An important part of the server configuration management discussion involves providing an easy way to check network connections and IP addresses by name by setting up an appropriate Domain Name System (DNS). On ns2, edit the named.conf.options file: At the top of the file, add the ACL with the private IP addresses for all your trusted servers: Just like in the named.conf.options file for ns2, add the following lines under the directory /var/cache/bind directive: Now open the named.conf.local file for editing: Now we should specify slave zones that match the master zones on the ns1 DNS server. The examples throughout this section will refer to eth1 as the private interface, but you should change these examples to reflect your own servers private interfaces. Probably the private IP addresses of the DNS servers are listed first and then the fallback values are ready. Note that the type is slave, the file does not contain a path, and there is a masters directive which should be set to the primary DNS servers private IP address. sudo echo "nameserver 172.16.10.2" >> /etc/resolv.conf. This is why it is recommended to set up your DNS with at least one secondary server, and to maintain working backups of all of them. In fact, prior to Ubuntu 18.04, DNS nameservers were . Install BIND on both servers # sudo apt-get install bind9 bind9utils 3. You should be able to adapt this setup to your own environment by replacing the host names and private IP addresses with your own. Configuring the Primary DNS Server 5. Install DNS Utilities These servers are called host1 and host2. DNS zones designate a specific scope for managing and defining DNS records. Abbreviation for domain name daemon. the reverse of the previous steps). Note that our reverse zone letters start with 128.10, which is the reverse 10.128: If your servers are spread over multiple subnets; But they are all on the same data center; You need to make sure you create an extra zone as well as a zone file for each separate subnet. This instructs Dnsmasq to forward unresolved queries to 8.8.8.8. With NetworkManager, to set DNS server, you need to edit the network connection via graphical user interface. In this file, we specify our forward and reverse zones. Note that in this case the type will be equal to slave and therefore the file does not contain a path and there are masters directories that must be set equal to the original private DNS IP address. Because our DNS system is completely internal and private, there is no need to purchase a domain name. In today's article, we will show you how to install, configure and manage BIND 9 as a private DNS server on an Ubuntu 16.04 VPS in a few steps. First, log in to your Atlantic.Net Cloud Server. We will use the sample db.127 zone file to create our reverse zone file: Edit the reverse zone file so it matches the reverse zone defined in named.conf.local: The original file should look something like the following: You should modify the SOA record and increment the serial value. sudo nano /etc/bind/named.conf.options Some of the available options are listed below. Now that BIND is installed, lets configure the primary DNS server. Creating the Reverse Zone File 8. By the end of this tutorial, you will have a primary DNS server, ns1, and optionally a secondary DNS server, ns2, which will serve as a backup. Follow us in the continuation of this article with the tutorial Setup private DNS server on ubuntu 20.04. If any query comes to this server, it forwards to the configured DNS server. The named-checkzone command can be used to check the correctness of your zone files. This makes it easier to configure services and applications, because you no longer need to remember their private IP addresses, and files are easier to read and understand. Configure the DNS server to allow secure and unsecure DNS updates for the zone. Reverse zone file (s) are created based on the sample zone file db.127. This provides a centralized way to manage internal hosting names and private IP addresses, which is essential when you need to extend the work environment to more than a few hosts. When you have finished editing all the desired zones, save and close the named.conf.local file. Since private IP addresses are all in IP 10.128.0.0/16, we set up a reverse zone to define reverse searches within this range. sudo apt update Copy Make sure the DNS server has a static IP address. Our final inverse zone file will look something like this: Run the following command to check the structure of named.conf * files: If your named configuration files do not have any structural errors, you will return to the command prompt without seeing any errors. We hope this article will help you a lot and will resolve all the queries regarding the configuration of the DNS. The *file*name at your master server is . 1. Open the named.conf.options file on the ns1 server for editing: sudo nano /etc/bind/named.conf.options. Click the cogwheel next to the connection you wish to set up. In this article, we try to fully teach you how to setup a private DNS server on ubuntu 20.04. This work is licensed under a Creative Commons Attribution-NonCommercial- ShareAlike 4.0 International License. Be sure to replace your zone names and add the private IP addresses of the secondary DNS server in the allow-transfer directory: Assuming the private subnet is 10.128.0.0/16, you can create a reverse zone by adding the following commands. Select the IPv4 Settings tab. Then enter the following command to equip your Debian with the latest updates: apt update 3. Add the forward zone with the following lines, substituting the zone name with your own and the secondary DNS servers private IP address in the allow-transfer directive: Assuming that our private subnet is 10.128.0.0/16, add the reverse zone by with the following lines (note that our reverse zone name starts with 128.10 which is the octet reversal of 10.128): If your servers span multiple private subnets but are in the same datacenter, be sure to specify an additional zone and zone file for each distinct subnet. That is, when the DNS receives a name query, host1.nyc3.example.com for example, it will look in the forward zone file to resolve host1s corresponding private IP address. 2. Dear friend, thanks for your comment, we are trying to solve this problem. In this step, save the file and exit. To set your upstream DNS server, add a new line to your config file: server=8.8.8.8 server=4.4.4.4. You will use the BIND name server software (BIND9) to resolve private hostnames and private IP addresses. At least one additional server. If you remove a host from your environment or want to just take it out of DNS, just remove all the things that were added when you added the server to DNS (i.e. To complete this tutorial, you will need the following infrastructure. Join our DigitalOcean community of over a million developers for free! Now, type dig command along with your domain name to test the DNS server. db.nyc3.example.com and db.10.128). Next, we will configure the local file, to specify our DNS zones. If there are problems that cause a loss of networking, Netplan will automatically roll back the changes after a timeout: If the countdown is updating correctly at the bottom, the new configuration is at least functional enough to not break your SSH connection. However, the version of BIND installed from the default Ubuntu 20.04 repositories (as outlined in Step 1) will not recognize these options, meaning you will have to use the less inclusive terminology unless you upgrade. This is where we define the list of clients that are allowed to return DNS queries. First find the directory related to your private network by querying the private subnet with the ip address command: In this example, the private interface is called eth1. As a final step, this tutorial will go over how you can maintain your zone records. Allow DNS connections to the server by altering the UFW firewall rules: sudo ufw allow Bind9. Configure the appropriate DNS zone on the server. Above the options block, create a new ACL called "trusted". In this tutorial, we will go over how to set up an internal DNS server, using the BIND name server software (BIND9) on Ubuntu 18.04, that can be used by your servers to resolve private hostnames and private IP addresses. Join DigitalOceans virtual conference for global builders. DNS server installation.Step 1 Update the repositories. The DNS server works right after installation. Add the nameserver records at the end of the file: After that add the A records for the hosts that need to be in this zone. You need to configure it according to your usage purposes. If you have defined several inverted zones on the main DNS server, you should make sure to add them all here: Now save and close the named.conf.local file. Set BIND to IPv4 mode 4. 2022 DigitalOcean, LLC. 2. Run the following command to check the configuration files: When the review is complete, restart BIND: Allow the DNS connection to pass by changing the UFW firewall as follows: The primary and secondary DNS servers are now configured to resolve the private network and the corresponding IP addresses. Run the following command to check the syntax of the named.conf* files: If your named configuration files have no syntax errors, there wont be any error messages and you will return to your shell prompt. For example, if an example contains something like host1.nyc3.example.com, replace it with the FQDN of your own server. First make sure that all your system packages are up-to-date by running these following apt-get commands in the terminal. Step 1. How to configure the Options file on the DNS server. Now that the zones are specified in BIND, we need to create the corresponding forward and reverse zone files. The BIND package is available for all Linux distributions, which makes the installation simple and straightforward. Now well create the directory where we will store our zone files in: We will use the sample db.local file to make our forward zone file, lets copy the file first: Now edit the forward zone file we just copied: It should look something like the example below: Now lets edit the SOA record. Now here I'm learning and sharing my knowledge with the world. Using the private IP addresses of the example we introduced earlier, we add ns1, ns2, host1 and hst2 to our list of trusted clients: Once you have created a list of your trusted DNS clients, you need to edit the options block. The two IP addresses in this block represent Googles public DNS resolvers, but the IP address of any public recursive name server will work here. Set BIND to IPv4 mode Given the objectives of this article, the following are some of our hypotheses: 1. Be sure to replace the items with your own values. Open /etc/bind/named.conf.optoins, enable the forwarders section, and add your preferred DNS servers: forwarders {. If that server's unavailable, 4.4.4.4 will be used instead. How to Setup Local DNS Resolver using Dnsmasq on Ubuntu 20.04 On this page Prerequisites Getting Started Install Dnsmasq Configure Dnsmasq Add DNS Records to Dnsmasq Server Verify Dnsmasq Server Resolution Configure Remote Client to Use Dnsmasq DNS Server Conclusion In our example, this includes all of our hosts because they are all on the 10.128.0.0/16 subnet. ns1 Primary DNS Server 108.100.100.1. ns2 Secondary DNS Server 108.100.100.2. First, check your current hostname: $ hostname server1 $ hostname --fqdn server1 At this point both, the hostname and FQDN is set to server1.. Optionally, change your hostname before proceeding to the next step . To study this tutorial, you must have the following infrastructure. BIND can also use forwarders to allow queries by servers that dont have direct access to the internet. On ns2, edit the named.conf.options file: At the top of the file, add the ACL with the private IP addresses of all of your trusted servers: Below the directory directive, add the following lines: Save and close the named.conf.options file. This file should be identical to ns1s named.conf.options file except it should be configured to listen on ns2s private IP address. We must allow the primary DNS server to transmit DNS zone data to the secondary server. Next, you will specify your DNS zones by configuring the named.conf.local file. Whenever you add a host to your environment (in the same datacenter), you will want to add it to DNS. Update the apt package on both DNS servers called ns1 and ns2 by entering the following command: Now install BIND using the following command: You must set BIND to IPv4 before proceeding, as our private networking uses IPv4 exclusively. The second column also indicates that these are NS records: Now add record A to the hosts that belong to this zone. We will discuss the method to configure the DNS server by opening a terminal and running a few commands: We can also configure the DNS through the terminal. In /etc/named.conf we are going to edit the first configuration file and configure how bind works. In this post, we will setup a private DNS environment consisting of primary and secondary servers running BIND (BIND9). You can start by performing a forward lookup. Sign up for Infrastructure as a Newsletter. Add the following lines to add ns1, ns2, host1, and host2 to your list of trusted clients, being sure to replace the example private IP addresses with those of your own servers: Now that you have your list of trusted DNS clients, you can edit the options block.