Setup DNS Server In Ubuntu

In this tutorial, we will see how to setup and configure DNS server on Ubuntu 15.10 server. Also, the same method will work on Debian and its derivatives.

Setup DNS Server In Ubuntu 15.10

Scenario

For the purpose of this tutorial, I will be using three systems. One will be acting as Master DNS server, the second system will be acting as Secondary DNS, and the third will be our DNS client. Here are my three systems details.

Primary (Master) DNS Server Details:

Operating System     : Ubuntu 15.10 64bit minimal server

Hostname             : masterdns.sysvn.local

IP Address           : 192.168.1.101/24

Secondary (Slave) DNS Server Details:

Operating System     : Ubuntu 15.10 64bit minimal server

Hostname             : secondarydns.sysvn.local

IP Address           : 192.168.1.102/24

Client Details:

Operating System     : Ubuntu 14.04 desktop

Hostname             : client.sysvn.local

IP Address           : 192.168.1.103/24

Setup Caching Server

In this configuration, BIND9 will find the answer to name queries and remember the answer for the next query. This can be useful for a slow internet connection. By caching DNS queries, you will reduce bandwidth and (more importantly) latency.

The default configuration is setup to act as a caching server. All that is required is simply adding the IP Addresses of your ISP’s DNS servers. Caching server is opt for low Internet connection.

Install bind9 packages using command:

sudo apt-get install bind9 bind9utils bind9-doc

Then edit /etc/bind/named.conf.options file,

sudo vi /etc/bind/named.conf.options

Simply uncomment and edit the following in /etc/bind/named.conf.options:

forwarders {

8.8.8.8;

};

Restart bind9 service.

sudo systemctl restart bind9

Test Caching Server

Run the following command to test it.

dig -x 127.0.0.1

Sample output:

; <<>> DiG 9.9.5-11ubuntu1-Ubuntu <<>> -x 127.0.0.1

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60612

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;1.0.0.127.in-addr.arpa.        IN    PTR

;; ANSWER SECTION:

1.0.0.127.in-addr.arpa.    604800    IN    PTR    localhost.

;; AUTHORITY SECTION:

127.in-addr.arpa.    604800    IN    NS    localhost.

;; ADDITIONAL SECTION:

localhost.        604800    IN    A    127.0.0.1

localhost.        604800    IN    AAAA    ::1

;; Query time: 4 msec

;; SERVER: 192.168.1.101#53(192.168.1.101)

;; WHEN: Mon Nov 23 17:48:36 IST 2015

;; MSG SIZE  rcvd: 132

Setup Primary (Master) DNS Server

You can use the same server for both Primary and Caching server.

Install bind9 packages on your server if not installed.

sudo apt-get install bind9 bind9utils bind9-doc

  1. Configure Master DNS Server

DNS configuration files are stored in /etc/bind directory. Primary configuration file is /etc/bind/namd.conf.

Edit ‘/etc/bind/named.conf’ file.

sudo vi /etc/bind/named.conf

Make sure it contains the following lines. If not, add them.

include “/etc/bind/named.conf.options”;

include “/etc/bind/named.conf.local”;

include “/etc/bind/named.conf.default-zones”;

Save and close the file.

Then, edit named.conf.local,

sudo vi /etc/bind/named.conf.local

Add the following lines:

zone “sysvn.local” {

        type master;

        file “/etc/bind/forward.sysvn”;

        allow-transfer { 192.168.1.102; };

        also-notify { 192.168.1.102; };

 };

zone “1.168.192.in-addr.arpa” {

        type master;

        file “/etc/bind/reverse.sysvn”;

        allow-transfer { 192.168.1.102; };

        also-notify { 192.168.1.102; };

 };

Here,

  • sysvn– Forward zone file
  • sysvn– Reverse zone file
  • 168.1.102– Slave DNS server IP address
  1. Create Zone files

Create forward and reverse zone files which we defiend in the ‘/etc/bind/named.conf.local’ file.

2.1 Create Forward Zone

Create Forward Zone file name forward.sysvn in /etc/bind/zones,

sudo vi /etc/bind/forward.sysvn

Add the following lines:

$TTL 86400

@   IN  SOA     masterdns.sysvn.local. root.sysvn.local. (

        2011071001  ;Serial

        3600        ;Refresh

        1800        ;Retry

        604800      ;Expire

        86400       ;Minimum TTL

)

@       IN  NS          masterdns.sysvn.local.

@       IN  NS          secondarydns.sysvn.local.

@       IN  A           192.168.1.101

@       IN  A           192.168.1.102

@       IN  A           192.168.1.103

masterdns       IN  A   192.168.1.101

secondarydns    IN  A   192.168.1.102

client          IN  A   192.168.1.103

2.2 Create Reverse Zone

Create Forward Zone file name reverse.sysvn in /etc/bind/zones,

sudo vi /etc/bind/reverse.sysvn

Add the following lines:

$TTL 86400

@   IN  SOA     masterdns.sysvn.local. root.sysvn.local. (

        2011071002  ;Serial

        3600        ;Refresh

        1800        ;Retry

        604800      ;Expire

        86400       ;Minimum TTL

)

@       IN  NS          masterdns.sysvn.local.

@       IN  NS          secondarydns.sysvn.local.

@       IN  PTR         sysvn.local.

masterdns       IN  A   192.168.1.101

secondarydns    IN  A   192.168.1.102

client          IN  A   192.168.1.103

101     IN  PTR         masterdns.sysvn.local.

102     IN  PTR         secondarydns.sysvn.local.

103     IN  PTR         client.sysvn.local.

  1. Configuring Permissions, Ownership for Bind

Run the following commands one by one:

sudo chmod -R 755 /etc/bind

sudo chown -R bind:bind /etc/bind

  1. Test DNS configuration and zone files for any syntax errors

Check DNS default configuration file:

sudo named-checkconf /etc/bind/named.conf

sudo named-checkconf /etc/bind/named.conf.local

If it returns nothing, your configuration is valid.

Check Forward zone:

sudo named-checkzone sysvn.local /etc/bind/forward.sysvn

Sample output:

zone sysvn.local/IN: loaded serial 2011071001

OK

Check reverse zone:

sudo named-checkzone sysvn.local /etc/bind/reverse.sysvn

Sample Output:

zone sysvn.local/IN: loaded serial 2011071002

OK

Restart bind9 service.

sudo systemctl restart bind9

Add the DNS Server details in your network interface config file.

sudo vi /etc/network/interfaces

Add the nameserver IP address:

auto enp0s3

iface enp0s3 inet static

        address 192.168.1.101

        netmask 255.255.255.0

        network 192.168.1.0

        broadcast 192.168.1.255

        gateway 192.168.1.1

        dns-nameservers 192.168.1.101

        dns-search sysvn.local

Reboot your system.

  1. Test DNS Server

Method 1:

dig masterdns.sysvn.local

Sample Output:

; <<>> DiG 9.9.5-11ubuntu1-Ubuntu <<>> masterdns.sysvn.local

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27712

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;masterdns.sysvn.local.    IN    A

;; ANSWER SECTION:

masterdns.sysvn.local. 86400    IN    A    192.168.1.101

;; AUTHORITY SECTION:

sysvn.local.        86400    IN    NS    masterdns.sysvn.local.

sysvn.local.        86400    IN    NS    secondarydns.sysvn.local.

;; ADDITIONAL SECTION:

secondarydns.sysvn.local. 86400 IN    A    192.168.1.102

;; Query time: 4 msec

;; SERVER: 192.168.1.101#53(192.168.1.101)

;; WHEN: Mon Nov 23 17:55:00 IST 2015

;; MSG SIZE  rcvd: 125

Method 2:

nslookup sysvn.local

Sample Output:

Server:        192.168.1.101

Address:    192.168.1.101#53

Name:    sysvn.local

Address: 192.168.1.101

Name:    sysvn.local

Address: 192.168.1.102

Name:    sysvn.local

Address: 192.168.1.103

Now the Primary DNS server is ready to use.

It is time to configure our Secondary DNS server.

Setup Secondary(Slave) DNS Server

Secondary DNS server is optional, but recommended. If the master DNS server goes down, the Secondary DNS server will take charge and answer the queries. You need an additional server to setup Slave DNS server.

Install bind9 packages using the following command:

sudo apt-get install bind9 bind9utils bind9-doc

  1. Configure Slave DNS Server

Edit ‘/etc/bind/named.conf’ file.

sudo vi /etc/bind/named.conf

Make sure it contains the following lines. If not, add them.

include “/etc/bind/named.conf.options”;

include “/etc/bind/named.conf.local”;

include “/etc/bind/named.conf.default-zones”;

Save and close the file.

Then, edit named.conf.local,

sudo vi /etc/bind/named.conf.local

Add the lines as shown in bold:

zone “sysvn.local” {

        type slave;

        file “/var/cache/bind/forward.sysvn”;

        masters { 192.168.5.101; };

 };

zone “1.168.192.in-addr.arpa” {

        type slave;

        file “/var/cache/bind/reverse.sysvn”;

        masters { 192.168.5.101; };

 };

Here,

  • sysvn– Forward zone file
  • sysvn– Reverse zone file
  • 168.1.101– Master DNS server IP address

The zone file must be in /var/cache/bind/ because, by default, AppArmor only allows write access inside it.

  1. Configuring Permissions, Ownership for Bind

Run the following commands one by one:

sudo chmod -R 755 /etc/bind

sudo chown -R bind:bind /etc/bind

Restart bind9 service.

sudo service bind9 restart

  1. Add the DNS Server details

Add the DNS Server details in your network interface config file.

sudo vi /etc/network/interfaces

# This file describes the network interfaces available on your system

# and how to activate them. For more information, see interfaces(5).

# The loopback network interface

auto lo

iface lo inet loopback

# The primary network interface

auto enp0s3

iface enp0s3 inet static

address 192.168.1.102

netmask 255.255.255.0

network 192.168.1.0

broadcast 192.168.1.255

gateway 192.168.1.1

dns-nameservers 192.168.1.101

dns-nameservers 192.168.1.102

dns-search home

Save and close the file.

Reboot your system.

  1. Test DNS Server

After logging in to your server, run the following commands to check if DNS server is really working or not.

Method 1:

dig masterdns.sysvn.local

Sample Output:

; <<>> DiG 9.9.5-3-Ubuntu <<>> masterdns.sysvn.local

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20290

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;masterdns.sysvn.local.    IN    A

;; ANSWER SECTION:

masterdns.sysvn.local. 86400    IN    A    192.168.1.101

;; AUTHORITY SECTION:

sysvn.local.        86400    IN    NS    masterdns.sysvn.local.

sysvn.local.        86400    IN    NS    secondarydns.sysvn.local.

;; ADDITIONAL SECTION:

secondarydns.sysvn.local. 86400 IN    A    192.168.1.102

;; Query time: 5 msec

;; SERVER: 192.168.1.101#53(192.168.1.101)

;; WHEN: Mon Nov 23 18:02:38 IST 2015

;; MSG SIZE  rcvd: 125

Method 2:

dig secondarydns.sysvn.local

Sample Output:

; <<>> DiG 9.9.5-3-Ubuntu <<>> secondarydns.sysvn.local

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53461

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;secondarydns.sysvn.local. IN A

;; ANSWER SECTION:

secondarydns.sysvn.local. 86400 IN A 192.168.1.102

;; AUTHORITY SECTION:

sysvn.local. 86400 IN NS masterdns.sysvn.local.

sysvn.local. 86400 IN NS secondarydns.sysvn.local.

;; ADDITIONAL SECTION:

masterdns.sysvn.local. 86400 IN A 192.168.1.101

;; Query time: 5 msec

;; SERVER: 192.168.1.101#53(192.168.1.101)

;; WHEN: Mon Nov 23 18:10:02 IST 2015

;; MSG SIZE rcvd: 125

Method 3:

nslookup sysvn.local

Sample Output:

Server:        192.168.1.101

Address:    192.168.1.101#53

Name:    sysvn.local

Address: 192.168.1.101

Name:    sysvn.local

Address: 192.168.1.103

Name:    sysvn.local

Address: 192.168.1.102

Note: A zone is only transferred if the Serial Number on the Primary DNS server is larger than the one on the Secondary DNS server.

Client Side Configuration

Add the DNS server details in ‘/etc/resolv.conf’ file in all client systems

vi /etc/resolv.conf

# Generated by NetworkManager

search sysvn.local

nameserver 192.168.1.101

nameserver 192.168.1.102

Restart network service or reboot the system.

Test DNS Server

Now, you can test the DNS server using any one of the following commands:

dig masterdns.sysvn.local

dig secondarydns.sysvn.local

dig client.sysvn.local

nslookup sysvn.local

That’s all about now. The primary and secondary DNS servers are ready to use.