Installing and Configuring DNS Server BIND9

BIND (Berkeley Internet Name Domain) — open and the most common implementation of the DNS server, which ensures that the DNS name is converted to an IP address and vice versa.

Installing in Linux Ubuntu:

sudo apt-get install bind9

Stop / Start / Restart Bind9:

sudo /etc/init.d/bind9 stop/start/restart

To use the local DNS, you need to register in /etc/resolv.conf:

nameserver 127.0.0.1

We edit the configuration files in the /etc/bind/ directory for your needs.

Open the configuration file named.conf.options for example in the text editor nano:

sudo nano /etc/bind/named.conf.options

First, add ACLs with networks that will be allowed to query the DNS server:

acl localclients {
localhost;
localnets;
10.0.0.0/8;
172.16.0.0/12;
192.168.0.0/16;
};

In options, we specify this ACL by resolving queries:

allow-recursion { localclients; };
allow-query { localclients;};
allow-query-cache { localclients; };

You can specify the IP addresses on which bind9 will work:

listen-on {
      127.0.0.1;
      192.168.1.1;
    };

Or at all:

listen-on { any; };

Alternatively, you can specify the addresses to which recursion is allowed, so that DNS does not serve the requests of all clients, but only those specified (all other unregistered addresses will be able to receive only the information specified in this DNS):

allow-recursion { 127.0.0.1; 10.0.0.0/8; 192.168.0.0/16; 172.16.0.0/16; };

Specify how much RAM is allowed to be used for the cache (default 90%):

max-cache-size 50%;

The correctness of the settings can be checked by the following command (if it did not say anything, it means everything is in order):

named-checkconf

Apply the changes:

sudo rndc reload

or so:

sudo /etc/init.d/bind9 restart

Verification:

rndc status
netstat -lnp | grep :53
sudo ps -ax | grep bind

From Windows, you can check with the command (where 192.168.1.1 is the address of bind9):

nslookup example.com 192.168.1.1

You can clear the cache of the DNS server with:

sudo rndc flush

Save the cache to a file (/var/cache/bind/):

sudo rndc dumpdb

I recommend checking the installed DNS server here dnsflagday.net

See also my articles:

Leave a comment

Leave a Reply

Discover more from IT Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading