DNSOnDebianUbuntu: Installation and Configuration of DNS Servers on Debian and Ubuntu

Copyright (C) 2020 – 2023 Exforge exforge@x386.org

# - This document is free text: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# any later version.
#
# - This document is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# - You should have received a copy of the GNU General Public License
# along with this program.  If not, see <https://www.gnu.org/licenses/>.

Specs

# - There will be 2 DNS Servers, 1 Primary (Master) and 1 Replica (Slave). 
# - For every domain on the internet, at least 2 DNS Servers are needed. So if 
# you want to run your own DNS Server, you need at least 2 servers.
# - If you need DNS Servers for your internal network, it might be a good idea 
# to install a spare one.
# - I, myself prefer using www.cloudfare.com for DNS services of my domain. But 
# you may prefer running on your servers.
#
# My Specs: (Change the values to your ones)
# Both DNS Servers can be Debian 12/11 or Ubuntu 22.04/20.04 Server
# Domain Name:                  x11.xyz       (Change it to your domain name)
# Primary DNS Server:           ns1.x11.xyz   192.168.1.224
# Replica DNS Server:           ns2.x11.xyz   192.168.1.225
# Some sample servers to add as DNS records:
# filesrv.x11.xyz:              192.168.1.171
# mail.x11.xyz:                 192.168.1.172
# mailsrv as a canonical name for mail
# mail as a mail server for the domain
# Google DNS server 8.8.8.8 is used as forwarder DNSs
#
# - I tested the tutorial with Debian 11, Debian 12, Ubuntu 22.04 and Ubuntu
# 22.04 pairs.
#
# Sources:
https://www.linuxtechi.com/install-configure-bind-9-dns-server-ubuntu-debian/
https://www.packtpub.com/networking-and-servers/mastering-ubuntu-server-second-edition
https://bind9.readthedocs.io

1. Primary DNS Server

#-- 1.0. Update Repositories
sudo apt update
#-- 1.1. Install bind9 (DNS Server)
sudo apt -y install bind9
#
#-- 1.2. Edit main config file
sudo nano /etc/bind/named.conf.options
# Change as below
options {
   # Cache Directory
   directory "/var/cache/bind";
   # Allow replica to transfer zone files
   allow-transfer { localhost; 192.168.1.225; };
   # Allow queries from any hosts
   allow-query { any; };
   # Use Google DNS as forwarder
   forwarders { 8.8.8.8; };
   # Automatic DNS Security validation
   dnssec-validation auto;
   # Listen on IP4 from all interfaces
   listen-on { any; };
   # Allow recursions
   recursion yes;
};
#
#-- 1.3. Add a Forward and a Reverse Zone.
sudo nano /etc/bind/named.conf.local
# Forward zone
zone "x11.xyz" IN {
   type master;
   file "/etc/bind/forward.x11.xyz";
};
# Reverse zone
zone "1.168.192.in-addr.arpa" IN {
   type master;
   file "/etc/bind/reverse.x11.xyz";
};
# 
#-- 1.4. Fill the Forward File We Just Defined
sudo nano /etc/bind/forward.x11.xyz
$TTL 1D
@ IN SOA ns1.x11.xyz hostmaster.x11.xyz (
   2022060501 ; serial
   8H ; Refresh
   4H ; Retry
   4W ; Expire
   1D ; Minimum TTL
)
; Name Server of the domain
@               IN NS     ns1.
; Mail server of the domain
@               IN MX 10  mail.x11.xyz.
; A Records for Hosts
ns1             IN A      192.168.1.224
ns2             IN A      192.168.1.225
filesrv         IN A      192.168.1.171
mail            IN A      192.168.1.172
# CNAME Record
mailsrv         IN CNAME  mail.x11.xyz.

2. Replica DNS Server

#-- 2.0. Update Repositories
sudo apt update
#-- 2.1. Install bind9 (DNS Server)
sudo apt -y install bind9
#
#-- 2.2. Edit Main Config File
sudo nano /etc/bind/named.conf.options
options {
   # Cache Directory
   directory "/var/cache/bind";
   # Allow queries from any hosts
   allow-query { any; };
   # Use Google DNS as forwarder
   forwarders { 8.8.8.8; };
   # Automatic DNS Security validation
   dnssec-validation auto;
   # Listen on IP4 from all interfaces
   listen-on { any; };
   # Allow recursions
   recursion yes;
};
#
#-- 2.3. Add the Local Zones
# These zones will be replicated from the Primary DNS
sudo nano /etc/bind/named.conf.local
zone "x11.xyz" IN {
   type slave;
   masters { 192.168.1.224; };
   file "/var/lib/bind/forward.x11.xyz";
};
zone "1.168.192.in-addr.arpa" IN {
   type slave;
   masters { 192.168.1.224; };
   file "/var/lib/bind/reverse.x11.xyz";
};
# This time local zone file is placed at /var/lib
#   and it will be populated automatically
#
#-- 2.4. Check Configuration Files
sudo named-checkconf /etc/bind/named.conf.options
sudo named-checkconf /etc/bind/named.conf.local

3. Final Touch

#-- 3.1. Restart DNS on both primary and replica
sudo systemctl restart bind9
# - Your name servers must be working now. You can query them from any host
# in the network with dig command:
dig @192.168.1.224 mail.x11.xyz
#
#-- 3.2. Notes
# !!! Remember !!!
# - When you change the zone file on your primary server, remember to increase
# the number given before serial. 
# - You can change DNS server settings of your computers (including DNS Servers) 
# to the new DNS servers.