Before starting the installation process we recommend you to update your package list.

sudo apt-get update

Installing Bind9


BIND (Berkeley Internet Name Domain) is an open reference implementation of the Domain Name System (DNS) protocol and provides a redistributable implementation of the major components of the Domain Name System.

You can install Bind9 with this command:

sudo apt-get install bind9 dnsutils

Configuring Bind for IPv4

You need to edit pre-configured 'named.conf.local' file.

sudo nano /etc/bind/named.conf.local

Now insert your zones info. For example we will use domain name 'dnstest.root.lu' and subnet 94.242.218.160/28 (94.242.218.162 as main IP of the server where we are configuring DNS).

zone "dnstest.root.lu" {
    type master;
    file "/etc/bind/zones/db.dnstest.root.lu";
};

zone "218.242.94.in-addr.arpa" {
    type master;
    file "/etc/bind/zones/db.94";
};

Press 'Ctrl+X' to save file and exit.

Now you need to edit the Bind options file:

sudo nano /etc/bind/named.conf.options

Modify the forwarders (the DNS server, where your own DNS will forward requests that it cannot resolve).

forwarders {
    8.8.8.8; # Google Public DNS IPv4 address
    8.8.4.4; # Google Public DNS IPv4 address
};

The next step is to add zone definition files.

sudo mkdir /etc/bind/zones
sudo nano /etc/bind/zones/db.dnstest.root.lu

Fill the definition file, where you will put addresses/names that your DNS server will resolve:

$TTL 604800
@ IN SOA ns.dnstest.root.lu. admin.dnstest.root.lu. (
    2 ; Serial
    604800 ; Refresh
    86400 ; Retry
    2419200 ; Expire
    604800 ) ; Negative Cache TTL
    
;dnsserver
@   IN NS ns.dnstest.root.lu.
@   IN A  94.242.218.162
ns  IN A  94.242.218.162

;clients
subdomain1 IN A  94.242.218.163
subdomain2 IN A  94.242.218.164
subdomain3 IN A  94.242.218.165

Create Reverse DNS zone file:

sudo nano /etc/bind/zones/db.94

Paste the following lines into the file

$TTL 604800
@ IN SOA ns.dnstest.root.lu. admin.dnstest.root.lu. (
    1 ; Serial
    604800 ; Refresh
    86400 ; Retry
    2419200 ; Expire
    604800 ) ; Negative Cache TTL
;
@   IN NS  ns.dnstest.root.lu.
162 IN PTR dnstest.root.lu.

163 IN PTR subdomain1.dnstest.root.lu.
164 IN PTR subdomain2.dnstest.root.lu.
165 IN PTR subdomain3.dnstest.root.lu.

Check BIND Configuration Syntax

named-checkconf

If your named configuration files have no syntax errors, you will return to your shell prompt without any error messages.

Now you need to restart Bind server:

sudo service bind9 restart

And check Bind status for errors:

service bind9 status
● bind9.service - BIND Domain Name Server
   Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
  Drop-In: /run/systemd/generator/bind9.service.d
           └─50-insserv.conf-$named.conf
   Active: active (running) since Sat 2016-04-23 21:00:17 CEST; 2min 52s ago

If output has any errors, then double check your bind config files at /etc/bind/zones/

Let's test your DNS server. First, we will modify the file resolv.conf:

sudo nano /etc/resolvconf/resolv.conf.d/head

Insert the following details into the file and save it.

search dnstest.root.lu
nameserver 94.242.218.162

Now run 'resolvconf' to generate a new resolv.conf file.

sudo resolvconf -u

And fanally, test your DNS server:

1. 'dnstest.root.lu' zone resolve:

dig @94.242.218.162 dnstest.root.lu
;; ANSWER SECTION:
dnstest.root.lu.	604800	IN	A	94.242.218.162

;; AUTHORITY SECTION:
dnstest.root.lu.	604800	IN	NS	ns.dnstest.root.lu.

;; ADDITIONAL SECTION:
ns.dnstest.root.lu.	604800	IN	A	94.242.218.162

1. IPv4 address reverse DNS:

dig @94.242.218.162 -x 94.242.218.162
;; ANSWER SECTION:
162.218.242.94.in-addr.arpa. 604800 IN  PTR     dnstest.root.lu.

;; AUTHORITY SECTION:
218.242.94.in-addr.arpa. 604800 IN      NS      ns.dnstest.root.lu.

If you get same results, then your DNS server is configured properly.


Configuring Bind for IPv6.


For example, you have IPv6 subnet 2a01:608:ffff:a02b::/64 allocated to your needs, and IPv6 address '2a01:608:ffff:a02b::2' was configured on your DNS server.

First, add google IPv6 public DNS servers as 'forwarders' in /etc/bind/named.conf.options

sudo nano /etc/bind/named.conf.options

'named.conf.options' must have next content:

options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        forwarders {
              8.8.8.8; # Google Public DNS IPv4 addresses
              8.8.4.4; # Google Public DNS IPv4 addresses
              2001:4860:4860::8888; # Google Public DNS IPv6 address
              2001:4860:4860::8844; # Google Public DNS IPv6 address
        };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};

Add next information into /etc/bind/zones/db.dnstest.root.lu:

sudo nano /etc/bind/zones/db.dnstest.root.lu
;dnsserver
@   IN AAAA 2a01:608:ffff:a02b::2
ns  IN AAAA 2a01:608:ffff:a02b::2

;clients
subdomain1 IN AAAA 2a01:608:ffff:a02b::3
subdomain2 IN AAAA 2a01:608:ffff:a02b::4
subdomain3 IN AAAA 2a01:608:ffff:a02b::5

For configuring reverse lookup first you need to declare the additional address range in '/etc/bind/named.conf.local'. Add the following text before the last line containing the include statement and has to remember that each hexadecimal block must be filled up with zeros to its nominal length of 4 characters:

sudo nano /etc/bind/named.conf.local
zone "b.2.0.a.f.f.f.f.8.0.6.0.1.0.a.2.ip6.arpa" {
	type master;
	notify no;
	file "/etc/bind/zones/db.b.2.0.a.f.f.f.f.8.0.6.0.1.0.a.2.ip6.arpa";
};

Next, create the new file '/etc/bind/zones/db.b.2.0.a.f.f.f.f.8.0.6.0.1.0.a.2.ip6.arpa'.

sudo nano /etc/bind/zones/db.b.2.0.a.f.f.f.f.8.0.6.0.1.0.a.2.ip6.arpa

Fill it with the following content:

$ORIGIN b.2.0.a.f.f.f.f.8.0.6.0.1.0.a.2.ip6.arpa.
$TTL 1d
@  IN  SOA  dnstest.root.lu. admin.dnstest.root.lu. (
        2014011501      ;Serial
        86400           ;Refresh
        7200            ;Retry
        2592000         ;Expire
        172800          ;Minimum TTL
)
   IN  NS  ns.dnstest.root.lu.

; 2a01:608:ffff:a02b::/64
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0  IN  PTR  ns.dnstest.root.lu.

3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0  IN  PTR  subdomain1.dnstest.root.lu.
4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0  IN  PTR  subdomain2.dnstest.root.lu.
5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0  IN  PTR  subdomain3.dnstest.root.lu.

For PTR record you need to indicate only the host IP address, without the subnet.
For example, the DNS server's IPv6 address (2a01:608:ffff:a02b::2) contains subnet '2a01:608:ffff:a02b' and host IP '2'. The host IP was expanded to '0000:0000:0000:0002' and written in reverse, with dots between characters.

Don't forget to restart service Bind and check it's status.

sudo service bind9 restart
service bind9 status
● bind9.service - BIND Domain Name Server
   Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
  Drop-In: /run/systemd/generator/bind9.service.d
           └─50-insserv.conf-$named.conf
   Active: active (running) since Sat 2016-04-23 23:38:16 CEST; 2min 31s ago

So Bind restarted with no errors. Now you can check the IPv6 DNS/rDNS resolve.

1. 'dnstest.root.lu' zone resolve:

dig @94.242.218.162 dnstest.root.lu
;; ANSWER SECTION:
dnstest.root.lu.        604800  IN      A       94.242.218.162

;; AUTHORITY SECTION:
dnstest.root.lu.        604800  IN      NS      ns.dnstest.root.lu.

;; ADDITIONAL SECTION:
ns.dnstest.root.lu.     604800  IN      A       94.242.218.162
ns.dnstest.root.lu.     604800  IN      AAAA    2a01:608:ffff:a02b::2

3. IPv6 address reverse DNS:

dig @94.242.218.162 -x 2a01:608:ffff:a02b::2
;; ANSWER SECTION:
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.2.0.a.f.f.f.f.8.0.6.0.1.0.a.2.ip6.arpa. 86400 IN PTR ns.dnstest.root.lu.

;; AUTHORITY SECTION:
b.2.0.a.f.f.f.f.8.0.6.0.1.0.a.2.ip6.arpa. 86400 IN NS ns.dnstest.root.lu.
Your DNS server is now ready to use!