How To Install & Setup Private Nameserver with BIND9 on Debian/Ubuntu

DigitalOcean Referral Badge
Start your VPS now with FREE $100 credit.

If you have a LEMP or LAMP Stack running on your Debian/Ubuntu server, of course you will need a DNS Server to make your domain’s website connect to the internet. Unless you are using a third-party DNS service like CloudFlare.

Well, to install a DNS Server on Debian/Ubuntu is actually very easy. In this guide I will show you how to install BIND9 DNS Server on Debian/Ubuntu.

Quick tip: Fixing Cloudflare Error 1014 CNAME Cross-User Banned

Of course, you can create a private nameserver (child-NS) with BIND9 DNS. So you will have private nameservers like and on your server side and your domain registrar.

Okay… let’s install and setup BIND9 DNS Server on your Debian/Ubuntu.

1.) After you have successfully logged in to your server as a root user, now install BIND9 along with the necessary packages:

$ apt-get install bind9 bind9utils libcap2

2.) Let’s edit the file named.conf.local with nano editor or it can be done via sFTP (WinSCP/FileZilla):

nano /etc/bind/named.conf.local
zone "" {
type master;
file "/etc/bind/zones/";

zone "" {
type master;
file "/etc/bind/zones/";

* Copy the snippet code above and paste it in the named.conf.local file
* Please replace with your actual domain.
* Press CTRL+ O + ENTER to Save, and then press CTRL+ X to Exit.

READ:  How To Reset MySQL Root Password on Debian/Ubuntu & CentOS

3.) Next, we need to create the zones directory inside /etc/bind/ folder

$ cd /etc/bind
$ mkdir zones
$ cd /etc/bind/zones
$ nano

6.) Open file and edit the DNS settings, so we can make it work as a private nameserver (Child-NS)

$ nano /etc/bind/zones/
; BIND data file for
$TTL 14400
@ IN SOA (
2019110501 ; Serial
7200 ; Refresh
3600 ; Retry
2419200 ; Expire
10800 ; Default TTL


ns1 IN A
ns2 IN A
mail IN A
ftp IN CNAME IN TXT v=spf1 ip4: a mx ~all
mail IN TXT v=spf1 a -all


* Replace with your actual domain name
* Replace with your server’s hostname
* Replace with your own IPv4 server

7.) After that we need to configure “”, like this:

$ nano /etc/bind/zones/

@ IN SOA (
86400 );


8.) Now edit the resolv.conf file and add your domain at the bottom line.

$ nano /etc/resolv.conf
$ search

9.) Open the file named.conf.options in the /etc/bind/ directory and please replace IP forwarders with your IPv4 server.

$ nano /etc/bind/named.conf.options
options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk. See

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        forwarders {

        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys. See
        dnssec-validation auto;

        auth-nxdomain no; # conform to RFC1035
        listen-on-v6 { any; };

NOTE: Please replace with your actual IPv4 server

READ:  How To Fix 8 Common Errors on CSF (ConfigServer Security & Firewall)

10.) Restart BIND9 Service

$ /etc/init.d/bind9 restart


$ service bind9 restart

11.) Finally, you need to register a private nameserver (child-NS) at your domain registrar. Point ns1 and ns2 to your IPv4 server, then update your DNS with the private nameservers in your domain registrar.

12.) After configuring your private nameservers with BIND9 is ready to use, next we need to install DNS Utility to verify that your Child-NS settings are correct.

$ apt-get install dnsutils

Let’s test your domain, whether your IP server is properly connected to your domain.

$ dig

Leave a Comment