Tutorial BIND9
BIND is a suite of DNS software. Its most prominent component, named (pronounced name-dee, short for name daemon), performs both of the main DNS server roles, acting as an authoritative name server for DNS zones and as a recursive resolver in the network. Also contained in the suite are various administration tools such as nsupdate and dig, and a DNS resolver interface library.
Features
Important features of BIND 9 include:
- TSIG
- nsupdate
- IPv6
- RNDC (remote name daemon control)
- views
- multiprocessor support
- Response Rate Limiting (RRL)
- DNSSEC, and
- Broad portability
RNDC enables remote configuration updates, using a shared secret to provide encryption for local and remote terminals during each session.
Installation
The package bind9 will be used for installation.
sudo apt install bind9
and then if you want to also install the documentation (very useful):
sudo apt install bind9-doc
Step-by-step Tutorial
- Login to your server
- Install package Unbound
sudo apt install -y bind9
Testing
Checking configuration:
sudo unbound-checkconf
If the output is not like this, there is some error:
unbound-checkconf: no errors in /etc/unbound/unbound.conf
Run a few queries, eg.:
dig @127.0.0.1 yahoo.com
Go through the output:
labuser@labmachine:~$ dig @localhost yahoo.com ; <<>> DiG 9.18.24-1-Debian <<>> @localhost yahoo.com ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26347 ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;yahoo.com. IN A ;; ANSWER SECTION: yahoo.com. 1428 IN A 74.6.143.25 yahoo.com. 1428 IN A 74.6.231.21 yahoo.com. 1428 IN A 98.137.11.164 yahoo.com. 1428 IN A 98.137.11.163 yahoo.com. 1428 IN A 74.6.143.26 yahoo.com. 1428 IN A 74.6.231.20 ;; Query time: 0 msec ;; SERVER: ::1#53(localhost) (UDP) ;; WHEN: Thu Jul 25 11:01:56 UTC 2024 ;; MSG SIZE rcvd: 134
Additional Config
By default, it only allows query from localhost. To enable query from your networks, setup appropiately in /etc/unbound/unbound.conf.d/local.conf file:
$ cat local.conf
server:
# specify the interface to answer queries from by ip-address.
interface: 0.0.0.0
# interface: ::0
# addresses from the IP range that are allowed to connect to the resolver
access-control: 10.0.0.0/8 allow
# access-control: 192.168.0.0/16 allow
# access-control: 2001:DB8/64 allow
Testing
Test from other computers on the network. Observe the responses.
You may have to set correct permissions to be able to make recursive queries from other hosts on the LAN.
options {
directory "/var/cache/bind";
recursion yes; # enables recursive queries
allow-recursion { 10.0.0.0/8 ; }; # allows recursive queries from LAN clients
listen-on { 10.9.0.19; }; # listen on specified IP only
allow-transfer { none; }; # disable zone transfers by default
forwarders {
1.1.1.1;
8.8.8.8;
};
. . .
};
Adding a new Zone
Use the following example to add a new zone. In this example we create a new file lab1.com.np.zone with the following content:
Do not forget to replace 'lab1.com.np` with your correct domain.
$ORIGIN lab1.com.np.
$TTL 86400
@ IN SOA dns1.lab1.com.np. hostmaster.lab1.com.np. (
2001062501 ; serial
21600 ; refresh after 6 hours
3600 ; retry after 1 hour
604800 ; expire after 1 week
86400 ) ; minimum TTL of 1 day
IN NS dns1.lab1.com.np.
IN NS dns2.lab1.com.np.
IN MX 10 mail.lab1.com.np.
IN MX 20 mail2.lab1.com.np.
dns1 IN A 10.0.1.1
dns2 IN A 10.0.1.2
server1 IN A 10.0.1.5
server2 IN A 10.0.1.6
ftp IN A 10.0.1.3
IN A 10.0.1.4
mail IN CNAME server1
mail2 IN CNAME server2
www IN CNAME server1
