DNS, stands for Domain Name System, translates hostnames or URLs into IP addresses. For example, if we type www.unixmen.com in browser, the DNS server translates the domain name into its associated ip address. Since the IP addresses are hard to remember all time, DNS servers are used to translate the hostnames like www.unixmen.com to 173.xxx.xx.xxx. So it makes easy to remember the domain names instead of its IP address.
In this tutorial, we will see how to setup and configure DNS server on Ubuntu 14.04 LTS. Also, the same method will work on Debian and its derivatives.
For the purpose of this tutorial, I will be using three nodes. One will be acting as Master DNS server, the second system will be acting as Secondary DNS, and the third will be our DNS client. Here are my three systems details.
Operating System : Ubuntu 14.04 64bit minimal server Hostname : masterdns.unixmen.local IP Address : 192.168.1.101/24
Operating System : Ubuntu 14.04 32bit minimal server Hostname : secondarydns.unixmen.local IP Address : 192.168.1.102/24
Operating System : Ubuntu 14.04 desktop Hostname : client.unixmen.local IP Address : 192.168.1.103/24
In this configuration BIND9 will find the answer to name queries and remember the answer for the next query. This can be useful for a slow internet connection. By caching DNS queries, you will reduce bandwidth and (more importantly) latency.
The default configuration is setup to act as a caching server. All that is required is simply adding the IP Addresses of your ISP’s DNS servers. Caching server is opt for low Internet connection.
Install bind9 packages using command:
sudo apt-get install bind9 bind9utils bind9-doc
Then edit /etc/bind/named.conf.options file,
sudo vi /etc/bind/named.conf.options
Simply uncomment and edit the following in /etc/bind/named.conf.options:
forwarders { 8.8.8.8; };
Restart bind9 service.
sudo service bind9 restart
Run the following command to test it.
dig -x 127.0.0.1
Sample output:
;; global options: +cmd ;; Got answer: ;; -»HEADER«- opcode: QUERY, status: NOERROR, id: 60612 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;1.0.0.127.in-addr.arpa. IN PTR
;; ANSWER SECTION: 1.0.0.127.in-addr.arpa. 604800 IN PTR localhost.
;; AUTHORITY SECTION: 127.in-addr.arpa. 604800 IN NS localhost.
;; ADDITIONAL SECTION: localhost. 604800 IN A 127.0.0.1 localhost. 604800 IN AAAA ::1
;; Query time: 4 msec ;; SERVER: 192.168.1.101#53(192.168.1.101) ;; WHEN: Thu Apr 09 14:51:36 IST 2015 ;; MSG SIZE rcvd: 132
You can use the same server for both Primary and Caching server.
Install bind9 packages on your server if not installed.
sudo apt-get install bind9 bind9utils bind9-doc
DNS configuration files are stored in /etc/bind directory. Primary configuration file is /etc/bind/namd.conf.
Edit ‘/etc/bind/named.conf’ file.
sudo vi /etc/bind/named.conf
Make sure it contains the following lines. If not, add them.
include “/etc/bind/named.conf.options”; include “/etc/bind/named.conf.local”; include “/etc/bind/named.conf.default-zones”;
Save and close the file.
Then, edit named.conf.local,
sudo vi /etc/bind/named.conf.local
Add the lines as shown in bold:
zone “unixmen.local” { type master; file “/etc/bind/forward.unixmen”; allow-transfer { 192.168.1.102; }; also-notify { 192.168.1.102; }; };
zone “1.168.192.in-addr.arpa” { type master; file “/etc/bind/reverse.unixmen”; allow-transfer { 192.168.1.102; }; also-notify { 192.168.1.102; }; };
Here,
Create forward and reverse zone files which we defiend in the ‘/etc/bind/named.conf.local’ file.
Create Forward Zone file name forward.unixmen in /etc/bind/zones,
sudo vi /etc/bind/forward.unixmen
Add the following lines:
$TTL 86400 @ IN SOA masterdns.unixmen.local. root.unixmen.local. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS masterdns.unixmen.local. @ IN NS secondarydns.unixmen.local. @ IN A 192.168.1.101 @ IN A 192.168.1.102 @ IN A 192.168.1.103 masterdns IN A 192.168.1.101 secondarydns IN A 192.168.1.102 client IN A 192.168.1.103
Create Forward Zone file name reverse.unixmen in /etc/bind/zones,
sudo vi /etc/bind/reverse.unixmen
Add the following lines:
$TTL 86400 @ IN SOA masterdns.unixmen.local. root.unixmen.local. ( 2011071002 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS masterdns.unixmen.local. @ IN NS secondarydns.unixmen.local. @ IN PTR unixmen.local. masterdns IN A 192.168.1.101 secondarydns IN A 192.168.1.102 client IN A 192.168.1.103 101 IN PTR masterdns.unixmen.local. 102 IN PTR secondarydns.unixmen.local. 103 IN PTR client.unixmen.local.
Run the following commands one by one:
sudo
Check DNS default configuration file:
sudo named-checkconf /etc/bind/named.conf
sudo named-checkconf /etc/bind/named.conf.local
If it returns nothing, your configuration is valid.
Check Forward zone:
sudo named-checkzone unixmen.local /etc/bind/forward.unixmen
Sample output:
zone unixmen.local/IN: loaded serial 2011071001 OK
Check reverse zone:
sudo named-checkzone unixmen.local /etc/bind/reverse.unixmen
Sample Output:
zone unixmen.local/IN: loaded serial 2011071002 OK
Restart bind9 service.
sudo service bind9 restart
Add the DNS Server details in your network interface config file.
sudo vi /etc/network/interfaces
Add the nameserver IP address:
auto eth0 iface eth0 inet static address 192.168.1.101 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1 dns-nameservers 192.168.1.101 dns-search unixmen.local
Reboot your system.
Method 1:
dig masterdns.unixmen.local
Sample Output:
; «» DiG 9.9.5-3ubuntu0.2-Ubuntu «» masterdns.unixmen.local ;; global options: +cmd ;; Got answer: ;; -»HEADER«- opcode: QUERY, status: NOERROR, id: 27712 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;masterdns.unixmen.local. IN A
;; ANSWER SECTION: masterdns.unixmen.local. 86400 IN A 192.168.1.101
;; AUTHORITY SECTION: unixmen.local. 86400 IN NS masterdns.unixmen.local. unixmen.local. 86400 IN NS secondarydns.unixmen.local.
;; ADDITIONAL SECTION: secondarydns.unixmen.local. 86400 IN A 192.168.1.102
;; Query time: 4 msec ;; SERVER: 192.168.1.101#53(192.168.1.101) ;; WHEN: Thu Apr 09 14:20:00 IST 2015 ;; MSG SIZE rcvd: 125
Method 2:
nslookup unixmen.local
Sample Output:
Server: 192.168.1.101 Address: 192.168.1.101#53
Name: unixmen.local Address: 192.168.1.101 Name: unixmen.local Address: 192.168.1.102 Name: unixmen.local Address: 192.168.1.103
Now the Primary DNS server is ready to use.
It is time to configure our Secondary DNS server.
Secondary DNS server is optional, but recommended. If the master DNS server goes down, the Secondary DNS server will take charge and answer the queries. You need an additional server to setup Slave DNS server.
Install bind9 packages using the following command:
sudo apt-get install bind9 bind9utils bind9-doc
Edit ‘/etc/bind/named.conf’ file.
sudo vi /etc/bind/named.conf
Make sure it contains the following lines. If not, add them.
include “/etc/bind/named.conf.options”; include “/etc/bind/named.conf.local”; include “/etc/bind/named.conf.default-zones”;
Save and close the file.
Then, edit named.conf.local,
sudo vi /etc/bind/named.conf.local
Add the lines as shown in bold:
zone “unixmen.local” { type slave; file “/var/cache/bind/forward.unixmen”; masters { 192.168.5.101; }; };
zone “1.168.192.in-addr.arpa” { type slave; file “/var/cache/bind/reverse.unixmen”; masters { 192.168.5.101; }; };
Here,
The zone file must be in /var/cache/bind/ because, by default, AppArmor only allows write access inside it.
Run the following commands one by one:
sudo
Restart bind9 service.
sudo service bind9 restart
Add the DNS Server details in your network interface config file.
sudo vi /etc/network/interfaces
# This file describes the network interfaces available on your system
auto lo iface lo inet loopback
auto eth0 iface eth0 inet static address 192.168.1.102 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1 dns-nameservers 192.168.1.101 dns-nameservers 192.168.1.102 dns-search home
Save and close the file.
Reboot your system.
After logging in to your server, run the following commands to check if DNS server is really working or not.
Method 1:
dig masterdns.unixmen.local
Sample Output:
; «» DiG 9.9.5-3-Ubuntu «» masterdns.unixmen.local ;; global options: +cmd ;; Got answer: ;; -»HEADER«- opcode: QUERY, status: NOERROR, id: 20290 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;masterdns.unixmen.local. IN A
;; ANSWER SECTION: masterdns.unixmen.local. 86400 IN A 192.168.1.101
;; AUTHORITY SECTION: unixmen.local. 86400 IN NS masterdns.unixmen.local. unixmen.local. 86400 IN NS secondarydns.unixmen.local.
;; ADDITIONAL SECTION: secondarydns.unixmen.local. 86400 IN A 192.168.1.102
;; Query time: 5 msec ;; SERVER: 192.168.1.101#53(192.168.1.101) ;; WHEN: Thu Apr 09 14:32:38 IST 2015 ;; MSG SIZE rcvd: 125
Method 2:
dig secondarydns.unixmen.local
Sample Output:
; «» DiG 9.9.5-3-Ubuntu «» secondarydns.unixmen.local ;; global options: +cmd ;; Got answer: ;; -»HEADER«- opcode: QUERY, status: NOERROR, id: 53461 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;secondarydns.unixmen.local. IN A
;; ANSWER SECTION: secondarydns.unixmen.local. 86400 IN A 192.168.1.102
;; AUTHORITY SECTION: unixmen.local. 86400 IN NS masterdns.unixmen.local. unixmen.local. 86400 IN NS secondarydns.unixmen.local.
;; ADDITIONAL SECTION: masterdns.unixmen.local. 86400 IN A 192.168.1.101
;; Query time: 5 msec ;; SERVER: 192.168.1.101#53(192.168.1.101) ;; WHEN: Thu Apr 09 14:33:02 IST 2015 ;; MSG SIZE rcvd: 125
Method 3:
nslookup unixmen.local
Sample Output:
Server: 192.168.1.101 Address: 192.168.1.101#53
Name: unixmen.local Address: 192.168.1.101 Name: unixmen.local Address: 192.168.1.103 Name: unixmen.local Address: 192.168.1.102
Note: A zone is only transferred if the Serial Number on the Primary DNS server is larger than the one on the Secondary DNS server.
Add the DNS server details in ‘/etc/resolv.conf’ file in all client systems
vi /etc/resolv.conf
# Generated by NetworkManager search unixmen.local nameserver 192.168.1.101 nameserver 192.168.1.102
Restart network service or reboot the system.
Now, you can test the DNS server using any one of the following commands:
dig masterdns.unixmen.local
dig secondarydns.unixmen.local
dig client.unixmen.local
nslookup unixmen.local
That’s all about now. The primary and secondary DNS servers are ready to use.
If you want to setup DNS server on RHEL based systems, check the following links.
Cheers!