Tutorial BIND9
From NREN
BIND is a suite of DNS software. Its most prominent component, named (pronounced name-dee, short for name daemon), performs both of the main DNS server roles, acting as an authoritative name server for DNS zones and as a recursive resolver in the network. Also contained in the suite are various administration tools such as nsupdate and dig, and a DNS resolver interface library.
Features
- Caching resolver
TL;DR
sudo apt install -y bind9
Step-by-step Tutorial
- Login to your server
- Install package Unbound
sudo apt install -y bind9
Testing
Checking configuration:
sudo unbound-checkconf
If the output is not like this, there is some error:
unbound-checkconf: no errors in /etc/unbound/unbound.conf
Run a few queries, eg.:
dig @127.0.0.1 yahoo.com
Go through the output:
labuser@labmachine:~$ dig @localhost yahoo.com ; <<>> DiG 9.18.24-1-Debian <<>> @localhost yahoo.com ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26347 ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;yahoo.com. IN A ;; ANSWER SECTION: yahoo.com. 1428 IN A 74.6.143.25 yahoo.com. 1428 IN A 74.6.231.21 yahoo.com. 1428 IN A 98.137.11.164 yahoo.com. 1428 IN A 98.137.11.163 yahoo.com. 1428 IN A 74.6.143.26 yahoo.com. 1428 IN A 74.6.231.20 ;; Query time: 0 msec ;; SERVER: ::1#53(localhost) (UDP) ;; WHEN: Thu Jul 25 11:01:56 UTC 2024 ;; MSG SIZE rcvd: 134
Additional Config
By default, it only allows query from localhost. To enable query from your networks, setup appropiately in /etc/unbound/unbound.conf.d/local.conf file:
$ cat local.conf
server:
# specify the interface to answer queries from by ip-address.
interface: 0.0.0.0
# interface: ::0
# addresses from the IP range that are allowed to connect to the resolver
access-control: 10.0.0.0/8 allow
# access-control: 192.168.0.0/16 allow
# access-control: 2001:DB8/64 allow
