6.11 Установка DNS-сервера на примере BIND9

TheHost DNS BIND Banner EN

BIND9 is a powerful and widely used DNS server software. It allows you to manage domain names and their resolution to IP addresses, which is a key element of the Internet.

Installing and configuring a DNS server is also a mandatory part of binding your virtual server to our NS, in order to manage domain records directly on the server while still using our NS even without a control panel. More details about the process itself in the instructions, about the setup requirements in the second paragraph of this article.

Step-by-step instructions using Ubuntu 22 as an example

In this guide, we will look at the process of installing and basic configuration of BIND9 on a clean Ubuntu 22 server. Also relevant for Ubuntu 16, Ubuntu 18, Ubuntu 20 and Ubuntu 24.

The installation will require root access.

Updating system and service installation

Update your system:

sudo apt update && sudo apt upgrade -y

Install BIND9 and the necessary utilities:

sudo apt install bind9 bind9utils bind9-doc -y

Then make sure that the BIND9 service is running:

sudo systemctl status bind9

If the service is not running, start it:

sudo systemctl start bind9

Setting up a firewall

Open port 53 for DNS queries:

UFW example
sudo ufw allow 53/tcp
sudo ufw allow 53/udp
Iptables example
iptables -I INPUT -p tcp -m tcp --dport 53 -j ACCEPT
iptables -I INPUT -p udp -m tcp --dport 53 -j ACCEPT

Please note: the process of opening ports may differ depending on the firewall you are using. Ports may also be closed by your service provider (ours are open).

Restarting the service

Restart BIND9:

sudo systemctl restart bind9

Make sure the service is working correctly by checking the status:

sudo systemctl status bind9

Setting up the zone configuration

Open the main configuration file:

sudo nano /etc/bind/named.conf.local

Add a zone block specifying your domain and the path to the zone file:

zone "example.com" {
type master;
file "/etc/bind/zones/db.example.com";
};

Explanation:

  • "example.com" – your domain name.
  • type master specifies that the server is the master for this zone.
  • file specifies the path to the file where the zone information is stored.

Create a directory for zone files (if it does not exist):

sudo mkdir -p /etc/bind/zones

Create a zone file:

sudo nano /etc/bind/zones/db.example.com

And fill it with the following:

$TTL 604800
@ IN SOA ns1.thehost.ua. admin.example.com. (
2024101001 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL

; Name servers
@ IN NS ns1.thehost.ua.
@ IN NS ns2.thehost.net.
@ IN NS ns3.thehost.biz.
@ IN NS ns4.thehost.pro.

; A records
example.com. IN A 192.0.2.1
www IN A 192.0.2.2

Replace example.com., 192.0.2.1, and 192.0.2.2 with your domain and IP addresses. If you do not use our NS on the server, also change their list and ns1.thehost.ua. in the SOA record.

Advice: if necessary, you can immediately fill the zone file with other DNS records using instructions.

Configuration check

Check the configuration syntax:

sudo named-checkconf

Check the zones:

sudo named-checkzone example.com /etc/bind/zones/db.example.com
sudo named-checkzone 2.0.192.in-addr.arpa /etc/bind/zones/db.192.0.2

The system will notify you if there are errors in the configuration.

Reverse zone (PTR record) setup

Attention: the section on PTR setup is NOT RELEVANT for any of our services and is for educational purposes only. If your service is hosted with us, PTR management is performed according to instructions.

The reverse zone is used to convert IP addresses to domain names (PTR records). This is useful for working with systems that need to verify the reverse correspondence (for example, mail servers).

In the /etc/bind/named.conf.local file, add the block:

zone "2.0.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/db.192.0.2";
};

Create a reverse zone file:

sudo nano /etc/bind/zones/db.192.0.2

Fill it in with:

$TTL 604800
@ IN SOA ns1.example.com. admin.example.com. (
2024101001 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL

; Name servers
@ IN NS ns1.example.com.

; PTR records
0 IN PTR ns1.example.com.
1 IN PTR www.example.com.

Replace www.example.com. and ns1.example.com. with the values you need.

Final testing

Check domain name resolution:

dig @192.0.2.1 example.com

Check the PTR record:

dig @192.0.2.1 -x 192.0.2.1

Binding to our NS on VPS

Having a working DNS server on your virtual server allows you to bind and synchronize its work with our NS.

To perform the binding, the DNS server must meet the following conditions:

  • Our nameservers. To perform the binding, the domain must have our nameservers specified in the corresponding configuration files.
  • Allow-transfer directive. The allow-transfer directive in the configuration files in the /etc/bind/named.conf.options file (and in the zone files) must NOT be specified. Or, as a last resort, it must be specified as follows:
allow-transfer {
91.223.180.14;
46.4.57.177;
176.111.63.45;
94.130.133.155;
2a0c:f00::1:14;
2a01:4f8:140:14c8::7;
2a01:4f8:13b:365b::155;
};

Which is not recommended due to the unlikely but possible change of the list of IP addresses of our NS.

  • Binding in the VM-Cloud panel. If the above conditions are met and the BIND service is working successfully, you still need to perform the binding algorithm described in the following article.

After performing the algorithm of actions described in the article, the virtual server control panel will be able to pull up-to-date domain records made locally on your VPS and broadcast them to our NS. In the panel itself, a successfully parked domain will look like this:

Binding to NS, VM-CLOUD