Evgeniy Teneta

Евгений Тенета

Info Base 

How to create NS servers Ubuntu 20.04

admin 0 Comments ,

Install BIND9

The first thing you need to do is to update the package list and to install BIND9.

sudo apt update
sudo apt install bind9

After the installation process is complete, you can check if BIND9 is working.

nslookup google.com 127.0.0.1
The answer will be something like this:

Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: google.com
Address: 64.233.164.138
...

BIND9 configuration

The DNS server works right after installation. You need to configure it according to your usage purposes. First, allow BIND9 to work through the firewall.

sudo ufw allow Bind9

The main configuration file is named.conf.options, let’s open it.

sudo nano /etc/bind/named.conf.options

Some of the available options are listed below. Add the necessary to the “options” directive.

The “listen-on” directive allows you to specify the networks that the DNS server will serve. Don’t write this or write “any;” to work for all addresses.

listen-on {
10.10.10.0/24;
10.1.0.0/16;
...
};

BIND9 only allows local queries by default. Add the necessary IP addresses to the “allow-query” directive or “any;” to allow all requests.

allow-query { any; };

Forwarders contain the IP addresses of DNS servers to which the request is redirected if our server does not contain the required data.

forwarders {
8.8.8.8;
8.8.4.4;
};

Save and close the file. Check the configuration:

sudo named-checkconf

If no errors appear, then everything is in order. Restart the service for the changes to take effect.

sudo systemctl restart bind9

BIND9 test

To check if the DNS server is working properly, enter the following command on any other remote computer. Replace dns-server-ip-address with the IP address of the DNS server.

nslookup ubuntu.com dns-server-ip-address
Output:

Server: dns-server-ip-address
Address: dns-server-ip-address#53
Non-authoritative answer:
Name: ubuntu.com
Address: 91.189.88.181
...

Now you have a working caching name server BIND9.

DNS zone creating

In this tutorial, we will use “domain-name.com” as an example. Symply change it to your domain name. Also, you need to use your real IP addresses instead of 10.1.1.xxx in the example.

Let’s add zone information to the configuration.

sudo nano /etc/bind/named.conf.local

Add these lines to it.

zone "domain-name.com" {
        type master;
        file "/etc/bind/db.domain-name.com";
        allow-transfer { 10.1.1.10; };
        also-notify { 10.1.1.10; };
};
  • type may be master, slave, forward, hint;
  • file – indicates the path to the new zone file;
  • allow-transfer – list of DNS servers that are allowed to transfer the zone;
  • also-notify – the primary DNS server will notify these servers of zone changes.

Restart the service.

systemctl reload bind9

Zone file configuration

Create a zone file from the template and open it.

sudo cp /etc/bind/db.local /etc/bind/db.domain-name.com
sudo nano /etc/bind/db.domain-name.com

Replace localhost in the SOA record with the FQDN of your server with the “.” character at the end. In the example, this is “ns.domain-name.com.”. Replace “root.localhost” with your valid admin email address with “.” instead of “@” in it and “.” at the end.
Serial – serial number of the change. You have to manually increment it every time you change the zone file. The secondary server monitors changes in the zone using this parameter.

;
;
;
$TTL    604800
@       IN      SOA     ns.domain-name.com. admin.domain-name.com. (
                              2        ; Serial
                         604800        ; Refresh
                          86400        ; Retry
                        2419200        ; Expire
                         604800 )      ; Negative Cache TTL
;
@       IN      NS      ns.domain-name.com.
@       IN      A       10.1.1.1
ns      IN      A       10.1.1.9
ns2     IN      A       10.1.1.10
mx      IN      A       10.1.1.15

The bottom of the file contains DNS records. The format of the record: hostname<tab>class<tab>DNS record type<tab>value. Where:

  • hostname – most often this value is a third-level domain name, and “domain-name.com” is filled in automatically. @ or none means an entry for the zone name (in this case, domain-name.com). You can also specify the FQDN with a dot at the end (for example, ns.domain-name.com.);
  • class is IN (Internet), indicates the type of network;
  • The most common types of DNS records: A, NS, MX, CNAME, TXT. “A” contains the IP address of the domain name, “NS” is the IP address of the zone’s DNS server, “MX” – the mail server, “CNAME” – alias referring to the value of the specified record, “TXT” – custom entry;
  • value – IP address, host name, text information.

Restart the rndc.

sudo rndc reload

You can check the DNS server. Enter this command from any remote computer.

nslookup domain-name.com 10.1.1.9

Replace domain-name.com with your FQDN and 10.1.1.9 with the address of the newly configured name server. Your domain’s DNS A-record will be used as the response. In the given example, this is 10.1.1.1.

Initial settings

  • Primary DNS server IP – 10.1.1.9
  • Secondary DNS server IP – 10.1.1.10
  • Example domain name – domain-name.com

Additional settings for the primary DNS server BIND9

If you configured the primary DNS server according to our instructions, you can skip this step.

We must allow the primary DNS server to transmit DNS zone data to the secondary server. Open the BIND9 configuration file.

sudo nano /etc/bind/db.domain-name.com

Add the following 2 parameters to the zone settings: allow-transfer and also-notify, substituting the IP address of the secondary server in them. The result will be something like this.

zone "domain-name.com" {
type master;
file "/etc/bind/db.domain-name.com";
allow-transfer { 10.1.1.10; };
also-notify { 10.1.1.10; };
};

Save this file and reload BIND9.

sudo systemctl reload bind9

Configuring BIND9 as a secondary DNS Server

Open the BIND9 configuration file.

sudo nano /etc/bind/named.conf.local

Add the following directive to it.

zone "domain-name.com" {
type slave;
file "db.domain-name.com";
masters { 10.1.1.9; };
};

The masters parameter must contain the IP address of the primary DNS server. Save the file and reload BIND9.

sudo systemctl reload bind9

To check if the secondary DNS server is working correctly, use the command on any remote computer:

nslookup domain-name.com 10.1.1.10

Use your FQDN instead of domain-name.com and the IP address of your secondary DNS server instead of 10.1.1.10.

Output

Server: 10.1.1.10
Address: 10.1.1.10#53
Name: domain-name.com
Address: 10.1.1.10

Leave a Reply

Your email address will not be published. Required fields are marked *