Menu

Home
FreeeBook
StartHere
Contact
About

HowtoInstallandConfigureDNSServerinLinux
byLakshmananGanapathyonJanuary6,2014
27

Megusta

69

Tweet

DomainNameService(DNS)isaninternetservicethatmapsIPaddressestofullyqualifieddomainnames
(FQDN)andviceversa.
BINDstandsforBerkleyInternetNamingDaemon.
BINDisthemostcommonprogramusedformaintaininganameserveronLinux.
Inthistutorial,wewillexplainhowtoinstallandconfigureaDNSserver.
IfyouarenewtoDNS,youshouldfirstunderstandthefundamentalsofDNSandhowitworks.

1.NetworkInformation
Inthistutorial,wearegoingtosetupalocalDNSserverforthenetworkshowninthebelowdiagram.
Wellusethegeekstuff.netdomainasanexampleforthisDNSinstallation.mail,web,nsarethe
hoststhatresideswithinthisdomain.
Itispossibletoconfigureasinglesystemtoactasacachingnameserver,primary/masterand
secondary/slave.WewillconfigurethisDNSasaPrimay/MasteraswellasCachingDNSserver.
WellbeinstallingDNSserveron10.42.0.83.

2.InstallBind
Installthebind9packageusingtheappropriatepackagemanagementutilitiesforyourLinuxdistributions.
OnDebian/Ubuntuflavors,dothefollowing:
$sudoaptgetinstallbind9

OnRedhat/CentOS/Fedoraflavors,dothefollowing:
#yuminstallbind9

AlltheDNSconfigurationsarestoredunder/etc/binddirectory.Theprimaryconfigurationis
/etc/bind/named.confwhichwillincludeotherneededfiles.Thefilenamed/etc/bind/db.rootdescribesthe
rootnameserversintheworld.

3.ConfigureCacheNameServer
ThejobofaDNScachingserveristoqueryotherDNSserversandcachetheresponse.Nexttimewhenthe
samequeryisgiven,itwillprovidetheresponsefromthecache.Thecachewillbeupdatedperiodically.
PleasenotethateventhoughyoucanconfigurebindtoworkasaPrimaryandasaCachingserver,itisnot
advisedtodosoforsecurityreasons.Havingaseparatecachingserverisadvisable.
AllwehavetodotoconfigureaCacheNameServeristoaddyourISP(InternetServiceProvider)sDNS
serveroranyOpenDNSservertothefile/etc/bind/named.conf.options.ForExample,wewillusegoogles
publicDNSservers,8.8.8.8and8.8.4.4.
Uncommentandeditthefollowinglineasshownbelowin/etc/bind/named.conf.optionsfile.
forwarders{
8.8.8.8;

8.8.4.4;
};

Aftertheabovechange,restarttheDNSserver.
$sudoservicebind9restart

4.TesttheCacheNameServer
YoucanusethedigcommandtotestDNSservices.DIGcommandexamplesexplainsmoreabouthowto
performDNSlookups.
$digubuntu.com
;;Querytime:1323msec

Nowwhenthesecondtimeyouexecutethedig,thereshouldbeanimprovementintheQuerytime.Asyou
seebelow,ittookonly3msecthesecondtime,asitisgettingtheinfofromourcachingDNSserver.
$digubuntu.com
;;Querytime:3msec

5.ConfigurePrimary/MasterNameserver
Next,wewillconfigurebind9tobethePrimary/Masterforthedomain/zonethegeekstuff.net.
AsafirststepinconfiguringourPrimary/MasterNameserver,weshouldaddForwardandReverse
resolutiontobind9.
ToaddaDNSForwardandReverseresolutiontobind9,edit/etc/bind9/named.conf.local.
zone"thegeekstuff.net"{
typemaster;
file"/etc/bind/db.thegeekstuff.net";
};
zone"0.42.10.inaddr.arpa"{
typemaster;
notifyno;
file"/etc/bind/db.10";
};

Nowthefile/etc/bind/db.thegeekstuff.netwillhavethedetailsforresolvinghostnametoIPaddressforthis
domain/zone,andthefile/etc/bind/db.10willhavethedetailsforresolvingIPaddresstohostname.

6.BuildtheForwardResolutionforPrimary/MasterNameServer
Nowwewilladdthedetailswhichisnecessaryforforwardresolutioninto/etc/bind/db.thegeekstuff.net.
First,copy/etc/bind/db.localto/etc/bind/db.thegeekstuff.net
$sudocp/etc/bind/db.local/etc/bind/db.thegeekstuff.net

Next,editthe/etc/bind/db.thegeekstuff.netandreplacethefollowing.
1.InthelinewhichhasSOA:localhost.ThisistheFQDNoftheserverinchargeforthisdomain.Ive
installedbind9in10.42.0.83,whosehostnameisns.Soreplacethelocalhost.with
ns.thegeekstuff.net..Makesureitendswithadot(.).
2.InthelinewhichhasSOA:root.localhost.ThisistheEMailaddressofthepersonwhois
responsibleforthisserver.Usedot(.)insteadof@.Ivereplacedwithlak.localhost.

3.InthelinewhichhasNS:localhost.ThisisdefiningtheNameserverforthedomain(NS).Wehave
tochangethistothefullyqualifieddomainnameofthenameserver.Changeitto
ns.thegeekstuff.net..Makesureyouhavea.attheend.
Next,definetheArecordandMXrecordforthedomain.ArecordistheonewhichmapshostnametoIP
address,andMXrecordwilltellthemailservertouseforthisdomain.
Oncethechangesaredone,the/etc/bind/db.thegeekstuff.netfilewilllooklikethefollowing:
$TTL604800
@INSOAns.thegeekstuff.net.lak.localhost.(
1024;Serial
604800;Refresh
86400;Retry
2419200;Expire
604800);NegativeCacheTTL
;
@INNSns.thegeekstuff.net.
thegeekstuff.net.INMX10mail.thegeekstuff.net.
nsINA10.42.0.83
webINA10.42.0.80
mailINA10.42.0.70

6.BuildtheReverseResolutionforPrimary/MasterNameServer
Wewilladdthedetailswhicharenecessaryforreverseresolutiontothefile/etc/bind/db.10.Copythefile
/etc/bind/db.127to/etc/bind/db.10
$sudocp/etc/bind/db.127/etc/bind/db.10

Next,editthe/etc/bind/db.10file,andbasicallychangingthesameoptionsas/etc/bind/db.thegeekstuff.net
$TTL604800
@INSOAns.thegeekstuff.net.root.localhost.(
20;Serial
604800;Refresh
86400;Retry
2419200;Expire
604800);NegativeCacheTTL
;
@INNSns.

Next,foreachArecordin/etc/bind/db.thegeekstuff.net,addaPTRrecord.
$TTL604800
@INSOAns.thegeekstuff.net.root.thegeekstuff.net.(
20;Serial
604800;Refresh
86400;Retry
2419200;Expire
604800);NegativeCacheTTL
;
@INNSns.
83INPTRns.thegeekstuff.net.
70INPTRmail.thegeekstuff.net.
80INPTRweb.thegeekstuff.net.

Wheneveryouaremodifyingthefiledb.thegeekstuff.netanddb.10,youneedtoincrementtheSerial
numberaswell.TypicallyadminusesDDMMYYSSforserialnumbersandwhentheymodify,thechange
theserialnumberappropriately.
Finally,restartthebind9service:
$sudoservicebind9restart

7.TesttheDNSserver
NowwehaveconfiguredtheDNSserverforourdomain.WewilltestourDNSserverbypinging
mail.thegeekstuff.netfromweb.thegeekstuff.net.
Ifthepingissuccess,thenwehaveconfiguredtheDNSsuccessfully.
YoucanalsousenslookupanddigtotestDNSservers.
Onweb.thegeekstuff.netserver,addthefollowingto/etc/resolv.conf
nameserver10.42.0.83

Nowping,mail.thegeekstuff.net,whichshouldresolvetheaddressappropriatelyfromtheDNSserverthat
wejustconfigured.
$pingmail.thegeekstuff.net
PINGmail.thegeekstuff.net(10.42.0.70)56(84)bytesofdata.
64bytesfrommail.thegeekstuff.net(10.42.0.70):icmp_req=1ttl=64time=0.482ms
64bytesfrommail.thegeekstuff.net(10.42.0.70):icmp_req=2ttl=64time=0.532ms
27

Tweet

Megusta

>Addyourcomment
69

Ifyouenjoyedthisarticle,youmightalsolike..
1.50LinuxSysadminTutorials
2.50MostFrequentlyUsedLinuxCommands(With
Examples)
3.Top25BestLinuxPerformanceMonitoringand
DebuggingTools
4.Mommy,Ifoundit!15PracticalLinuxFind
CommandExamples
5.Linux101Hacks2ndEditioneBook

AwkIntroduction7AwkPrintExamples
AdvancedSedSubstitutionExamples
8EssentialVimEditorNavigation
Fundamentals
25MostFrequentlyUsedLinuxIPTables
RulesExamples
TurbochargePuTTYwith12Powerful
AddOns

{21commentsaddone}
tedsmithJanuary7,2014,2:11am
Thanksforthearticle.Reallygood.
Gotsomegeneralquestionsthough.
DowehavetorunourDNSdohostourdomains?Anypros/cons?

Thanks,
Link
RamuMathiJanuary7,2014,6:47am
wheniwasinstallingbind9packageusingbyfollowingcommand
yuminstallbind9(centOs64bit)
itwasgivingerrorlike
SettingupInstallProcess
Nopackagebind9available.
Error:Nothingtodo
yuminstallbindthisisfinewhatisthedifferencebetweenthemplscanuhelpme
ThanksAndRegards
RamuMathi
Link
MacJanuary7,2014,8:37am
Greatwriteup,doyouhaveaconfigurationexampleusingthebindchrootpackageaswell?
Link
VutJanuary7,2014,9:42am
Nice!
yes,chrootenvandifpossibleplsalsowriterunningBindonRedHataswellashowtoconfigure
selinuxforBind.Thatwouldbesupercool!
Link
MacJanuary7,2014,12:26pm
RamuMathitoinstallbindoncentos
yuminstallbind
thenumber9istheversionincentos6.5
[root@c65ws06~]#rpmqabind
bind9.8.20.17.rc1.el6_4.6.x86_64
Link
VonskippyJanuary7,2014,2:25pm
GoodgettingstartedarticlebutnobodyshouldrunBINDasanormalservice.Pleasedoafollowup
articleonsettingupChrootbindaswellasDNSSEC.Asalways,keepupthegoodwork!
Link
JalalHajigholamaliJanuary7,2014,9:59pm
Hi,
Thanksalotforthearticle.Reallygood.
Link
pankajkumarJanuary8,2014,1:31am
hi,
itsreallyagreatefull
Link

PratikJanuary10,2014,1:18am
NIceandsimple
Link
AnonymousJanuary10,2014,8:03am
ThanksaTonnnnnnnn!!!!
Link
MacJanuary11,2014,7:52am
TosetupchrootdbindonaRHELbaseddistrolikeCentOS6.
#yuminstallybindbindchroot
inthisdirectory#/var/named
tarupthesedirectories(dyanamic,dataandslaves)movethetarddirectoriesto
#/var/named/chroot/var/named(untar)thenrun
#restoreconFRdynamicdataslaves
#chownnamed:nameddynamicdataslaves
Nowconfigurethe/etc/named.conf
Startupnamedandyouhaveyourchrootdbindsetup.
Link
sharmaJanuary12,2014,12:01am
thanksforthearticlegreatpost..!!
Link
billJanuary31,2014,9:53am
Goodarticleonthehow?.
Whatpuzzlesmeisthewhy?.
WhywouldyouwantapersonalDNSserver?
Woulditbeprivateorpublic?
Woulditbejustasubsetoftheentireltyofthings?
Whatsortofsetupwouldhavearequirement?
Andhowmuchresourcewoulditbelikelytotake?
Andhowmuchresourcewoulditbelikelytosave?
andIsuppose
Whatadditionalusecoulditbeputto?
Link
MohamedBileSuper(Somalia)January31,2014,11:23pm
Usefulpost.Thankyousomuchindeed.
Link
benFebruary1,2014,12:00pm
IsthereareasonahomeuserwouldwanttosetthisupontheirLAN?Ifso,isthecomplexityworth
it?Assumingthegoalistohaveahandfulofcomputers[talktoeachotherbyhostnameratherthan
IP].Theonlyotheroptionistojustkeepthe/etc/hostsfileuptodateonallthehostsIguess.
Link
MacFebruary2,2014,3:20pm

Alotofreasonswhyonewouldwantthissetup,havinghostnameinsteadofipaddresses,settingup
homelabstostudy,itiscomplextosetup.
Itissomuchbetterusinganameinsteadofanipaddress.
Link
CharlesFebruary4,2014,6:41am
Goodarticle.
UnfortunatelyyoudontsayanythingaboutsettingupaDNSserverforipversion6.Afollowup
articleaboutthatwouldbeveryappreciated
.
Link
DeepakApril4,2014,12:38am
Hi
IamnewDNSserver,iamtryingtoinstallDNSserverasperyourdirectionbutunsuccessful,kindly
helpmeout.
Regards
Deepak
Link
MichaelMcCoolMarch8,2015,11:42pm
OnereasonIamlookingintodoingthisistogetaroundthefactthatAndroiddevicesdonotsupport
mDNS.OnWindowsandMAC,youcanfinddeviceswithnameslikemydevice.localbecausethey
broadcasttheirnamesovermDNS.UnfortunatelyAndroiddevicesdontsupportmDNS,butoneway
arounditistopointsuchdevicesatalocalDNSserverthatlistsyourdevices.Suchaservershould
alsoactasanaccesspointand/orbridgetotherestoftheinternet.Kindofannoying,reallyIwouldnt
careifAndroiddidnotsupportmDNSsincemDNSisactuallyabettersolutiontofindingnamed
devicesonyourlocalnetwork.
Link
DheepaSeptember8,2015,2:54pm
Thankyou!Thiswasveryuseful!CanyoualsoshowushowtoaddawildcardentryintheDNS.
Doesthisworkwithwildcardentriestoo?Eg:Allrequeststo*.vms.netmappedto1.2.3.4.
Link
ChristianJanuary26,2016,3:44pm
Justonetinymistake
ToaddaDNSForwardandReverseresolutiontobind9,edit/etc/bind9/named.conf.local.
Shouldbe/etc/bind/.
Link
LeaveaComment
Name
Email

Website

Comment
Submit

Notifymeoffollowupcommentsviaemail
Nextpost:HowtoAddHyperVRoleonWindowsServer2008/2012toRunHyperVManager
Previouspost:HappyNewYear2014FromGeekandtheDolls
RSS|Email|Twitter|Facebook|Google+
Search

EBOOKS
Linux101Hacks2ndEditioneBookPracticalExamplestoBuildaStrongFoundationin
Linux
Bash101HackseBookTakeControlofYourBashCommandLineandShellScripting
SedandAwk101HackseBookEnhanceYourUNIX/LinuxLifewithSedandAwk
Vim101HackseBookPracticalExamplesforBecomingFastandProductiveinVimEditor
NagiosCore3eBookMonitorEverything,BeProactive,andSleepWell

TheGeekStuff
15957Megusta

Megustaestapgina

Compartir

Selprimerodetusamigosenindicarquele
gustaesto.

POPULARPOSTS
12AmazingandEssentialLinuxBooksToEnrichYourBrainandLibrary
50UNIX/LinuxSysadminTutorials
50MostFrequentlyUsedUNIX/LinuxCommands(WithExamples)
HowToBeProductiveandGetThingsDoneUsingGTD
30ThingsToDoWhenyouareBoredandhaveaComputer
LinuxDirectoryStructure(FileSystemStructure)ExplainedwithExamples
LinuxCrontab:15AwesomeCronJobExamples
GetaGripontheGrep!15PracticalGrepCommandExamples
UnixLSCommand:15PracticalExamples

15ExamplesToMasterLinuxCommandLineHistory
Top10OpenSourceBugTrackingSystem
ViandVimMacroTutorial:HowToRecordandPlay
Mommy,Ifoundit!15PracticalLinuxFindCommandExamples
15AwesomeGmailTipsandTricks
15AwesomeGoogleSearchTipsandTricks
RAID0,RAID1,RAID5,RAID10ExplainedwithDiagrams
CanYouTopThis?15PracticalLinuxTopCommandExamples
Top5BestSystemMonitoringTools
Top5BestLinuxOSDistributions
HowToMonitorRemoteLinuxHostusingNagios3.0
AwkIntroductionTutorial7AwkPrintExamples
HowtoBackupLinux?15rsyncCommandExamples
TheUltimateWgetDownloadGuideWith15AwesomeExamples
Top5BestLinuxTextEditors
PacketAnalyzer:15TCPDUMPCommandExamples
TheUltimateBashArrayTutorialwith15Examples
3StepstoPerformSSHLoginWithoutPasswordUsingsshkeygen&sshcopyid
UnixSedTutorial:AdvancedSedSubstitutionExamples
UNIX/Linux:10NetstatCommandExamples
TheUltimateGuideforCreatingStrongPasswords
6StepstoSecureYourHomeWirelessNetwork
TurbochargePuTTYwith12PowerfulAddOns
CATEGORIES
LinuxTutorials
VimEditor
SedScripting
AwkScripting
BashShellScripting
NagiosMonitoring
OpenSSH
IPTablesFirewall
ApacheWebServer
MySQLDatabase
PerlProgramming
GoogleTutorials
UbuntuTutorials
PostgreSQLDB
HelloWorldExamples
CProgramming
C++Programming
DELLServerTutorials
OracleDatabase
VMwareTutorials
Ramesh Natarajan
Seguir

AboutTheGeekStuff

MynameisRameshNatarajan.Iwillbepostinginstructionguides,howto,troubleshooting
tipsandtricksonLinux,database,hardware,securityandweb.Myfocusistowritearticlesthatwilleither
teachyouorhelpyouresolveaproblem.ReadmoreaboutRameshNatarajanandtheblog.
ContactUs

EmailMe:UsethisContactFormtogetintouchmewithyourcomments,questionsorsuggestionsabout
thissite.Youcanalsosimplydropmealinetosayhello!.
FollowusonGoogle+
FollowusonTwitter
BecomeafanonFacebook
SupportUs
Supportthisblogbypurchasingoneofmyebooks.
Bash101HackseBook
SedandAwk101HackseBook
Vim101HackseBook
NagiosCore3eBook
Copyright20082015RameshNatarajan.Allrightsreserved|TermsofService