Bind9
Bind9 is one of the most popular unix dns handling systems available. This documentation is primarily a reiteration of the included digital ocean source listed below with some personalised extra information to improve clarity
==Debian 9== The debian 9 configuration instructions are setup for a single server hosted setup. Thus there is only one server with bind9 installed. This single server both operates and the name server and records server. With only a single server there is also no backup / secondary server as described in the digital ocean documentation
===Installation===
To install Bind9 on Debian9 execute the following commands
===Configure IPv4 Mode=== Configuring IPv4 Mode means bind9 will only handle requests over IPv4. This essentially just reduced configuration work as the IPv6 requires additional settings in bind9's config files.
Edite the file /etc/default/bind9 and add to the top of the file the following line:
===Configure The DNS Server===
Open the file /etc/bind/named.conf.options and enter the following:
recursion yes; # enables resursive queries
allow-recursion { any; }; # allows recursive queries from any clients
listen-on { <privateip>; }; # dns servers public IP address
allow-transfer { none; }; # disable zone transfers by default
forwarders {
8.8.8.8;
8.8.4.4;
};
};
Note that the above configuration has set allow-recursion to any which means any IP can make DNS look-ups requiring recursion. This is generally a security hazard but for an internal private network this may not be a huge deal. You can always change this value to trusted.
IF you change the allow-recursion value to trusted, add the following section also to the top of the configuration file:
Also, this configuration has been setup with forwarders to 8.8.8.8 and 8.8.4.4. These are the IPs of Google's DNS servers and are used when our dns server does not have the record
requested listed. This is useful if this DNS server will be referred to to resolve all domains - including those outside of the network. You can change this to a DNS server of your preference or remove the
section if you do not want any forwarding of DNS requests to occur.
===Configuring Zone Data===
Next edit the /etc/bind/named.conf.local file to add zone information. This file stores the name of the domains that will have their records stored on this server and where to find the zone file
information.
Copy the following into the /etc/bind/named.conf.local file:
===Configuring Zone Files===
You now need to create the zone file which you have configured in the previous section to refer to for zone data. The folder and path listed above may not exist, so run the following commands:
db.. Copy the following into it
; name servers - NS records
IN NS ns1.
; name servers - A records
ns1.
; A records
Replace all locations of YYYYMMDDV in the Serial value with the current Year Month Date and Version. As of this writing this should be 201811201. Note that keeping this number up to date is crucial with every update
as bind9 is only able to determine if changes have happened if this serial number is updated. Simply update it by updating the date OR increment the Version value if there are multiple updates within
the same day. Reset version back to 1 if the date has changed. This system not only allows for easy number generation but gives a helpful reminder to other administrators of when the last change was
made to the bind9 dns server.
All required configuration is now in place to resolve your domain. Now simply add A records in the zones file configured above. Add records under the A records comment in the same format as the nameserver
records specified above. You can use the following as a template:
Save your changes and restart the bind9 service
==Notes==
==Sources== * https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-private-network-dns-server-on-debian-9#testing-clients