How to configure bind with Debian 11

Today we will learn how to configure bind with Debian 11. World of the internet is not possible without DNS service. For Linux BIND to that DNS jobs. So what is bind or DNS? Well, its basic role is to patch a specific domain name with a specific IP address. When you are looking for a website over the internet it will resolve the domain name to IP address and vice versa. Usually, 53 is the port number for DNS services. Let’s have a look at how we can configure that service step by step.

Install required package for server.

Prerequisites

I have Debian 11 Virtual machine, with 4 GB RAM and 40 G of storage. My example bind domain name will be rajneeshunix.com.

First, we need to update Debian Server.

# apt update 

Check the IP address of the server.

# hostname -I
192.168.135.132

Change the hostname of the server.

# echo 'rajneeshunix.com' > /etc/hostname

Reboot the system and check the hostname.

Define domain name in /etc/hosts file.

Install required package.

# apt-get install bind9 bind9utils bind9-doc dnsutils

Enable BIND server available on reboot.

# systemctl enable bind9

Allow port 53 on the firewall.

# ufw allow 53

Check service status.

# systemctl status bind9

Define server parameters in conf file.

For the BIND master server, both forward and reverse configuration file configurations are required.

Let’s have a look at what files are available in /etc/bind, and which files we are required to configure.

# cd /etc/bind && ls

two files named.conf and named.conf.local, are visible in /etc/bind directory. for the local bind server, we will edit and use named.conf.local file only.

# vim /etc/bind/named.conf.local

Define forward zone. The zone file for the forward zone will be /etc/bind/forward.rajneeshunix.com.db.

zone "rajneeshunix.com" IN {
      type master;

file "/etc/bind/forward.rajneeshunix.com.db";

allow-update { none; };
};

Define reverse zone. The configuration file for the reverse zone will be /etc/bind/reverse.rajneeshunix.com.db.

zone "135.168.192.in-addr.arpa" IN {

     type master;

     file "/etc/bind/reverse.rajneeshunix.com.db";
 allow-update { none; };

};

Configure zone files as forward and reverse.

In the previous step, we have defined zone files for forward and reverse zones. Let’s configure the forward zone first. Copy example forward zone file to the defined file name.

# cp db.local forward.rajneeshunix.com.db

Edit configuration file.

# vim 

forward.rajneeshunix.com.db

The configuration file should look like this.

  GNU nano 5.4                                   forward.rajneeshunix.com.db                                            ;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     rajneeshunix.com. root.rajneeshunix.com. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL

@       IN      NS      rajneeshunix.com.
@       IN      A       192.168.135.132

ns1     IN      A       192.168.135.132
mail    IN      A       192.168.135.132
www     IN      A       192.168.135.132


Check if any error in the conf file.

 # named-checkzone rajneeshunix.com forward.rajneeshunix.com.db

The output will look something like this.

Let’s configure the reverse zone. In a similar manner copy example file ‘db.127’ to the defined reverse zone file.

# cp db.127 reverse.rajneeshunix.com.db

Edit file as per required settings.

# vim db.127 reverse.rajneeshunix.com.db 
;
; BIND reverse data file for local loopback interface
;
$TTL    604800
@       IN      SOA     ns1.rajneeshunix.com. root.ns1.rajneeshunix.com. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      ns1.rajneeshunix.com.
ns1     IN      A       192.168.135.132
132     IN      PTR     ns1.rajneeshunix.com.

Check if the zone files are correct or not.

 # named-checkzone 135.168.192-in.addr.arpa reverse.rajneeshunix.com.db

All of the settings are done as per requirement.

Test BIND/DNS service.

We have configured a bind for the local area network. We must define server IP (192.168.135.132) address as LAN DNS too. If we are not doing this problems may occur.

Use the nslookup command to check the bind service.

# nslookup rajneeshunix.com
Server:         192.168.135.132
Address:        192.168.135.132#53

Name:   rajneeshunix.com
Address: 192.168.135.132

Use the dig command

# dig rajneeshunix.com

Dig query has been resolved as visible in the answer section. Command will return with an answer as ‘0’ if it’s not been resolved.

Use dig command using an IP Address.

# dig -x 192.168.135.132

The output will resolve query based on reverse zone, have a look.

Use the dig command with the +short option to have brief information.

# dig -x 192.168.135.132 +short

Output

ns1.rajneeshunix.com.

For domain name.

# dig rajneeshunix.com +short

Output

192.168.135.132

Resolve all information with ‘any’ option.

# dig any rajneeshunix.com

Use telnet command to test bind server.

# telnet 192.168.135.132 53

Output

Trying 192.168.135.132...
Connected to 192.168.135.132.
Escape character is '^]'.
^]
telnet>

Use telnet with the domain name.

# telnet rajneeshunix.com 53

Output

Trying 192.168.135.132...
Connected to rajneeshunix.com.
Escape character is '^]'.
^]
telnet>

Use host command to test bind service.

Check with the domain name.

# host rajneeshunix.com

Use host command with IP address.

# host 192.168.135.132

Use host command with -l option and domain name.

# host -l rajneeshunix.com

Conclusion

We have successfully deployed the Bind configuration. Few things to keep in mind:

  1. Network dns ip address must be same as bind server.
  2. Allow port 53 on firewall.
  3. Allow ssh for root.
  4. Define ‘A’ record proper, or else it might show configuration error sometimes.

Stay tuned.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest articles

x