{"id":3269,"date":"2019-06-15T11:38:58","date_gmt":"2019-06-15T08:38:58","guid":{"rendered":"https:\/\/kifarunix.com\/?p=3269"},"modified":"2019-06-15T14:24:28","modified_gmt":"2019-06-15T11:24:28","slug":"configure-bind-as-dns-server-on-ubuntu-18-04","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/configure-bind-as-dns-server-on-ubuntu-18-04\/","title":{"rendered":"Configure BIND as DNS Server on Ubuntu 18.04"},"content":{"rendered":"\n<p>In this guide, we are going to learn how to install and configure BIND as DNS server on Ubuntu 18.04. <a rel=\"noreferrer noopener\" aria-label=\"BIND (opens in a new tab)\" href=\"https:\/\/www.isc.org\/bind\/\" target=\"_blank\">BIND<\/a> (Berkeley Internet Name Domain system), or named, is the most widely used Domain Name System software on the Internet. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Configure BIND as DNS Server on Ubuntu 18.04<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Install BIND 9 on Ubuntu 18.04<\/h3>\n\n\n\n<p>To begin with, update system pakcages.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt update\napt upgrade<\/code><\/pre>\n\n\n\n<p>Next, install BIND 9 package and Utilities on Ubuntu 18.04.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt install bind9 bind9utils<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"configuring-master-dns-server:b0fc218a7083489c2a29de625a52f76b\">Configuring BIND as Master DNS Server on Ubuntu 18.04<\/h3>\n\n\n\n<p>Once the installation of BIND packages is done, proceed to configure BIND as Master DNS server.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Configure Access Control List<\/h3>\n\n\n\n<p>The <strong>acl<\/strong> statement can be used to define groups of hosts that can be permitted or denied access to the nameserver.. Hence, open the named options configuration file and define the acl block as shown below.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim \/etc\/bind\/named.conf.options<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>acl \"allowed\" {\n        192.168.2.0\/24;\n};\n\noptions {\n  directory \"\/var\/cache\/bind\";\n...<\/code><\/pre>\n\n\n\n<p>This create an ACL called <strong>allowed<\/strong> which allows the hosts on the local network (192.168.2.0\/24, in this demo).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Define global server configuration options<\/h3>\n\n\n\n<p>The&nbsp;<code>options<\/code>&nbsp;statement allows you to define global server configuration options, set defaults for other statements, specify the location of the&nbsp;<code>named<\/code>&nbsp;working directory, the types of queries allowed&#8230;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>...\noptions {\n  directory \"\/var\/cache\/bind\";\n\n        recursion yes;\n        allow-recursion { localhost; allowed; };\n        listen-on port 53 { localhost; 192.168.2.5; };\n        allow-query { localhost; allowed; };\n        allow-transfer { none; };\n\n        forwarders {\n                192.168.2.1;\n                8.8.8.8;\n        };\n\n        dnssec-validation auto;\n\n        auth-nxdomain no;    # conform to RFC1035\n        listen-on-v6 { none; };\n};<\/code><\/pre>\n\n\n\n<p>Where:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>recursion<\/strong> &#8211; Specifies whether to act as a recursive server.<\/li><li><strong>allow-recursion<\/strong> &#8211; Defines hosts to allow recursive queries from.<\/li><li><strong>listen-on<\/strong> &#8211; Specifies the&nbsp;<code>IPv4<\/code>&nbsp;network interface on which to listen for queries.<\/li><li><strong>allow-query<\/strong> &#8211; Specifies which hosts are allowed to query the nameserver for authoritative resource records.<\/li><li><strong>allow-transfer<\/strong> &#8211; Specifies which secondary servers are allowed to request a transfer of the zone&#8217;s information.&nbsp;<\/li><li><strong>forwarders<\/strong> &#8211; Defines one or more IP addresses of name servers to query.<\/li><li><strong>dnssec-validation<\/strong> &#8211; Specifies whether to prove that resource records are authentic through DNSSEC. The default option is&nbsp;<code>yes<\/code>.<\/li><li><strong>auth-nxdomain<\/strong> &#8211;  defines whether the server should answer authoritatively.<\/li><li><strong>listen-on-v6<\/strong> &#8211; Specifies the&nbsp;<code>IPv6<\/code>&nbsp;network interface on which to listen for queries.&nbsp;<\/li><\/ul>\n\n\n\n<p>Save the configuration file and check for any syntax errors by running the command below. If there is not output, then the syntax is correct;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>named-checkconf \/etc\/bind\/named.conf.options<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Configure DNS Server Zone Statements<\/h4>\n\n\n\n<p>The&nbsp;<code>zone<\/code>&nbsp;statement can be used to define the characteristics of a zone, such as the location of its configuration file and zone-specific options. To define the forward and reverse Zone statements, see below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim \/etc\/bind\/named.conf.local<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code># Zone statement for forward DNS lookup\nzone \"kifarunix-demo.com\" IN {\n        type master;\n        file \"kifarunix-demo.com\";\n};\n# Zone statement for reverse DNS lookup\nzone \"2.168.192.in-addr.arpa\" IN {\n        type master;\n        file \"rev-kifarunix-demo.com\";\n};<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Create Forward and Reverse Zone Files<\/h4>\n\n\n\n<p>Zone file&nbsp;is a text file that describes a&nbsp;DNS&nbsp;zone. It contains mappings between&nbsp;domain names&nbsp;and&nbsp;IP addresses&nbsp;and other DNS resource records (RR).<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Forward zone file is used to translate hostnames into IP addresses<\/li><li>Reverse zone file defines how to resolve IP addresses into hostnames.<\/li><\/ul>\n\n\n\n<p>The Zone files can be created in the BIND working directory as defined in the options statement configuration.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim \/var\/cache\/bind\/kifarunix-demo.com<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>$TTL    86400\n@       IN      SOA     ns1.kifarunix-demo.com. root.kifarunix-demo.com. (\n                2019061401   ; serial\n                7200         ; refresh after 2 hours \n                3600         ; retry after 1 hour\n                604800       ; expire after 1 week\n                86400 )      ; minimum TTL of 1 day\n;\n; Primary Nameserver\n        IN      NS      ns1.kifarunix-demo.com.\n;\n; Define A records (forward lookups)\nns1     IN      A       192.168.2.5\nserver01        IN      A       192.168.2.100<\/code><\/pre>\n\n\n\n<p>Create Reverse Zone File<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim \/var\/cache\/bind\/rev-kifarunix-demo.com<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>$TTL    86400\n@       IN      SOA     ns1.kifarunix-demo.com. root.kifarunix-demo.com. (\n                2019061401   ; serial\n                7200         ; refresh after 2 hours \n                3600         ; retry after 1 hour\n                604800       ; expire after 1 week\n                86400 )      ; minimum TTL of 1 day\n;\n; Primary nameserver\n@       IN      NS      ns1.kifarunix-demo.com.\n; PTR records for reverse lookup\n5       IN      PTR     ns1.kifarunix-demo.com.\n100     IN      PTR     server01.kifarunix-demo.com.<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Verify Zone Configuration Syntax<\/h4>\n\n\n\n<p>Once you are done creating the zone files, run the command below to check for syntax errors.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>named-checkzone kifarunix-demo.com \/var\/cache\/bind\/kifarunix-demo.com\nzone kifarunix-demo.com\/IN: loaded serial 2019061401\nOK<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>named-checkzone 2.168.192.in-addr.arpa \/var\/cache\/bind\/rev-kifarunix-demo.com\nzone 2.168.192.in-addr.arpa\/IN: loaded serial 2019061401\nOK<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"restarting-bind\">Running BIND<\/h4>\n\n\n\n<p>Once you have confirmed that there are no configuration errors on your zone configuration files, proceed to restart and enable BIND to run on system boot.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl restart bind9\nsystemctl enable  bind9<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Allow BIND on Firewall<\/h4>\n\n\n\n<p>If UFW is running, run the command below to allow BIND through it.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ufw allow Bind9<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Testing BIND<\/h4>\n\n\n\n<p>To test BIND resolution on the DNS server itself, edit the interface configuration file and change the nameserver address to DNS server IP as shown below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>less \/etc\/netplan\/01-netcfg.yaml<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>network:\n  version: 2\n  renderer: networkd\n  ethernets:\n    enp0s3:\n      dhcp4: no\n      addresses: [192.168.2.5\/24]\n      nameservers:\n              addresses:\n                      - 192.168.2.5\n              search: [ kifarunix-demo.com ]<\/code><\/pre>\n\n\n\n<p>Run the command below to apply the interface changes.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>netplan apply<\/code><\/pre>\n\n\n\n<p>Next, check system&#8217;s DNS resolver.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemd-resolve --status enp0s3\nLink 2 (enp0s3)\n      Current Scopes: DNS\n       LLMNR setting: yes\nMulticastDNS setting: no\n      DNSSEC setting: no\n    DNSSEC supported: no\n         DNS Servers: 192.168.2.5\n          DNS Domain: kifarunix-demo.com<\/code><\/pre>\n\n\n\n<p>If you can try to resolve the DNS server hostname, all should be well.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dig ns1.kifarunix-demo.com<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>; &lt;&lt;>> DiG 9.11.3-1ubuntu1.7-Ubuntu &lt;&lt;>> ns1.kifarunix-demo.com\n;; global options: +cmd\n;; Got answer:\n;; ->>HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 56448\n;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1\n\n;; OPT PSEUDOSECTION:\n; EDNS: version: 0, flags:; udp: 65494\n;; QUESTION SECTION:\n;ns1.kifarunix-demo.com.\t\tIN\tA\n\n;; ANSWER SECTION:\nns1.kifarunix-demo.com.\t3750\tIN\tA\t192.168.2.5\n\n;; Query time: 0 msec\n;; SERVER: 127.0.0.53#53(127.0.0.53)\n;; WHEN: Sat Jun 15 14:20:12 EAT 2019\n;; MSG SIZE  rcvd: 67<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"configuring-the-client:b0fc218a7083489c2a29de625a52f76b\">Configuring the client<\/h2>\n\n\n\n<p>In this example, we are using Ubuntu 18.04 server. Hence, similarly edit the interface and define the DNS server IP address as shown below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>less \/etc\/netplan\/01-netcfg.yaml<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>network:\n  version: 2\n  renderer: networkd\n  ethernets:\n    enp0s3:\n      dhcp4: no\n      addresses: [192.168.2.100\/24]\n      nameservers:\n              addresses:\n                      - 192.168.2.5\n              search: [ kifarunix-demo.com ]<\/code><\/pre>\n\n\n\n<p>Apply the changes and try name resolution.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>; &lt;&lt;>> DiG 9.11.3-1ubuntu1.7-Ubuntu &lt;&lt;>> server01.kifarunix-demo.com\n;; global options: +cmd\n;; Got answer:\n;; ->>HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 4331\n;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1\n\n;; OPT PSEUDOSECTION:\n; EDNS: version: 0, flags:; udp: 65494\n;; QUESTION SECTION:\n;server01.kifarunix-demo.com.\tIN\tA\n\n;; ANSWER SECTION:\nserver01.kifarunix-demo.com. 3201 IN\tA\t192.168.2.100\n\n;; Query time: 0 msec\n;; SERVER: 127.0.0.53#53(127.0.0.53)\n;; WHEN: Sat Jun 15 11:24:36 EAT 2019\n;; MSG SIZE  rcvd: 72<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Reverse DNS lookup on the Client<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dig -x 192.168.2.100<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>; &lt;&lt;>> DiG 9.11.3-1ubuntu1.7-Ubuntu &lt;&lt;>> -x 192.168.2.100\n;; global options: +cmd\n;; Got answer:\n;; ->>HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 2338\n;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1\n\n;; OPT PSEUDOSECTION:\n; EDNS: version: 0, flags:; udp: 65494\n;; QUESTION SECTION:\n;100.2.168.192.in-addr.arpa.\tIN\tPTR\n\n;; ANSWER SECTION:\n100.2.168.192.in-addr.arpa. 86400 IN\tPTR\tserver01.kifarunix-demo.com.\n\n;; Query time: 3 msec\n;; SERVER: 127.0.0.53#53(127.0.0.53)\n;; WHEN: Sat Jun 15 11:26:32 EAT 2019\n;; MSG SIZE  rcvd: 96<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dig -x 192.168.2.5<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>; &lt;&lt;>> DiG 9.11.3-1ubuntu1.7-Ubuntu &lt;&lt;>> -x 192.168.2.5\n;; global options: +cmd\n;; Got answer:\n;; ->>HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 22470\n;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1\n\n;; OPT PSEUDOSECTION:\n; EDNS: version: 0, flags:; udp: 65494\n;; QUESTION SECTION:\n;5.2.168.192.in-addr.arpa.\tIN\tPTR\n\n;; ANSWER SECTION:\n5.2.168.192.in-addr.arpa. 86400\tIN\tPTR\tns1.kifarunix-demo.com.\n\n;; Query time: 2 msec\n;; SERVER: 127.0.0.53#53(127.0.0.53)\n;; WHEN: Sat Jun 15 11:28:01 EAT 2019\n;; MSG SIZE  rcvd: 89<\/code><\/pre>\n\n\n\n<p>And there you go. You have successfully installed and configure BIND as DNS server on Ubuntu 18.04. In our next tutorial, we are going to learn how to create a slave DNS server on Ubuntu 18.04.<\/p>\n\n\n\n<p>Want to set up BIND as DNS server on CentOS 7? check the link below.<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/how-to-setup-master-slave-dns-server-using-bind-on-centos-7\/\">How to Setup <\/a><a href=\"https:\/\/kifarunix.com\/how-to-setup-master-slave-dns-server-using-bind-on-centos-7\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"M (opens in a new tab)\">M<\/a><a href=\"https:\/\/kifarunix.com\/how-to-setup-master-slave-dns-server-using-bind-on-centos-7\/\">aster-Slave DNS Server using BIND on CentOS 7<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this guide, we are going to learn how to install and configure BIND as DNS server on Ubuntu 18.04. BIND (Berkeley Internet Name Domain<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[979,971,121],"tags":[109,980,108,981,982,67],"class_list":["post-3269","post","type-post","status-publish","format-standard","hentry","category-bind","category-dns","category-howtos","tag-bind","tag-bind-9","tag-dns-server","tag-master-dns-server","tag-primary-dns-server","tag-ubuntu-18-04","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/3269"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=3269"}],"version-history":[{"count":7,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/3269\/revisions"}],"predecessor-version":[{"id":3280,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/3269\/revisions\/3280"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=3269"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=3269"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=3269"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}