Scribd
Upload
22 views7 pages

Primary Master DNS Server (Caching With Forwarder)

This document provides a comprehensive guide on setting up a private DNS server using BIND9 on an Ubuntu system. It outlines the requirements, installation steps, configuration of forward and reverse zones, and testing procedures to ensure the DNS server operates correctly. By following the instructions, users will establish a primary DNS server with specific fully qualified domain names for various internal services.

Uploaded by

aimanyusuf7
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
22 views7 pages

Primary Master DNS Server (Caching With Forwarder)

This document provides a comprehensive guide on setting up a private DNS server using BIND9 on an Ubuntu system. It outlines the requirements, installation steps, configuration of forward and reverse zones, and testing procedures to ensure the DNS server operates correctly. By following the instructions, users will establish a primary DNS server with specific fully qualified domain names for various internal services.

Uploaded by

aimanyusuf7
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

SETUP PRIVATE NETWORK DNS SERVER

By Ruzaini Roni © 2023. Politeknik Mukah

Introduction

An important part of managing server configuration and infrastructure includes maintaining


an effortless way to search network interfaces and IP addresses by name. Instead of IP
addresses, you can use fully qualified domain names (FQDNs) to specify network addresses
eases the configuration of services and applications, and increases the maintainability of
configuration files. The BIND name server software (BIND9) on Linux server can resolve
private host names and private IP addresses. This provides a central way to manage your
internal hostnames and private IP addresses, which is indispensable when your environment
expands to more than a few hosts.

Requirements
1. Operating System: Ubuntu 22.04.1 LTS
2. Privileged access to your Ubuntu System as root or via sudo command is
required

Outcomes
You will use a naming scheme that uses "dfn50303.com" to refer to our private subnet or
zone. By the end of this activity, you will have a primary DNS server with FQDN
ns.dfn50303.com and FQDN for each machine as shown below:

VM Name Role Private FQDN IPv4 Address


Server 1 DNS server ns.dfn50303.com 10.0.2.11
Server 2 File server file.dfn50303.com 10.0.2.12
Server 3 Website server www.dfn50303.com 10.0.2.13
Server 4 E-mail server mail.dfn50303.com 10.0.2.14

By Ruzaini Roni © 2023. Politeknik Mukah


Instructions

You are installing BIND package, modifying main configuration files and creating zones files
on the DNS server. Finally, you restart the bind9 (or named) service after the configuration
and zones files are properly verified.

1. On the DNS server, ns, update apt with root privileges by executing the following
command:

sudo apt update

2. Then, with root privilege, install BIND package:

sudo apt install bind9

3. Check BIND9 service status. Type below command and press Enter;
bind9 service parameters file as following:

sudo service bind9 status

4. If the service is inactive (dead) you can start the service, type below command:

sudo service bind9 start

5. Save the changes on bind9 file and exit from the nano text editor.
6. With root privileges and using nano text editor, open the named.conf.options file
for editing:

sudo nano /etc/bind/named.conf.options

7. In the named.conf.options file, above the existing options block, add a new ACL
block called "trusted". This is where you will define list of clients that we will allow
recursive DNS queries from:

acl "trusted" {
10.0.2.11;
10.0.2.12;
10.0.2.13;
10.0.2.14;
};

By Ruzaini Roni © 2023. Politeknik Mukah


8. Then, edit the options block as followings:

forwarders {
8.8.8.8;
8.8.4.4;
};

9. Save the named.conf.options file and exit from nano text editor.
10. Specify your DNS zones with root privileges and open the named.conf.local file
for editing:

sudo nano /etc/bind/named.conf.local

11. In the named.conf.local file, specify the forward zone as followings:

zone "dfn50303.com" {
type master;
file "/etc/bind/zones/db.dfn50303.com";
};

12. As your private subnet is 10.0.2.0/24, specify the reverse zone as followings:

zone "2.0.10.in-addr.arpa" {
type master;
file "/etc/bind/zones/db.2.0.10";
};

13. Save the named.conf.local file and exit from nano text editor.
14. According to your named.conf.local configuration, that location should be
/etc/bind/zones. With root privileges, create the directory where your zone files
will reside:

sudo mkdir /etc/bind/zones

15. Copy the sample db.empty zone file to the proper location with the following new
name:

By Ruzaini Roni © 2023. Politeknik Mukah


sudo cp /etc/bind/db.empty /etc/bind/zones/db.dfn50303.com

16. Configure your forward zone file with root privileges and open the db.dfn50303.com
file for editing:

sudo nano /etc/bind/zones/db.dfn50303.com

17. In the db.dfn50303.com file, change the SOA record by replacing the first
"localhost" with ns's FQDN, then replace "root.localhost" with
"admin.dfn50303.com". Also, every time you edit a zone file, you should increment
the serial value before you restart the named process, so, increment it to "3". It should
look as followings:

@ IN SOA ns.dfn50303.com. admin.dfn50303.com. (


3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;

18. Then, delete the three records at the end of the file (after the SOA record).
19. At the end of the file, add your nameserver records with the following lines:

; name servers - NS records


IN NS ns.dfn50303.com.

20. Then add the A records for your hosts that belong in this zone.

; name servers - A records


ns.dfn50303.com. IN A 10.0.2.11
file.dfn50303.com. IN A 10.0.2.12
www.dfn50303.com. IN A 10.0.2.13
mail.dfn50303.com. IN A 10.0.2.14

21. Save the db.dfn50303.com file and exit from nano text editor with
command control x.
22. Copy the sample db.empty zone file to the proper name and
location:
sudo cp /etc/bind/db.empty /etc/bind/zones/db.2.0.10

23. Configure your reverse zone file with root privileges and open the db.2.0.10 file for
editing:

By Ruzaini Roni © 2023. Politeknik Mukah


sudo nano /etc/bind/zones/db.2.0.10

24. Make changes on your reverse zone file and it looks like the following:

@ IN SOA ns.dfn50303.com. admin.dfn50303.com. (


3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
; name Servers
IN NS ns.dfn50303.com.
; PTR Records
11 IN PTR ns.dfn50303.com. ; 10.0.2.11
12 IN PTR file.dfn50303.com. ; 10.0.2.12
13 IN PTR www.dfn50303.com. ; 10.0.2.13
14 IN PTR mail.dfn50303.com. ; 10.0.2.14

25. Save the db.2.0.10 file and exit from nano text editor.
26. Run the following command to check the syntax of the named.conf* files:

sudo named-checkconf

If your named configuration files have no syntax errors, you will return to your shell
prompt and see no error messages. If there are problems with your configuration
files, review the error message and the re-configure the related files, then try named-
checkconf again.
27. To check the correctness of your "dfn50303.com" forward zone configuration, run the
following command:

sudo named-checkzone dfn50303.com /etc/bind/zones/db.dfn50303.com

28. While, to check the "db.2.0.10.in-addr.arpa" reverse zone configuration, run the
following command:

sudo named-checkzone db.2.0.10.in-addr.arpa /etc/bind/zones/db.2.0.10

When all your configuration and zone files have no errors in them, you should be
ready to restart the BIND service.

29. With root privileges, restart the BIND service:

By Ruzaini Roni © 2023. Politeknik Mukah


sudo service bind9 restart

From the client machine, for instance file machine, you can test the DNS service provided
by ns machine using nslookup and dig utilities.

30. On file machine, update your network interface enp0s3 with the new DNS server
information as following:

.
.
nameservers:
addresses: [10.0.2.11]

31. You can perform a forward lookup to retrieve the IP address of www.dfn50303.com
by running the following command:

nslookup www.dfn50303.com

32. You can perform a forward lookup to retrieve the IP address of www.gnu.org by
running the following command:

nslookup www.gnu.org

Your DNS server support caching with a forwarder that will get all its information from
the forwarder. You have already set the fowarder to the Google Public DNS (IP: 8.8.8.8
and 8.8.4.4).

33. You can test the reverse lookup, query the DNS server with mail's private IP
address:

nslookup 10.0.2.14

34. You can also retrieve the IP address your local machines using dig command. All
you need to look at is the “ANSWER SECTION” of the dig command. To retrieve the IP
address of www.dfn50303.com:

dig www.dfn50303.com

By Ruzaini Roni © 2023. Politeknik Mukah


To view just the IP address of the www machine, use the short form option:

dig www.dfn50303.com +short

35. Now, you can test connection with ping command to a local machine with its FQDN
instead of the IP address:
To view just the IP address of the www machine, use the short form option:
ping www.dfn50303.com
ping mail.dfn50303.com

DNS server may store previously resolved domain names to a local cache. By default the
cached records will be stored for seven (7) days. The cache can be reused for future domain
name resolutions.

36. The following command will dump bind's cache into


/var/cache/bind/named_dump.db file:

sudo rndc dumpdb -cache

37. To view cached dns records simply cat or grep the resulting dump file. For
example:

grep gnu.org /var/named/data/cache_dump.db

or,

cat /var/named/data/cache_dump.db | grep gnu.org

38. To clear the cache, first flush all cache entries:

sudo rndc flush

39. Finally, reload bind:

sudo rndc reload

By Ruzaini Roni © 2023. Politeknik Mukah

You might also like