Logo
Create a DNS server on Debian
Overview
Create a DNS server on Debian

Create a DNS server on Debian

October 20, 2021
January 12, 2025
6 min read
dns bind9
Available in:
🇫🇷 Français
  • The DNS server handles the translation of IP addresses to domain names.

Thanks to this, I can for example reach my nas server: 172.16.20.20 with nas.it.fr

  • Rather than remembering an IP address, we remember a name.
An issue with sudo?
Danger (Please don't use the root account)

If you configure your server directly as root, don’t forget to remove sudo from each command.
If you set a password for the root account, the sudo command won’t be accepted. Connect directly as root to execute commands.
You can also reinstall your system leaving the root password empty during installation.
sudo will install and work properly.

ℹ️ Here is the configuration for this tutorial:

DNS Server IPNetwork MaskMachine name (hostname)Domain name
172.16.10.10255.255.0.0dnsit.fr

These 4 fields should be replaced throughout the tutorial with your own (matching your configuration).

Name the machine

Terminal window
sudo nano /etc/hostname
dns
  • Here we name the machine dns

Ensure the server’s IP address is STATIC

Terminal window
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:cd:01:1a brd ff:ff:ff:ff:ff:ff
    altname enp11s0
    inet 172.16.10.10/16 brd 172.16.255.255 scope global ens192
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fecd:11a/64 scope link
       valid_lft forever preferred_lft forever
  • ip a displays the network configuration of the interfaces connected to the machine.

My interface ens192 has the IP address and mask 172.16.10.10/16

If you fixed the machine’s address when installing (manual network configuration), skip to the next step.

Pass the IP address of the interface to static
sudo nano /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).


source /etc/network/interfaces.d/*


# The loopback network interface
auto lo
iface lo inet loopback


# The primary network interface
allow-hotplug ens192
iface ens192 inet static
address 172.16.10.10
netmask 255.255.0.0
gateway 172.16.1.1

Edit the host file

Terminal window
sudo nano /etc/hosts
172.16.10.10  dns.it.fr  dns
127.0.0.1 dns

IP_SERVEUR_DNS HOSTNAME.DOMAINE HOSTNAME

Edit the resolv.conf file

Terminal window
sudo nano /etc/resolv.conf
domain it.fr
search it.fr
nameserver 172.16.10.10
Danger

It is necessary to restart the machine:

Terminal window
sudo reboot

After restarting the machine, proceed to the next step.

Install bind9

Terminal window
sudo apt update  &&  sudo apt install bind9 dnsutils

  • sudo apt update will update the list of packages based on the sources.list file

  • sudo apt install bind9 dnsutils installs bind9 to manage DNS zones.

Copy and rename the configuration template

Terminal window
sudo cp /etc/bind/db.local /etc/bind/db.it.fr

The cp command allows us to copy db.local (the default configuration file for bind9), and rename it to a new file db.it.fr

Edit the DNS zone configuration file

Tip

To save time, we’ll directly replace the “localhost” fields with “it.fr” (our domain), in the configuration file.

  • To do this, we use the sed utility:
Terminal window
sudo sed 'i/localhost/it.fr/g' db.it.fr
  • Verify your configuration:
;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     it.fr. root.it.fr. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      localhost.
@       IN      A       172.16.10.10
@       IN      AAAA       ::1
dns       IN       A       172.16.10.10
client       IN       A       172.16.20.20

The A record named client allows us to reach 172.16.20.20 with client.it.fr

Add a DNS record
HostnameINTypeIP Address
nasINA172.16.30.30
;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     it.fr. root.it.fr. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      localhost.
@       IN      A       172.16.10.10
@       IN      AAAA       ::1
dns       IN       A       172.16.10.10
client       IN       A       172.16.20.20
nas       IN       A       172.16.30.30

Here is a description of the main types of DNS records:

AAAAACNAMEMXTXTNSSOASRVPTR
Associates a hostname with an IPv4 address (32 bits)Associates a hostname with an IPv6 address (128 bits)Transfers a domain or a subdomain to another domain, does not provide an IP addressDirects mail to a mail serverCan be used to register notes. It is often used for mail security.Stores the DNS server for an entryStores administrative information for a domainSpecifies a port for specific servicesProvides a domain name in reverse searches. The inverse resolution (the opposite of type A).

Complete list

đź“ť Edit the named.conf file

It is necessary to specify the path of the configuration files for the DNS zones:

Terminal window
sudo nano /etc/bind/named.conf.local
//
// Do any local configuration here
//


// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";


zone "it.fr" {
        type master;
        file "/etc/bind/db.it.fr";
        allow-query { any; };
};
zone "10.16.172.in-addr.arpa" {
        type master;
        file "/etc/bind/db.it.fr.inv";
};

  • Line 9 zone "MON_DOMAIN"

  • Line 11 file "/etc/bind/db.MON_DOMAIN";

  • Line 14 Reverse address: zone "3_PREMIERS_OCTETS_ADDRESSE_RESEAU.in-addr.arpa"

Example: If my network address is: 192.168.1.0/24 reversed: 1.168.192

  • Line 16 file "/etc/bind/db.MON_DOMAIN.inv";

đź“ť Edit the named.conf.options file

We will now configure the file that manages query redirection options:

Terminal window
sudo nano /etc/bind/named.conf.options
options {
  directory "/var/cache/bind";


  // If there is a firewall between you and nameservers you want
  // to talk to, you may need to fix the firewall to allow multiple
  // ports to talk.  See http://www.kb.cert.org/vuls/id/800113


  // If your ISP provided one or more IP addresses for stable
  // nameservers, you probably want to use them as forwarders.
  // Uncomment the following block, and insert the addresses replacing
  // the all-0's placeholder.


   forwarders {
     172.16.10.10;
     1.1.1.1;
   };


  //========================================================================
  // If BIND logs error messages about the root key being expired,
  // you will need to update your keys.  See https://www.isc.org/bind-keys
  //========================================================================
  dnssec-validation auto;


  auth-nxdomain no;    # conform to RFC1035
  version none;
          forward only;
  // listen-on-v6 { any; };
};

  • Line 13, the forwarders option defines the DNS servers.
    I therefore enter the IP address of my DNS server.

  • It’s also thanks to this that network machines can access the WAN,
    by specifying a public DNS (cloudflare: 1.1.1.1 or google: 8.8.8.8 etc).