How To Install & Setup Private Nameserver with BIND9 on Debian/Ubuntu

DigitalOcean Referral Badge
Start your VPS now with FREE $100 credit.

If you have a LEMP or LAMP Stack running on your Debian/Ubuntu server, of course you will need a DNS Server to make your domain’s website connect to the internet. Unless you are using a third-party DNS service like CloudFlare.

Well, to install a DNS Server on Debian/Ubuntu is actually very easy. In this guide I will show you how to install BIND9 DNS Server on Debian/Ubuntu.

Quick tip: Fixing Cloudflare Error 1014 CNAME Cross-User Banned

Of course, you can create a private nameserver (child-NS) with BIND9 DNS. So you will have private nameservers like ns1.yourdomain.com and ns2.yourdomain.com on your server side and your domain registrar.

Okay… let’s install and setup BIND9 DNS Server on your Debian/Ubuntu.

1.) After you have successfully logged in to your server as a root user, now install BIND9 along with the necessary packages:

$ apt-get install bind9 bind9utils libcap2

2.) Let’s edit the file named.conf.local with nano editor or it can be done via sFTP (WinSCP/FileZilla):

nano /etc/bind/named.conf.local
zone "yourdomain.com" {
type master;
file "/etc/bind/zones/yourdomain.com.db";
};

zone "3.2.1.in-addr.arpa" {
type master;
file "/etc/bind/zones/rev.3.2.1.in-addr.arpa";
};

NOTE:
* Copy the snippet code above and paste it in the named.conf.local file
* Please replace yourdomain.com with your actual domain.
* Press CTRL+ O + ENTER to Save, and then press CTRL+ X to Exit.

READ:  How To Create Swap Memory on RHEL/Centos & Debian/Ubuntu KVM Server

3.) Next, we need to create the zones directory inside /etc/bind/ folder

$ cd /etc/bind
$ mkdir zones
$ cd /etc/bind/zones
$ nano yourdomain.com.db

6.) Open yourdomain.com.db file and edit the DNS settings, so we can make it work as a private nameserver (Child-NS)

$ nano /etc/bind/zones/yourdomain.com.db
; BIND data file for yourdomain.com
;
$TTL 14400
@ IN SOA ns1.yourdomain.com. serv.yourdomain.com. (
2019110501 ; Serial
7200 ; Refresh
3600 ; Retry
2419200 ; Expire
10800 ; Default TTL
)

;
yourdomain.com. IN NS ns1.yourdomain.com.
yourdomain.com. IN NS ns2.yourdomain.com.

yourdomain.com. IN MX 10 mail.yourdomain.com.
yourdomain.com. IN A 192.184.92.158

ns1 IN A 192.184.92.158
ns2 IN A 192.184.92.158
www IN CNAME yourdomain.com.
mail IN A 192.184.92.158
ftp IN CNAME yourdomain.com.
yourdomain.com. IN TXT v=spf1 ip4: 192.184.92.158 a mx ~all
mail IN TXT v=spf1 a -all

NOTE:

* Replace yourdomain.com with your actual domain name
* Replace serv.yourdomain.com with your server’s hostname
* Replace 192.184.92.158 with your own IPv4 server

7.) After that we need to configure “rev.3.2.1.in-addr.arpa”, like this:

$ nano /etc/bind/zones/rev.3.2.1.in-addr.arpa

@ IN SOA yourdomain.com. serv.yourdomain.com. (
2019110501;
28800;
10800;
10800;
86400 );

IN NS ns1.yourdomain.com.
4 IN PTR yourdomain.com.

8.) Now edit the resolv.conf file and add your domain at the bottom line.

$ nano /etc/resolv.conf
$ search yourdomain.com

9.) Open the file named.conf.options in the /etc/bind/ directory and please replace IP forwarders with your IPv4 server.

$ nano /etc/bind/named.conf.options
options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk. See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        forwarders {
                192.184.92.158;
        };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys. See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        auth-nxdomain no; # conform to RFC1035
        listen-on-v6 { any; };
};

NOTE: Please replace 192.184.92.158 with your actual IPv4 server

READ:  How To Fix 8 Common Errors on CSF (ConfigServer Security & Firewall)

10.) Restart BIND9 Service

$ /etc/init.d/bind9 restart

Or

$ service bind9 restart

11.) Finally, you need to register a private nameserver (child-NS) at your domain registrar. Point ns1 and ns2 to your IPv4 server, then update your DNS with the private nameservers in your domain registrar.

12.) After configuring your private nameservers with BIND9 is ready to use, next we need to install DNS Utility to verify that your Child-NS settings are correct.

$ apt-get install dnsutils

Let’s test your domain, whether your IP server is properly connected to your domain.

$ dig yourdomain.com

Leave a Comment