How to Setup DNS Server with BIND on Ubuntu 22.04

BIND or Berkeley Internet Name Domain is free and open-source DNS Server software. It's one of the most popular DNS server software used by more than 70% of DNS on the Internet. BIND has been around since the 1980s, it's well-known for its flexibility, performance, and features. BIND can be used as both authoritative DNS and caching DNS, supports load balancing, dynamic update, split DNS, DNSSEC, IPv6, and many more.

The BIND DNS software is one of the most reliable DNS servers for Unix-like operating systems. It's available on most Linux distributions and provides additional tools for diagnostics and testing of the DNS server.

This guide will teach you how to install DNS Server with BIND on Ubuntu 22.04 server. This tutorial will show you how to set up Master-Slave BIND DNS server installation using two Ubuntu servers.

Prerequisites

Before you begin with this guide, you should have the following requirements:

  • Two Ubuntu 22.04 Servers.
  • A non-root user with root/administrator privileges.

Setting Up FQDN (Fully Qualified Domain Name)

Before start installing BIND packages, you must ensure the hostname and FQDN of your servers are correct. In this demonstration, we will two Ubuntu servers with the following details:

Hostname    IP Address      FQDN                Used As
---------------------------------------------------------
ns1         192.168.5.21    ns1.hwdomain.io     BIND Master
ns2         192.168.5.22    ns2.hwdomain.io     BIND Slave

Now log in to each server and run the following command to set up the FQDN (Fully Qualified Domain Name).

Setup FQDN on the "ns1" server.

sudo hostnamectl set-hostname ns1.hwdomain.io

Setup FQDN on the "ns2" server.

sudo hostnamectl set-hostname ns2.hwdomain.io

Next, edit the file "/etc/hosts" using the following command.

sudo nano /etc/hosts

Add the following configuration to each server.

192.168.5.21 ns1.hwdomain.io ns1
192.168.5.22 ns2.hwdomain.io ns2

Save and close the file when you are done.

Lastly, check and verify the FQDN on each server using the following command. On the "ns1" server you will get the FQDN as "ns1.hwdomain.io", and on the "ns2" server you will get the output "ns2.hwdomain.io".

sudo hostname -f

Installing BIND Packages

Bind packages are available by default on the Ubuntu server repository. Now you can easily install Bind using the apt command on both "ns1" and "ns2" servers.

Run the apt command below to update and refresh Ubuntu repositories.

sudo apt update

After that, install Bind packages using the following command. input Y to confirm the installation and press ENTER to continue. And the installation will begin.

sudo apt install bind9 bind9utils bind9-doc dnsutils

install bind

After Bind installation is finished, edit the configuration "/etc/default/named" using the following command.

sudo nano /etc/default/named

The line "OPTIONS=" allows you to set up specific options when the BIND service is running. In this demo, you will be running Bind only with IPv4, so you will need to make the "OPTIONS" line as below.

OPTIONS="-u bind -4"

Save and close the file when you are done.

Now run the below command to restart the Bind service "named". Then, check and verify the status of the BIND service. You should see the Bind service "named" is running on both servers.

sudo systemctl restart named
sudo systemctl status named

setup bind

Setting Up BIND Master

After installing BIND packages on both "ns1" and "ns2" servers, you will be setting up the BIND DNS server. you will be setting up the "ns1" server as the Master of the BIND DNS server. You can run BIND on a single server, but it's recommended to use multiple servers to set up the High-Availability DNS Server.

Back to the terminal session of the "ns1" server.

Run the command below to edit the configuration file "/etc/bind/named.conf.options".

sudo nano /etc/bind/named.conf.options

Add the following configuration to the file at the top of the line, before the "options {....};" line.

With this configuration, you will be creating an ACL (Access Control List) with the name "trusted", which includes all trusted IP addresses and networks in your environment. Also, be sure to add the local server IP address "ns1" and the IP address of the "ns2" secondary DNS server.

acl "trusted" {
        192.168.5.21;    # ns1 - or you can use localhost for ns1
        192.168.5.22;    # ns2
        192.168.5.0/24;  # trusted networks
};

Now make changes to the "options {..};" section as below.

In the following example, we're disabling the support for IPv6 by commenting the option "listen-on-v6", enabling and allowing recursion from the "trusted" ACL, and running the BIND service on specific "ns1" IP address "192.168.5.21". Also, we are disabling the default zone transfer and defining the specific forwarders for the BIND DNS server to Google Public DNS "8.8.8.8" and "8.8.4.4".

options {

        directory "/var/cache/bind";

        //listen-on-v6 { any; };        # disable bind on IPv6

        recursion yes;                 # enables resursive queries
        allow-recursion { trusted; };  # allows recursive queries from "trusted" - referred to ACL
        listen-on { 192.168.5.21; };   # ns1 IP address
        allow-transfer { none; };      # disable zone transfers by default

        forwarders {
                8.8.8.8;
                1.1.1.1;
        };
};

Save and close the file when you are done.

Lastly, run the following command to check and verify the config file "/etc/bind/named.conf.options". If there is no output message, then your configuration is correct.

sudo named-checkconf /etc/bind/named.conf.options

Setting Up Zones

After setting up the basic configuration of BIND master, now you will be setting up zones for your domain name. In the following example, we will use the domain name "hwdomain.io" with the name server "ns1.hwdomain.io" and "ns2.hwdomain.io".

Edit the configuration file "/etc/bind/named.local" using the following command.

sudo nano /etc/bind/named.conf.local

In this configuration, you will be defining two zone files, forward and reverse zone for your domain name. The Forward zone will contain the configuration of where your domain names will be resolved to the IP address, while the reverse zone will translate the IP address to which domain name.

In the following example, we will define the forward zone "/etc/bind/zones/db.hwdomain.io" for domain "hwdomain.io" and the reverse zone "/etc/bind/zones/db.192.168.5".

zone "hwdomain.io" {
    type master;
    file "/etc/bind/zones/db.hwdomain.io"; # zone file path
    allow-transfer { 192.168.5.22; };           # ns2 IP address - secondary DNS
};


zone "5.168.192.in-addr.arpa" {
    type master;
    file "/etc/bind/zones/db.192.168.5";  # subnet 192.168.5.0/24
    allow-transfer { 192.168.5.22; };  # ns2 private IP address - secondary DNS
};

Save and close the file when you are done.

Next, run the following command to create a new directory "/etc/bind/zones" that will be used to store zone config files.

sudo mkdir -p /etc/bind/zones/

After that, copy the default forward zone configuration "/etc/bind/zones/db.hwdomain.io" and edit the file using the following command.

sudo cp /etc/bind/db.local /etc/bind/zones/db.hwdomain.io
sudo nano /etc/bind/zones/db.hwdomain.io

Change the default SOA record with your domain name. Also, you will need to change the "Serial" number inside the SOA records every time you make changes to the file, and this must be the same "Serial" number with the secondary/slave DNS server.

Then, you can define NS records and A records for your DNS server. In this example, the name server will be "ns1.hwdomain.io" with the A record IP address "192.168.5.21" and "ns2.hwdomain.io" with the A record of the secondary DNS server IP address "192.168.5.22".

Lastly, you can define other domain names. In this example, we will define an MX record (mail handler) for the domain "hwdomain.io" which will be handled by the mail server "mail.hwdomain.io. Also, we will define the domain name "hwdomain.io" that will be resolved to the server with IP address "192.168.5.100" and the sub-domain for the mail server "mail.hwdomain.io" to the server IP address "192.168.5.120".

;
; BIND data file for the local loopback interface
;
$TTL    604800
@       IN      SOA     ns1.hwdomain.io. admin.hwdomain.io. (
                              3         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;

; NS records for name servers
    IN      NS      ns1.hwdomain.io.
    IN      NS      ns2.hwdomain.io.

; A records for name servers
ns1.hwdomain.io.          IN      A       192.168.5.21
ns2.hwdomain.io.          IN      A       192.168.5.22

; Mail handler or MX record for the domain hwdomain.io
hwdomain.io.    IN     MX   10   mail.hwdomain.io.

; A records for domain names
hwdomain.io.            IN      A      192.168.5.100
mail.hwdomain.io.       IN      A      192.168.5.120

Save and close the file when you are done.

setup forward zone

Next, copy the default reverse zone config file to "/etc/bind/zones/db.192.168.5" and edit the new file using the following command.

sudo cp /etc/bind/db.127 /etc/bind/zones/db.192.168.5
sudo nano /etc/bind/zones/db.192.168.5

Change the default SOA record using your domain name. Also, do not forget to change the "Serial" number inside the SOA record.

Define NS records for your DNS servers. These are the same name servers that you used in the forward zone.

Lastly, define the PTR records for your domain names. The number on the PTR records is the last number of the IP address. In this example, the name server "ns1.hwdomain.io" is resolved to the IP address "192.168.5.21", so now the PTR record will be "21" and so on for other domain names.

;
; BIND reverse data file for the local loopback interface
;
$TTL    604800
@       IN      SOA     ns1.hwdomain.io. admin.hwdomain.io. (
                              3         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;

; name servers - NS records
      IN      NS      ns1.hwdomain.io.
      IN      NS      ns2.hwdomain.io.

; PTR Records
21   IN      PTR     ns1.hwdomain.io.    ; 192.168.5.21
22   IN      PTR     ns2.hwdomain.io.    ; 192.168.5.22
100  IN      PTR     hwdomain.io.  ; 192.168.5.100
120  IN      PTR     mail.hwdomain.io.  ; 192.168.5.120

Save and close the file when you are done.

setup reverse zone

Now run the following command to check BIND configurations and be sure don't get any error message.

sudo named-checkconf

Then, run the following command to check and verify each zone files that you just created, the forward zone and reverse zone configuration file. If your zone files have no error, you should see the output message such as "OK". If there is no error, the command will show you which line of the file caused an error.

sudo named-checkzone hwdomain.io /etc/bind/zones/db.hwdomain.io
sudo named-checkzone 5.168.192.in-addr.arpa /etc/bind/zones/db.192.168.5

check zone files

To finish up the BIND Master configuration, run the below command to restart the BIND service and apply new changes to the configurations that you have made.

sudo systemctl restart named

Setting Up BIND Slave

Now you have finished the configuration of the Master BIND DNS Server. It's time to set up the "ns2" server as the secondary or salve of the BIND DNS server.

The Master server stores zone files that contain the DNS configuration of your domain and handle recursive or iterative queries. The secondary/slave DNS server stores DNS records for a period of time temporarily, and these DNS records are automatically transferred from the Master BIND server.

Now move to the "ns2" terminal session and start configuring the "ns2" server as a Secondary/Slave of the BIND DNS server.

Run the following command to edit the configuration file "/etc/bind/named.conf.options"

sudo nano /etc/bind/named.conf.options

On top of the line, add the following configuration. This will create the same ACL (Access Control List) as on the Master server.

acl "trusted" {
        192.168.5.21;    # ns1
        192.168.5.22;    # ns2 - or you can use localhost for ns2
        192.168.5.0/24;  # trusted networks
};

Inside the "options {...};" line, you can change the configuration as below. This configuration is still the same as on the Master BIND DNS server, and the only difference here is the "listen-on" option which is specified to the "ns2" server IP address.

options {

        directory "/var/cache/bind";

        //listen-on-v6 { any; };        # disable bind on IPv6

        recursion yes;                 # enables resursive queries
        allow-recursion { trusted; };  # allows recursive queries from "trusted" - referred to ACL
        listen-on { 192.168.5.22; };   # ns2 IP address
        allow-transfer { none; };      # disable zone transfers by default

        forwarders {
                8.8.8.8;
                1.1.1.1;
        };
};

Save and close the file when you are done.

Next, edit the config file "/etc/bind/named.conf.local" using the following command to set up the "ns2" server as the secondary/slave DNS Server.

sudo nano /etc/bind/named.conf.local

Add the following configuration to the file. As you can see we're defining the forward and reverse zones, but with the "type slave" and define the DNS Master server "192.168.5.21". You do not need to create the zone file because DNS records and data will be automatically transferred from the DNS Master server and will be stored temporarily for a period of time on the secondary/slave DNS server.

zone "hwdomain.io" {
    type slave;
    file "/etc/bind/zones/db.hwdomain.io";
    masters { 192.168.5.21; };           # ns1 IP address - master DNS
};


zone "5.168.192.in-addr.arpa" {
    type slave;
    file "/etc/bind/zones/db.192.168.5";
    masters { 192.168.5.21; };  # ns1 IP address - master DNS
};

Save and close the file when you are done.

Now run the following command to check and verify the BIND configuration and be sure all configurations are correct. Then, you can restart the BIND service "named" on the "ns2" server to apply new changes. And you have now finished the configuration on the "ns2" server as a secondary/slave of the BIND DNS Server.

sudo named-checkconf
sudo systemctl restart named

setup secondary dns

Lastly, run the following command to check and verify the BIND service "named" on the "ns2" server. And be sure the "named" service is running.

sudo systemctl status named

check named status secondary dns

Verifying DNS Server from Client Machine

On the client machine, there are multiple ways to set up the DNS resolver. You can set up the DNS resolver from the NetworkManager or from the netplan configuration. But, the easiest way is to set up the DNS resolver manually through the file "/etc/resolv.conf". This allows you to set up a static DNS resolver for client machines.

Run the following command to remove the default link file "/etc/resolv.conf" and create a new file using nano editor.

sudo unlink /etc/resolv.conf
sudo nano /etc/resolv.conf

Add the following configuration to the file. In the following configuration we are defining three different resolvers, the BIND DNS Master, the Secondary BIND DNS server, and the public Google DNS resolver. When the client machine requests information about the domain name, the information will be taken from the DNS resolver, from the top to the bottom.

nameserver 192.168.5.21
nameserver 192.168.5.22
nameserver 8.8.8.8
search hwdomain.io

Save and close the file when you are done.

Next, run the command below to install some DNS utility to your client machine. In this example, the client machine is an Ubuntu system, so we are installing DNS utility using the apt command as below.

sudo apt install dnsutils bind9-utils

After you have installed the DNS utility on your system, you can start checking all DNS records from the client machine.

Run the dig command below to check the domain name "hwdomain.io" and "mail.hwdomain.io". And you should see the "hwdomain.io" is resolved to the server IP address "192.168.5.100", while the sub-domain "mail.hwdomain.io" is handled by the server IP address "192.168.5.120".

dig hwdomain.io +short
dig hwdomain.io

check dns records dig

dig mail.hwdomain.io +short
dig mail.hwdomain.io

check dns record using dig

Next, run the dig command as below to check the mail handler for the domain name "hwdomain.io". And you should get the output that the "mail.hwdomain.io" is handled mail for the main domain "hwdomain.io".

dig hwdomain.io MX +short
dig hwdomain.io MX

check mx records

Now you can also verify the reverse zone configuration for your domain name using the nslookup command.

Run the nslookup command below to check and verify the reverse DNS for some IP addresses.

Now you should see that the IP address "192.168.5.21" is reversed to the name server "ns1.hwdomain.io", the IP address "192.168.5.22" is reversed to the name server "ns2.hwdomain.io", and the IP address "192.168.5.100" is reversed to the main domain name "hwdomain.io", and lastly the IP address "192.168.5.120" is reversed to the sub-domain "mail.hwdomain.io.

nslookup 192.168.5.21
nslookup 192.168.5.22
nslookup 192.168.5.100
nslookup 192.168.5.120

check reverse dns

Conclusion

Congratulation! throughout this tutorial you have learned the installation and configuration BIND DNS Server on Ubuntu 22.04 servers. You have successfully configured the Master-Slave BIND DNS Server using two different Ubuntu servers. Also, you have learned the basic command of Dig and Nslookup for checking and verifying DNS records and configuration.

Share this page:

Suggested articles

2 Comment(s)

Add comment

Comments

By: xytras at: 2022-07-16 19:59:48

Thanks for this guide. Would be nice if BIND had a web gui for management.

By: till at: 2022-07-17 06:36:22

You can e.g. use this setup to get BIND with a GUI: https://www.howtoforge.com/ispconfig-autoinstall-debian-ubuntu/