Ever wondered how to run your own DNS server? Setting up a DNS server might sound intimidating, but it's actually quite straightforward once you understand the basics. Whether you're managing a small network or learning for educational purposes, running your own DNS server gives you more control over your network's name resolution.

In this topic on DNS server, we'll walk through setting up BIND (Berkeley Internet Name Domain), the most widely used DNS server software on the internet. We'll cover everything from installation to basic configuration in simple terms.

1. Introduction to DNS Server Software

BIND9

BIND (Berkeley Internet Name Domain) is the most popular DNS server software in the world. It's open-source, free to use, and powers a significant portion of the internet's DNS infrastructure. BIND is known for its robustness, security features, and extensive documentation.

Pros:

• Extremely stable and reliable
• Well-documented with years of community support
• Highly configurable for complex setups
• Supports DNSSEC for enhanced security

Cons:

• Can be complex for beginners
• Resource-intensive compared to lighter alternatives
• Requires careful configuration for security

PowerDNS

PowerDNS is a modern alternative to BIND that focuses on performance and ease of use. It supports multiple backends (database storage options) and has a reputation for being easier to configure than BIND.

Windows DNS

Microsoft's DNS Server is built into Windows Server editions. It integrates seamlessly with Active Directory and is commonly used in enterprise Windows environments.

Unbound

Unbound is a validating, recursive, and caching DNS resolver designed to be fast and lean. It's particularly good for recursive DNS resolution.

For this tutorial, we'll focus on BIND9 on Linux since it's the most universal option and teaches fundamental DNS concepts that apply to all DNS servers.

2. Understanding DNS Server Roles

Before installing, it's important to understand the different roles a DNS server can play:

Authoritative DNS Server

• Provides definitive answers for specific domains
• Hosts zone files with actual DNS records
• Responds to queries about domains it's responsible for

Recursive DNS Server

• Resolves queries on behalf of clients
• Performs the full DNS lookup process
• Caches results to improve performance

Forwarding DNS Server

• Forwards queries to other DNS servers
• Doesn't perform full recursive lookups itself
• Acts as an intermediary

Most BIND installations serve as both authoritative and recursive servers.

3. Prerequisites and System Preparation

System Requirements

• Linux server (Ubuntu/Debian, CentOS/RHEL, or similar)
• At least 1GB RAM (2GB recommended)
• Static IP address assigned
• Root or sudo access
• Basic understanding of Linux command line

Network Considerations

• Ensure your server has a static IP address
• Open firewall ports for DNS (TCP/UDP 53)
• Plan your domain names and IP address mappings

Security Precautions

• Keep your system updated
• Configure firewall rules appropriately
• Use non-root user accounts when possible
• Plan for regular backups of configuration files

4. Installing BIND on Linux

We'll use Ubuntu/Debian for this example, but the process is similar on other distributions.

Package Installation

First, update your package list and install BIND:

sudo apt update
sudo apt install bind9 bind9utils bind9-doc dnsutils

This installs several packages:

• bind9: The main DNS server software
• bind9utils: Helpful utilities like dig and nslookup
• bind9-doc: Documentation (optional but useful)
• dnsutils: Additional DNS tools

Service Configuration

Check if BIND is running:

sudo systemctl status bind9

Start it if needed:

sudo systemctl start bind9

Enable at startup:

sudo systemctl enable bind9

File Locations

BIND stores its configuration in /etc/bind/:

• /etc/bind/named.conf
• /etc/bind/named.conf.options
• /etc/bind/named.conf.local
• /etc/bind/zones/
• /etc/bind/named.conf.default-zones

5. Configuring the Main BIND Files

named.conf

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

Options Block

options {
    directory "/var/cache/bind";

    recursion yes;
    allow-recursion { 127.0.0.1; 192.168.1.0/24; };
    
    listen-on port 53 { 127.0.0.1; 192.168.1.100; };
    listen-on-v6 { none; };
    
    forwarders {
        8.8.8.8;
        8.8.4.4;
        1.1.1.1;
    };
    
    dnssec-validation auto;
    auth-nxdomain no;
    
    max-cache-size 256m;
    max-cache-ttl 3600;
    max-ncache-ttl 1800;
};

Logging Setup

logging {
    channel querylog {
        file "/var/log/named/query.log" versions 3 size 5m;
        severity info;
        print-time yes;
        print-category yes;
    };
    category queries { querylog; };
    
    channel security_log {
        file "/var/log/named/security.log" versions 3 size 5m;
        severity info;
        print-time yes;
        print-category yes;
    };
    category security { security_log; };
};

Create log directory:

sudo mkdir /var/log/named
sudo chown bind:bind /var/log/named

6. Creating DNS Zones

DNS zones store your DNS records.

Forward Zone

Define zones in /etc/bind/named.conf.local:

zone "example.com" {
    type master;
    file "/etc/bind/zones/db.example.com";
};

zone "subdomain.example.com" {
    type master;
    file "/etc/bind/zones/db.subdomain.example.com";
};

Create directory:

sudo mkdir /etc/bind/zones

Create zone file /etc/bind/zones/db.example.com:

$TTL    86400
@       IN      SOA     ns1.example.com. admin.example.com. (
                              2023121001
                              3600
                              1800
                              604800
                              86400 )
;
@       IN      NS      ns1.example.com.
@       IN      NS      ns2.example.com.
@       IN      A       192.168.1.100
@       IN      MX      10 mail.example.com.
ns1     IN      A       192.168.1.100
ns2     IN      A       192.168.1.101
www     IN      A       192.168.1.100
mail    IN      A       192.168.1.102
ftp     IN      CNAME   www
blog    IN      CNAME   www
@       IN      TXT     "v=spf1 mx ip4:192.168.1.102 ~all"

Reverse Zone

Define reverse zone:

zone "1.168.192.in-addr.arpa" {
    type master;
    file "/etc/bind/zones/db.192.168.1";
};

Reverse zone file:

$TTL    86400
@       IN      SOA     ns1.example.com. admin.example.com. (
                              2023121001
                              3600
                              1800
                              604800
                              86400 )
;
@       IN      NS      ns1.example.com.
@       IN      NS      ns2.example.com.
100     IN      PTR     example.com.
100     IN      PTR     www.example.com.
102     IN      PTR     mail.example.com.

7. Advanced Zone File Concepts

Zone Structure

1. TTL Directive
2. SOA Record
3. NS Records
4. Resource Records

Special Symbols

• @ = current zone name
• IN = internet
• $TTL, $ORIGIN

Record Formatting

www.example.com.    IN    A    192.168.1.100
www                 IN    A    192.168.1.100
                    IN    A    192.168.1.100

8. Security Hardening

Access Controls

acl trusted {
    127.0.0.1;
    192.168.1.0/24;
};

options {
    allow-query { trusted; };
    allow-transfer { none; };
    allow-recursion { trusted; };
};

DNSSEC

options {
    dnssec-validation auto;
    dnssec-enable yes;
};

Hide Version

options {
    version "not disclosed";
};

9. Testing the DNS Server

Using dig

dig @127.0.0.1 example.com
dig @127.0.0.1 -x 192.168.1.100
dig @127.0.0.1 example.com MX
dig @127.0.0.1 google.com

Using nslookup

nslookup example.com 127.0.0.1

Checking Zone Files

sudo named-checkzone example.com /etc/bind/zones/db.example.com
sudo named-checkconf

Monitoring Stats

sudo rndc stats

10. Managing DNS Server Operations

Reloading

sudo rndc reload
sudo rndc reload example.com

View Zones

sudo rndc dumpdb -zones

Flush Cache

sudo rndc flush

11. Common Setup Mistakes & Fixes

Permission Issues

sudo chown root:bind /etc/bind/named.conf.local
sudo chmod 644 /etc/bind/named.conf.local

Firewall Blocking

sudo ufw allow 53

OR

sudo iptables -A INPUT -p udp --dport 53 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 53 -j ACCEPT

Serial Number Errors

The serial number in your SOA record must increase with each change. Use date-based numbering like YYYYMMDDNN (year-month-day-revision).

Zone File Syntax Errors

Common mistakes:

• Missing trailing dots on fully qualified domain names
• Incorrect indentation
• Missing semicolons
• Wrong record types

Always validate with named-checkzone after making changes.

Network Interface Issues

sudo netstat -tulnp | grep :53

12. Performance Tuning

Cache Settings

options {
    max-cache-size 256m;
    max-cache-ttl 3600;
    max-ncache-ttl 1800;
};

Rate Limiting

options {
    rate-limit {
        responses-per-second 5;
        window 10;
    };
};

13. Backup and Recovery

Manual Backup

sudo tar -czf bind-config-backup-$(date +%Y%m%d).tar.gz /etc/bind/

Automated Backup

0 2 * * * root tar -czf /backup/bind-config-$(date +\%Y\%m\%d).tar.gz /etc/bind/

14. Monitoring and Maintenance

Log Analysis

sudo tail -f /var/log/named/query.log

Health Checks

Monitor performance, CPU, memory.

Regular Updates

Always update system & BIND.

15. Summary & Key Takeaways

Setting up a DNS server is a valuable skill that gives you deeper insight into how the internet works.

1. Choose the Right Software
2. Plan Your Zones
3. Prioritize Security
4. Test Thoroughly
5. Maintain Regularly

Production servers require more planning such as redundancy, monitoring, and disaster recovery.