Setting Up a DNS Server Using BIND
1. Overview
This guide explains how to set up a DNS server using BIND9 on a Linux server (e.g., Ubuntu, CentOS). DNS (Domain
Name System) is responsible for translating domain names into IP addresses.
2. Prerequisites
- A Linux server (Ubuntu 20.04+, RHEL/CentOS 8+)
- Static IP address
- Root or sudo access
3. Install BIND9
On Ubuntu/Debian:
sudo apt update
sudo apt install bind9 bind9utils bind9-doc -y
On CentOS/RHEL:
sudo yum install bind bind-utils -y
4. Configure BIND
4.1 Main Configuration File
Edit the main config file:
Ubuntu: /etc/bind/named.conf.options
CentOS: /etc/named.conf
Example (Ubuntu):
options {
directory "/var/cache/bind";
recursion yes;
allow-query { any; };
forwarders {
8.8.8.8;
8.8.4.4;
};
dnssec-validation auto;
listen-on { any; };
allow-transfer { none; };
};
4.2 Define Zones
Add zone definitions in:
Ubuntu: /etc/bind/named.conf.local
CentOS: /etc/named.rfc1912.zones
Example:
zone "example.com" {
type master;
file "/etc/bind/db.example.com";
};
zone "1.168.192.in-addr.arpa" {
type master;
� file "/etc/bind/db.192.168.1";
};
5. Create Zone Files
5.1 Forward Zone File
sudo cp /etc/bind/db.local /etc/bind/db.example.com
sudo nano /etc/bind/db.example.com
Example:
$TTL 604800
@ IN SOA ns1.example.com. admin.example.com. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
@ IN NS ns1.example.com.
ns1 IN A 192.168.1.10
www IN A 192.168.1.20
5.2 Reverse Zone File
sudo cp /etc/bind/db.127 /etc/bind/db.192.168.1
sudo nano /etc/bind/db.192.168.1
Example:
$TTL 604800
@ IN SOA ns1.example.com. admin.example.com. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
@ IN NS ns1.example.com.
10 IN PTR ns1.example.com.
20 IN PTR www.example.com.
6. Check Configuration & Restart BIND
Ubuntu:
sudo named-checkconf
sudo named-checkzone example.com /etc/bind/db.example.com
sudo systemctl restart bind9
sudo systemctl enable bind9
CentOS:
sudo named-checkconf
sudo named-checkzone example.com /var/named/db.example.com
sudo systemctl restart named
sudo systemctl enable named
7. Configure Firewall
Ubuntu:
sudo ufw allow 53
CentOS:
�sudo firewall-cmd --add-port=53/udp --permanent
sudo firewall-cmd --add-port=53/tcp --permanent
sudo firewall-cmd --reload
8. Testing the DNS Server
dig @192.168.1.10 example.com
nslookup www.example.com 192.168.1.10
9. Tips & Best Practices
- Keep BIND updated.
- Monitor logs: /var/log/syslog or /var/log/messages
- Use rndc for remote control.
- Regularly update zone serial numbers when editing zone files.
10. Optional: Enable Logging (Debugging)
In /etc/bind/named.conf.options, add:
logging {
channel default_log {
file "/var/log/named/bind.log";
severity dynamic;
};
category default { default_log; };
};
Create the log directory and restart BIND:
sudo mkdir -p /var/log/named
sudo chown bind:bind /var/log/named
sudo systemctl restart bind9
