Introduction
This is an article for further step on configuring DNS service in Linux Ubuntu 18.04 exist as the main content. In order to configure DNS Service properly, read the article with the title of ‘How to Install DNS Service in Linux Ubuntu 18.04’ in this link. There are several steps for configuring DNS Service according to a specific needs. That need is for configuring BIND (Berkeley Internet Name Domain) to be a master DNS server locally. There are several steps for configuring DNS service. Those steps are :
1. Adding Access Control List Configuration.
2. Adding Global Server Configuration Options.
3. Adding DNS Server Zone Statements.
4. Adding Forward and Reverse Zone Files.
5. Restart the BIND service and Perform test.
Adding Access Control List Configuration
The first step is configuring the Access Control List. It is very useful to control which hosts that can access the nameserver by defining it in the block inside the following file. It exist in a file with the name of ‘named.conf.options. The file exists in ‘/etc/bind/’. So, the full path of the file is ‘/etc/bind/named.conf.options. Just add the following lines into the file :
acl "trusted" {
127.0.0.1/32;
};
In order to define an ACL, just add it in the acl block. Add the above ACL block before the option block. So, the content will exist as in the following snippet code :
acl "trusted" {
127.0.0.1/32;
};
options {
directory "/var/cache/bind";
...
The above ACL definition only permit access from local to the nameserver. The example is just to permit access from localhost or ‘127.0.0.1’ only to the nameserver.
Adding Global Server Configuration Options
After successfully adding ACL entry, add the following lines to the option block to define global server configuration. Define those global server configuration in the block options. So, below is the full entry of the block options :
options {
directory "/var/cache/bind";
dnssec-validation auto;
auth-nxdomain no;
allow-recursion { localhost; allowed; };
listen-on port 53 { localhost; };
allow-query { localhost; allowed; };
allow-transfer { none; };
forwarders {
127.0.0.1;
8.8.8.8;
};
listen-on-v6 { none; };
recursion yes;
};
The options statement above is allowing to define global server configuration options. Set defaults for other statements. Most important, it is specifying the location of the named working directory and also the types of queries allowed. For further information about the other statements in the option block, please check the BIND documentation for each of the entry parameter configuration options. Don’t forget to save the configuration file and check for syntax errors by executing the following command :
named-checkconf /etc/bind/named.conf.options
If there is not output, then the syntax is correct.
Adding DNS Server Zone Statements
First of all, in order to create a forward and reverse zone files in the next step in detail, just add the zone statement. The zone statement itself is useful for defining the characteristics of a zone. A zone will have a location of its configuration file and also specific options about the zone itself. The following is how to define the forward and reverse Zone statements by editing a file in /etc/bind/named.conf.local :
# Zone statement for forward DNS lookup
zone "localhost.net" IN {
type master;
file "localhost.net.zone";
};
# Zone statement for reverse DNS lookup
zone "0.0.127.in-addr.arpa" IN {
type master;
file "rev-localhost.net.zone";
};
Adding Forward Zone File
After defining the zone statements, the next step is to create each file representing that zone definition. A zone file is an actual text file that has a specific function to describe a DNS zone. It contains mappings between domain names and IP addresses and also other DNS resource records (RR). There are two zones in the definition, so there will be two files according to represent each of the zone. The first one is the forward zone and the file representing it is a forward zone file. It has a specific fungtion to translate hostnames into IP addresses. The second one is the reverse zone file where it will define the reverse process of the forward zone. It is responsible to resolve IP addresses into hostnames. The following is the content of the forward zone file :
$TTL 86400
@ IN SOA ns1.localhost.net. root.localhost.com. (
2019061401 ; serial
7200 ; refresh after 2 hours
3600 ; retry after 1 hour
604800 ; expire after 1 week
86400 ) ; minimum TTL of 1 day
;
; Define Primary nameserver
IN NS 127.0.0.1
;
; Define A records (forward lookups)
app IN A 127.0.0.1
db IN A 127.0.0.1
test IN A 127.0.0.1
The above is just an example, change the entry of ‘ns1′,’app’,’db’ and also ‘test’ to have a different domain names. Another entry which is possible for modification is the IP Address for resolving the domain name. Change ‘127.0.0.1’ depends on the IP Address of the target machine. In the example above, the target IP Address is in ‘127.0.0.1’ which is the local machine. Don’t forget to check the syntax configuration of the forward zone file by executing the following command :
root@hostname# named-checkzone localhost.net.zone /var/cache/bind/localhost.net.zone zone localhost.net.zone/IN: loaded serial 2018050600 OK root@hostname#
According to the output above, the syntax of the forward zone is correct. Continue further to the next step.
Adding Reverse Zone File
After successfully add the forward zone file, don’t forget to add the reverse zone file. The following is a reverse zone file with the name of ‘rev-localhost.net.zone’. Place the file in the directory of BIND configuration which is in ‘/var/cache/bind/’. Below is the content of the reverse zone file :
$TTL 86400
@ IN SOA ns1.localhost.net. root.localhost.net. (
2019061401 ; serial
7200 ; refresh after 2 hours
3600 ; retry after 1 hour
604800 ; expire after 1 week
86400 ) ; minimum TTL of 1 day
;
; Primary nameserver
IN NS ns1.localhost.net.
;
; PTR records for reverse lookup
5 IN PTR app.localhost.net.
100 IN PTR db.localhost.net.
150 IN PTR test.localhost.net.
After creating the reverse zone files, don’t forget run the command below to check for syntax errors.
root@hostname# named-checkzone rev-localhost.net.zone /var/cache/bind/rev-localhost.net.zone zone rev-localhost.net.zone/IN: loaded serial 2019061401 OK root@hostname#
Restart the BIND service and Perform test.
After confirming that there are no configuration errors on all of the zone configuration files, continue on restarting and enabling the DNS service on the machine. Execute the following command :
root@hostname# systemctl restart bind9 root@hostname#
systemctl enable bind9
Sometime, the machine do not allow the access to the service because there is a firewall blocking the port by default. The solution is simple, if the firewall normally ‘ufw’ is running, just add the following command to allow access or qurey to DNS service :
ufw allow Bind9
Finally, perform a test to start query a domain name as the one available in the definition previously. For an example, do a query to resolve the domain name of ‘test.localhost.net’. Depends on the entry definition on the forward and reverse zone file, choose the appropriate domain name for testing. Execute the following command :
dig test.localhost.net
The output will appear as follows :
root@hostname# dig test.localhost.net ; <<>> DiG 9.11.3-1ubuntu1.8-Ubuntu <<>> test.localhost.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19012 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;test.localhost.net. IN A ;; ANSWER SECTION: test.localhost.net. 86400 IN A 127.0.0.1 ;; Query time: 23 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Fri Aug 30 23:21:03 WIB 2019 ;; MSG SIZE rcvd: 63 root@hostname#
The output appear and point out the IP Address for the domain name correctly. It means, all of the steps above is a success for binging up the DNS service locally to serve request as a domain name resolver.