How to Install DNS Server on Ubuntu Server 24.10 with Bind9

Setting up a DNS server is a crucial step for any organization that wants to manage its own domain names and IP addresses. BIND, the Berkeley Internet Name Domain, is a powerful and widely-used DNS server software that gives you complete control over how your domain is resolved.

In this comprehensive guide, we'll walk you through the process of setting up a BIND DNS server on Ubuntu 24.10, step by step, ensuring a secure and robust system for your needs.

Understanding the Importance of DNS

The Domain Name System (DNS) is the backbone of the internet, translating human-readable domain names, like "google.com," into numerical IP addresses that computers understand. Every time you visit a website, your computer sends a request to a DNS server, which then provides the corresponding IP address.

The Benefits of BIND

BIND is the de facto standard for DNS server software. It's open-source, highly configurable, and offers a range of features, including:

• Authoritative DNS Service: BIND allows you to publish DNS records for your domain, acting as the source of truth for how your domain is resolved.

• Master-Slave Replication: You can create a master server that holds the primary DNS information and configure slave servers to replicate it, ensuring redundancy and high availability in case of server failures.

• Recursive DNS Resolution: When your DNS server receives a query for a domain it doesn't have a record for, it can query other DNS servers on the internet to find the answer.

Setting the Stage for Your BIND DNS Server

To get started, you'll need a few essentials:

• A Ubuntu 24.10 System: A fresh install of Ubuntu 24.10 is the ideal foundation for your BIND server.

• Sudo or Root Privileges: You'll need administrative privileges to modify the system files necessary for DNS configuration.

• Internet Connection: A stable internet connection is required for your server to communicate with other DNS servers during the setup process and when resolving queries.

Laying the Foundation: Installing BIND

1. Updating System Packages: Begin by ensuring your system's package repositories are up-to-date:

         sudo apt update
       

   
   

2. Installing the BIND Packages: The BIND package is readily available in Ubuntu's default repositories:

         sudo apt install -y bind9 bind9utils bind9-doc dnsutils
       

   
   

   This command installs the core BIND server software, along with helpful utilities like bind9utils for managing zones, bind9-doc for documentation, and dnsutils for general DNS tools.

3. Starting and Enabling the BIND Service: Once BIND is installed, start the service:

         sudo systemctl start named
       

   
   

   Then enable it to automatically start on system boot:

         sudo systemctl enable named
       

   
   

4. Checking the BIND Service Status: Verify that BIND is running correctly:

         sudo systemctl status named
       

   
   

Configuring BIND for Your Domain

1. Understanding the Configuration Files: The heart of your BIND server configuration lies in the /etc/bind directory. The main configuration files are:

   • /etc/bind/named.conf.options: This file sets global options for BIND, such as allowed queries, recursive resolution settings, and the port BIND listens on.

   • /etc/bind/named.conf.local: This file defines the specific zones your DNS server will manage.

2. Fine-Tuning the named.conf.options File: Open the named.conf.options file for editing:

         sudo vi /etc/bind/named.conf.options
       

   
   

   Make the following adjustments:

   • Restricting Queries: Define an access control list (ACL) to limit queries to your server:

           acl internal-network {
         192.168.1.0/24;  
     };
         

     
     

   • Allowing Queries: Specify which clients are allowed to query your server:

           options {
         directory "/var/cache/bind";
         allow-query { localhost; internal-network; };
         allow-transfer { localhost; };  
         forwarders { 8.8.8.8; };
         recursion yes;
         listen-on-v6 { any; };
         dnssec-validation auto;
         listen-on-v6 { any; };
     };
         

     
     

     • Allowing Transfers: Specify who is allowed to transfer the DNS zone information from your server. In a typical setup, only the server itself (localhost) is allowed to transfer zones.

     • Forwarders: Set the IP addresses of DNS servers to use if your server cannot resolve a query.

     • Recursive Queries: Enable recursive DNS resolution so your server can handle queries that it doesn't have records for.

     • Listen Ports: Define the port for receiving DNS queries (53 is the default).

3. Defining Zones in named.conf.local: Open the named.conf.local file:

         sudo vi /etc/bind/named.conf.local
       

   
   

   Add the following entries for your domain (replace emka.web.id with your actual domain):

         zone "emka.web.id" IN {
       type master;
       file "/etc/bind/forward.emka.web.id";
       allow-update { none; };
   };
   
   zone "1.168.192.in-addr.arpa" IN {
       type master;
       file "/etc/bind/reverse.emka.web.id";
       allow-update { none; };
   };
       

   
   

   • Forward Zone: This defines your main forward zone, responsible for mapping domain names to IP addresses.

   • Reverse Zone: This defines your reverse zone, which maps IP addresses back to domain names, necessary for reverse DNS lookups.

   • Zone Files: The paths /etc/bind/forward.emka.web.id and /etc/bind/reverse.emka.web.id are the location of the zone files where you'll specify your DNS records.

4. Checking for Syntax Errors: Always verify that your BIND configuration files are free of syntax errors:

         sudo named-checkconf
       

   
   

Creating Your Zone Files: The Heart of DNS

1. Navigating to the Zone Directory: Navigate to the directory where your zone files will reside:

         cd /etc/bind/
       

   
   

2. Copying Base Zone Files: Create copies of the base zone files:

   sudo cp db.local forward.emka.web.id
   sudo cp db.127 reverse.emka.web.id
       

   
   

3. Configuring the Forward Zone (forward.emka.web.id): Open the forward zone file for editing:

         sudo vi forward.emka.web.id
       

   
   

   Enter the following content (adjust as needed):

         $TTL    604800
   @       IN      SOA     emka.web.id. root.emka.web.id. (
                                2         ; Serial
                           604800         ; Refresh
                            86400         ; Retry
                          2419200         ; Expire
                           604800 )       ; Negative Cache TTL
   
   ;Your Bind DNS Server Info
   @       IN      NS      ns.emka.web.id.
   ns      IN      A       192.168.1.7
   ; Web Server & Mail Exchange Records
   www    IN      A       192.168.1.70
   emka.web.id.  IN   MX  10  mail.emka.web.id.
   mail    IN      A        192.168.1.80
   ;SFTP Server Record
   sftp   IN       A       192.168.1.90
       

   
   

   • Time to Live (TTL): Defines how long a DNS resolver should cache the DNS record.

   • Start of Authority (SOA): Specifies information about your DNS server, including the serial number, refresh time, retry time, expire time, and negative cache time-to-live.

   • Name Servers (NS): Defines the name servers responsible for your domain.

   • A Records: Maps domain names to IPv4 addresses.

   • MX Records: Specifies the mail exchangers for your domain.

4. Configuring the Reverse Zone (reverse.emka.web.id): Open the reverse zone file:

         sudo vi /etc/bind/reverse.emka.web.id
       

   
   

   Enter the following content:

         $TTL    604800
   @       IN      SOA     emka.web.id. root.emka.web.id. (
                                1         ; Serial
                           604800         ; Refresh
                            86400         ; Retry
                          2419200         ; Expire
                           604800 )       ; Negative Cache TTL
   
   ;Your Bind DNS Server Info
   @       IN      NS      ns.emka.web.id.
   ns      IN      A       192.168.1.7
   ;Your Reverse Lookup Record for DNS
   7       IN      PTR     ns.emka.web.id.
   ;Reverse Lookup Records for Servers
   70      IN     PTR      www.emka.web.id.
   80      IN     PTR      mail.emka.web.id.
   90      IN     PTR      sftp.emka.web.id.
       

   
   

   • PTR Records: Maps IP addresses back to domain names.

5. Restarting the BIND Service: Apply the changes to your configuration by restarting BIND:

         sudo systemctl restart named
       

   
   

6. Checking Zone Files for Syntax Errors: Verify that the zone files are syntactically correct:

   sudo named-checkzone emka.web.id forward.emka.web.id
   sudo named-checkzone emka.web.id reverse.emka.web.id
       

   
   

Firewall Configuration (Optional)

If you have a firewall running on your BIND server, ensure that port 53 (the default DNS port) is open:

      sudo ufw allow 53
    

Testing Your BIND DNS Server

1. Configuring a Client: On another Linux system, you'll need to configure it to use your BIND server as its DNS resolver. Edit the /etc/resolv.conf file:

         sudo vi /etc/resolv.conf
       

   
   

   Add the following lines:

   search emka.web.id
   nameserver 192.168.1.7
       

   
   

2. Testing with dig or nslookup: From the client system, use dig or nslookup to query your DNS server. For example:

   dig ns.emka.web.id
   dig -x 192.168.1.7
   nslookup www.emka.web.id
   nslookup mail.emka.web.id
   nslookup sftp.emka.web.id
       

   
   

Conclusion

Congratulations! You've successfully set up a BIND DNS server on Ubuntu 24.10. This is a powerful foundation for managing your domain and controlling how it is resolved on the internet.

Remember to monitor your DNS server regularly, update BIND to the latest version when security patches are available, and always test your DNS configurations after making changes.