines, it is possible to use the /etc/hosts file for associating an IP address to a DNS name. But when you have a large infrastructure with lots of systems/resources, /etc/hosts may quickly become cumbersome.
BIND or Berkeley Internet Name Domain is open-source software that implements DNS protocols for the internet. In this tutorial, we need a DNS server machine & a client machine for testing.
Before you start
To complete the actions presented below, you must have:
- A Scaleway account logged into the console
- Owner status or IAM permissions allowing you to perform actions in the intended Organization
- An SSH key
sudoprivileges or access to the root user
Installing BIND
- Install the latest version of BIND 9.20 and related tools:
apt-get install bind9 bind9utils bind9-doc dnsutils
- Verify the installed version:
The expected output should be:named -vBIN 9.20.x
Configuring the primary DNS server
-
Edit the
name.conf.localfile:cd /etc/bindnano named.conf.locale -
Paste the following. Make sure to edit the domain name and the IP address of the secondary machine.
//// Do any local configuration here//// Consider adding the 1918 zones here, if they are not used in your// organization//include "/etc/bind/zones.rfc1918";zone "example.com" IN {type master;file "/etc/bind/db.example.com";allow-update { 192.0.2.2; };allow-transfer { 192.0.2.2; };notify yes;}; -
Create your zone file. A zone file must contain at least an SOA, an NS, and an A record or CNAME.
sudo nano /etc/bind/db.example.com -
Paste the following:
$TTL 10800@ IN SOA ns1.example.com. admin.example.com. (2024111801 ; Serial10800 ; Refresh3600 ; Retry604800 ; Expire86400 ) ; Negative Cache TTL; Name servers@ IN NS ns1.example.com.@ IN NS ns2.example.com.; A and AAAA recordsns1 IN A 192.0.2.1ns2 IN A 192.0.2.2; Example hostwww IN A 192.0.2.3www IN AAAA 2001:db8::1 -
Enable DNSSEC (optional but recommended):
sudo dnssec-keygen -a RSASHA256 -b 2048 -n ZONE example.comsudo dnssec-signzone -o example.com /etc/bind/db.example.com- -
Restart the BIND server:
systemctl restart bind9
Configuring the secondary DNS server
-
Edit the
name.conf.localfile:cd /etc/bindnano named.conf.local -
Add the slave zone definition:
//// Do any local configuration here//// Consider adding the 1918 zones here, if they are not used in your// organization//include "/etc/bind/zones.rfc1918";zone "example.com" IN {type slave;file "/etc/bind/db.example.com";masters { 192.0.2.1; };allow-transfer { none; };}; -
Restart the BIND service.
service bind9 restart
Testing the Configuration
-
Check the primary DNS server:
dig @192.0.2.1 www.example.com -
Verify the secondary DNS server:
dig @192.0.2.2 www.example.comExpected output for both:
;; ANSWER SECTION:www.example.com. 86400 IN A 192.0.2.3 -
Test zone replication: Restart the primary DNS server and check the logs on the secondary server:
sudo tail -f /var/log/syslog
Security and best Practices
- Use
allow-transferandallow-updatedirectives to limit who can query or modify your DNS zones. - Sign your zones using DNSSEC to protect against DNS spoofing and man-in-the-middle attacks.
- Use
rndcor log analysis tools to monitor DNS queries and server performance.
Conclusion
You have successfully configured a DNS server using BIND 9.20. You can now resolve domain names within your infrastructure or serve DNS queries to external clients.
For more advanced configurations and features, refer to the official BIND 9.20 documentation.
Was this page helpful?