This tutorial will cover how to set up an internal DNS server using the BIND name server software (BIND9) on Ubuntu 18.04 (install bind on Ubuntu) that your servers can use to resolve private hostnames and private IP addresses. Setting up your own domain name resolution infrastructure is a critical step in managing a modern network environment efficiently.
BIND (Berkeley Internet Name Domain) is a popular software for translating domain names into IP addresses and is usually found on Linux VPS & Dedicated Servers. If you are looking to build a reliable infrastructure, choosing the right underlying hardware is vital; you can explore options like a Linux Dedicated Server to host your private name servers securely. This article will explain the basic concepts of DNS BIND and analyze the associated files required to successfully set up your DNS BIND server.
You can enhance your understanding of different Linux distributions by reading our comparison between Ubuntu and Fedora. Check out our detailed guide on Ubuntu vs Fedora to see which one is best suited for your BIND setup.
๐ Understanding Core DNS Concepts Before Installation
Before diving into the configuration files, it is crucial to understand what a what is a DNS server actually does. In simple terms, a Domain Name System (DNS) acts as the phonebook of the internet. Instead of remembering complex numerical strings like 10.198.200.112, users can type a human-readable hostname like 1gbits.com.
When running internal infrastructure on a Linux VPS, an internal DNS server provides mapping for private network resources that should not be exposed to the public internet. This enhances security, speeds up internal request handling, and gives administrators complete authority over network zone files.
๐ Install BIND on Ubuntu 18.04
Before we install BIND, we will enter the following command to update the repository packages. This ensures that you fetch the latest stable security patches from the default repository listings.
sudo apt-get update
Now that the packages are updated, we can enter the following command to install BIND 9 from the official Ubuntu package repository. This command downloads the main server daemon along with standard deployment components.
sudo apt-get install bind9
Once the installation completes, you will see a success message as follows:
* Starting domain name service... bind9 [OK]
โ๏ธ BIND configurations
Now that we have successfully installed BIND on the server, the next step is to make the appropriate configurations. The following configurations are done to resolve your domain to the server. First, we will enter the named.conf.local file using the nano command:
nano /etc/bind/named.conf.local
Enter the following configurations into the file:
zone "1gbits.com" {
type master;
file "/etc/bind/zones/1gbits.com.db";
allow-transfer { 10.198.200.112; };
};
zone "3.2.1.in-addr.arpa" {
type master;
file "/etc/bind/zones/rev.3.2.1.in-addr.arpa";
allow-transfer { 10.198.200.112; };
};
However, note that in the above configuration text, you will need to make some changes that will be suitable for your server. Instead of 1gbits.com, you should add your domain name and corresponding TLD.
Another thing to note is to replace the IP address (10.198.200.112) with the IP address of your server. Once the necessary values have been updated, you can save and exit the nano text editor.
To do this Ctrl + x > y > Enter.
The configurations in the named.conf.local file has been completed. Now letโs move on to the next part, to make the database file. So first enter the bind directory using the cd command as follows:
cd /etc/bind
Create a new directory called โzonesโ inside it using this command:
mkdir zones
Enter the newly created directory and create the databases file. Be sure to change the domain.com with the name corresponding to you:
cd zones
nano 1gbits.com.db
Now in the opened text editor, add the following text:
; BIND data file for 1gbits.com
;
$TTL 14400
@ IN SOA ns1.1gbits.com. host.1gbits.com. (
201006601 ; Serial
7200 ; Refresh
120 ; Retry
2419200 ; Expire
604800) ; Default TTL
;
1gbits.com. IN NS ns1.1gbits.com.
1gbits.com. IN NS ns2.1gbits.com.
1gbits.com. IN MX 10 mail.1gbits.com.
1gbits.com. IN A 10.198.200.112
ns1 IN A 10.198.200.112
ns2 IN A 10.198.200.112
www IN CNAME 1gbits.com.
mail IN A 10.198.200.112
ftp IN CNAME 1gbits.com.
1gbits.com. IN TXT "v=spf1 ip4:10.198.200.112 a mx ~all"
mail IN TXT "v=spf1 a -all"
As you can see here, you should replace the domain name (1gbits.com) with your domain name and then for the IP addresses, be sure to change it to your server IP address. If you have two IPs, you can replace โns2 IN A xxx.xxx.xxx.xxxโ with your second IP address. Otherwise, simply use the same IP.
Once the necessary configurations have been updated, you can save and exit the nano text editor.
To do this Ctrl + x > y > Enter.
The next part of setting up BIND on Ubuntu 18.04 is to define the reverse DNS lookup. To do this, we will be editing another configuration file.
nano /etc/bind/zones/rev.3.2.1.in-addr.arpa
Once the file is opened, enter the following text. Donโt forget to replace โ1gbits.comโ with your own serverโs hostname.
@ IN SOA 1gbits.com. host.1gbits.com. (
2010081401;
28800;
604800;
604800;
86400 );
IN NS ns1.1gbits.com.
4 IN PTR 1gbits.com.
Once the necessary configurations have been updated, you can save and exit the nano text editor.
To do this Ctrl + x > y > Enter.
As the final configuration, we will add a single line to the following configuration file:
nano /etc/resolv.conf
Add the following at the beginning of the configuration file before any text. (Replace 1gbits.com with your domain name)
search 1gbits.com
Save and exit the nano text editor by pressing Ctrl + x > y > Enter.
Now all the configurations are done, and BIND is ready to use. However, for extra measures, it is recommended to restart the BIND 9 service using the following command:
sudo systemctl restart bind9
๐ Testing the DNS
Now we will try to test your server's DNS by adding a a tool known as โDNS Utilityโ. You can install this by entering the following command on your terminal:
apt-get install dnsutils
Once the installation is finished, enter the following:
dig 1gbits.com
If everything is set up correctly, you will see an output similar to the one below:
; <<>> DiG 9.11.3-1ubuntu1.15-Ubuntu <<>> 1gbits.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53995
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;1gbits.com. IN A
;; ANSWER SECTION:
1gbits.com. 158 IN A 104.21.91.235
1gbits.com. 158 IN A 172.67.181.233
;; Query time: 17 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Wed Jun 02 02:29:21 PDT 2021
;; MSG SIZE rcvd: 71
โ ๏ธ Common BIND Configuration Mistakes to Avoid
Setting up BIND manual files can be prone to human errors. Here are the most common issues system administrators face during setup:
- Missing Semicolons: BIND configuration files and zone files are extremely strict about syntax. Forgetting a semicolon at the end of a line inside
named.conf.localwill prevent the entire daemon from starting. - Forgetting to Increment the Serial Number: Whenever you modify a zone database file (e.g.,
1gbits.com.db), you must increment the serial number string (e.g., changing 201006601 to 201006602). If you do not, secondary DNS servers will ignore the changes. - Missing Dots at the End of FQDNs: In zone database files, Fully Qualified Domain Names (FQDN) must end with a trailing dot (e.g.,
ns1.1gbits.com.). Omitting this dot causes BIND to append the origin domain name to the record, resulting in an invalid mapping likens1.1gbits.com.1gbits.com.
๐ BIND vs dnsmasq: Comparison Table
If you are exploring alternative name servers for your local virtual environment, it helps to weigh your options. Below is a quick breakdown comparison between BIND and dnsmasq to see which aligns best with your architecture requirements:
| Feature | BIND (BIND9) | dnsmasq |
| Resource Usage | Moderate to High (Heavy enterprise features) | Very Lightweight (Ideal for routers/small containers) |
| Role Types | Authoritative, Recursive, Caching Name Server | Forwarder, Caching DNS, Integrated DHCP Server |
| Configuration Complexity | High (Requires strict syntax zone files) | Low (Simple single file options) |
| Advanced Security (DNSSEC) | Fully supported natively | Basic limited capabilities |
๐ก Conclusion
This tutorial sets up BIND 9 on your Ubuntu 18.04 server. If you're using a VPS with Ubuntu, the instructions will be directly applicable. Note that once you set up BIND, you should also pay close attention to the BIND9 configurations and set it up according to the abovementioned steps. If you encounter any problems along the way, be sure to let us know in the comments below.
For those who require remote desktop access, you might also need to configure an Ubuntu RDP server. Setting up RDP on Ubuntu involves additional steps that are not covered in this tutorial but are crucial for accessing your server remotely in a graphical environment.
People also read:
Leave A Comment