This article will describe installing BIND and running DNS server for private network.
Table of Contents
1 Install BIND
Install bind9 with apt.
sudo apt-get install -y bind9
2 Configuration
- Private network address is 192.168.11.0/24.
- Private network name is my.net.
- IP address of DNS server for private network is 192.168.11.79. This DNS server uses recursive query.
- IP address of local machine inside private network is 192.168.11.87.
- IP address of DNS server for internet is 192.168.11.1.
2.1 /etc/bind/named.conf.options
This is the configration file for BIND option.
- Allow query from private network.
- Allow recursive query.
- If you running ufw, open 53/udp and 53/tcp.
options {
directory "/var/cache/bind";
listen-on port 53 { localhost; 192.168.11.0/24; };
allow-query { localhost; 192.168.11.0/24; };
forwarders { 192.168.11.1; };
recursion yes;
}
2.2 /etc/bind/named.conf.local
This configuration file for private network is included by /etc/bind/named.conf.
zone "my.net" IN {
type master;
file "my.net.zone";
};
2.3 /var/cache/bind/my.net.zone
This is a zone file for private network.
- DNS server hostname is 192.168.11.64.
- Client hostname is client.
- If you need more, append A record.
$TTL 86400 @ IN SOA my.net root.my.net ( 2017062705 3600 900 604800 86400 ) @ IN NS server server IN A 192.168.11.79 client IN A 192.168.11.87
3 Validation
named-checkconf validates /etc/bind/named.conf and included files.
$ named-checkconf
named-checkzone validates zone file.
$ /usr/sbin/named-checkzone my.net /var/cache/bind/my.net.zone zone my.net/IN: loaded serial 2017062705 OK
4 Run BIND
Run BIND with systemd.
sudo systemctl enable bind9 sudo systemctl start bind9
5 Excution result
Run the following on client.
Make /etc/resolv.conf to refer DNS server.
$ cat /etc/resolv.conf # Generated by NetworkManager search my.net nameserver 192.168.11.79
DNS server returns FQDN in private network.
$ ping -c 4 client.my.net PING client.my.net (192.168.11.87) 56(84) bytes of data. 64 bytes from debian-9 (192.168.11.87): icmp_seq=1 ttl=64 time=0.024 ms 64 bytes from debian-9 (192.168.11.87): icmp_seq=2 ttl=64 time=0.041 ms 64 bytes from debian-9 (192.168.11.87): icmp_seq=3 ttl=64 time=0.041 ms 64 bytes from debian-9 (192.168.11.87): icmp_seq=4 ttl=64 time=0.043 ms --- client.my.net ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3057ms rtt min/avg/max/mdev = 0.024/0.037/0.043/0.008 ms
DNS server returns FQDN in internet with recursive query.
$ ping -c 4 google.co.jp PING google.co.jp (172.217.25.67) 56(84) bytes of data. 64 bytes from nrt13s50-in-f3.1e100.net (172.217.25.67): icmp_seq=1 ttl=55 time=6.89 ms 64 bytes from nrt13s50-in-f3.1e100.net (172.217.25.67): icmp_seq=2 ttl=55 time=7.38 ms 64 bytes from nrt13s50-in-f3.1e100.net (172.217.25.67): icmp_seq=3 ttl=55 time=7.01 ms 64 bytes from nrt13s50-in-f3.1e100.net (172.217.25.67): icmp_seq=4 ttl=55 time=7.11 ms --- google.co.jp ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 6.897/7.103/7.386/0.190 ms