Home DNS Server BIND9 How To Install & Setup Private Nameserver with BIND9 on Debian/Ubuntu

How To Install & Setup Private Nameserver with BIND9 on Debian/Ubuntu


If you have a LEMP or LAMP Stack running on your Debian/Ubuntu server, of course you will need a DNS Server to make your domain’s website connect to the internet. Unless you are using a third-party DNS service like CloudFlare. Well, to install a DNS Server on Debian/Ubuntu is actually very easy. In this guide I will show you how to install BIND9 DNS Server on Debian/Ubuntu.

Of course, you can create a private nameserver (child-NS) with BIND9 DNS. So you will have private nameservers like ns1.yourdomain.com and ns2.yourdomain.com on your server side and your domain registrar. OK… let’s install and setup BIND9 DNS Server on your Debian/Ubuntu.

1.) After you have successfully logged in to your server as a root user, now install BIND9 along with the necessary packages:

$ apt-get install bind9 bind9utils libcap2

2.) Let’s edit the file named.conf.local with nano editor or it can be done via sFTP (WinSCP/FileZilla):

nano /etc/bind/named.conf.local
zone "yourdomain.com" {
type master;
file "/etc/bind/zones/yourdomain.com.db";

zone "3.2.1.in-addr.arpa" {
type master;
file "/etc/bind/zones/rev.3.2.1.in-addr.arpa";

* Copy the snippet code above and paste it in the named.conf.local file
* Please replace yourdomain.com with your actual domain.
* Press CTRL+ O + ENTER to Save, and then press CTRL+ X to Exit.

3.) Next, we need to create the zones directory inside /etc/bind/ folder

$ cd /etc/bind
$ mkdir zones
$ cd /etc/bind/zones
$ nano yourdomain.com.db

6.) Open yourdomain.com.db file and edit the DNS settings, so we can make it work as a private nameserver (Child-NS)

$ nano /etc/bind/zones/yourdomain.com.db
; BIND data file for yourdomain.com
$TTL 14400
@ IN SOA ns1.yourdomain.com. serv.yourdomain.com. (
2019110501 ; Serial
7200 ; Refresh
3600 ; Retry
2419200 ; Expire
10800 ; Default TTL

yourdomain.com. IN NS ns1.yourdomain.com.
yourdomain.com. IN NS ns2.yourdomain.com.

yourdomain.com. IN MX 10 mail.yourdomain.com.
yourdomain.com. IN A

ns1 IN A
ns2 IN A
www IN CNAME yourdomain.com.
mail IN A
ftp IN CNAME yourdomain.com.
yourdomain.com. IN TXT v=spf1 ip4: a mx ~all
mail IN TXT v=spf1 a -all


READ:  How To Install ionCube Loader on VestaCP

* Replace yourdomain.com with your actual domain name
* Replace serv.yourdomain.com with your server’s hostname
* Replace with your own IPv4 server

7.) After that we need to configure “rev.3.2.1.in-addr.arpa”, like this:

$ nano /etc/bind/zones/rev.3.2.1.in-addr.arpa

@ IN SOA yourdomain.com. serv.yourdomain.com. (
86400 );

IN NS ns1.yourdomain.com.
4 IN PTR yourdomain.com.

8.) Now edit the resolv.conf file and add your domain at the bottom line.

$ nano /etc/resolv.conf
$ search yourdomain.com

9.) Open the file named.conf.options in the /etc/bind/ directory and please replace IP forwarders with your IPv4 server.

$ nano /etc/bind/named.conf.options
options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk. See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        forwarders {

        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys. See https://www.isc.org/bind-keys
        dnssec-validation auto;

        auth-nxdomain no; # conform to RFC1035
        listen-on-v6 { any; };

NOTE: Please replace with your actual IPv4 server

10.) Restart BIND9 Service

$ /etc/init.d/bind9 restart


$ service bind9 restart

11.) Finally, you need to register a private nameserver (child-NS) at your domain registrar. Point ns1 and ns2 to your IPv4 server, then update your DNS with the private nameservers in your domain registrar.

READ:  How To Change VestaCP Default Port (Securing VestaCP Login)

12.) After configuring your private nameservers with BIND9 is ready to use, next we need to install DNS Utility to verify that your Child-NS settings are correct.

$ apt-get install dnsutils

Let’s test your domain, whether your IP server is properly connected to your domain.

$ dig yourdomain.com


Please enter your comment!
Please enter your name here