How to Set up a DNS Server on a Linux VPS using BIND?

Managing server infrastructure often hinges on having a reliable way to map domain names to IP addresses. This is where the flexibility and control of the Domain Name System comes into play. By utilizing fully qualified domain names instead of raw IP addresses throughout their infrastructure, organizations can simplify service configurations, enhance readability for all involved, and improve long-term maintainability across their entire networks.

For environments maintaining multiple servers, establishing your own internal DNS can drastically streamline how you administer hostnames and IP addresses while bringing scalability and organization to complex systems. Let's examine the process of setting up an internal DNS server on a Linux VPS using BIND, the versatile and powerful Berkeley Internet Name Domain software.

With BIND managing domain resolutions and private IP mappings from a central location, infrastructure managers gain a scalable solution for mapping names to addresses as needs evolve and expand. This centralized DNS control allows networking environments to develop in an orderly, documented fashion while maintaining performance as user bases and workloads increase in scope.

BIND, an acronym for Berkeley Internet Name Domain, stands as the gold standard in DNS servers, renowned for its versatility and open-source nature. Originally created at the University of California, Berkeley, BIND is now maintained by the Internet Systems Consortium (ISC), which continues to release and support the robust BIND 9 software. While a BIND 10 project once existed, its development ceased in 2014, evolving into the now-dormant Bundy DNS server project.

Widely used across the internet, BIND 9 powers the majority of DNS servers, making it an essential tool in *nix-based environments. It not only supports key technologies like DNSSEC, TSIG (transaction signatures), and IPv6 but also excels in critical tasks like forwarding, caching, and zone management.

So, whether you're maintaining internal networks or public-facing domains, BIND’s scalability and reliability ensure it’s the preferred choice for Linux administrators and IT professionals alike.

Prerequisites for Setting Up a DNS Server

Before starting, ensure the following are ready:

1. A Linux VPS: Preferably running Ubuntu 20.04 or CentOS 8.

2. Root or Sudo Access: You'll need administrative privileges.

3. A Domain Name: Either registered or one you're testing with.

4. Basic Command Line Skills: in navigating the Linux terminal is key.

With these in place, you're all set to start building your DNS server.

DNS works like a global address book, connecting users to the right servers. Type a website URL; your device then sends a DNS query to find the IP address where your target website is located. Here’s the process step by step:

1. Recursive Lookup: If your local DNS server does not know the answer, it asks for higher-level DNS servers, starting from the root name servers.

2. Caching: DNS servers store query results for a short period to reduce lookup times and improve speed.

3. Authoritative Servers: These are the final stop, hosting official DNS records for domains.

By configuring your own DNS server, you’ll become part of this ecosystem, improving your network's efficiency and security.

Step 1: Update the System

Make sure that your server is updated with the latest version of the software prior to installing any new software. Open your terminal and simply run the command below to update the package list and apply the updates:

sudo apt update && sudo apt upgrade -y

It ensures all the package versions on your system are up to date to prevent conflicts while running the installation.

Step 2: Install BIND

Once the system is updated, proceed to install BIND and its utilities. The installation command depends on your Linux distribution. For example, on Ubuntu or Debian-based systems, use:

sudo apt install bind9 bind9utils bind9-doc

If you are on CentOS or other Red Hat-based distribution, you can use this command:

sudo yum install bind bind-utils

This command will download and install the BIND server along with essential tools for managing DNS configurations.

Step 1: Understanding Local Files

There are some important config files that BIND depends on to figure out how it should behave:

• /etc/bind/named.conf: The main configuration file.

• Zone files: Store DNS records for specific domains (e.g., /var/named/db.example.com).

• /etc/bind/named.conf.options: Configures server-wide options, like recursion and forwarders.

Familiarizing yourself with these files is essential before diving into configurations.

Step 2: Setting Up Local Files

If you are setting up DNS for domain, then you have to create the zone file. For example, create a zone file for example.com at /var/named/db.example.com:

$TTL 86400
@ IN SOA ns1.example.com. admin.example.com. (
       2025012601 ; Serial
       3600       ; Refresh
       1800       ; Retry
       604800     ; Expire
       86400 )    ; Minimum TTL

@ IN NS ns1.example.com.
@ IN A 192.168.1.1
ns1 IN A 192.168.1.1
                    

This file defines DNS records — the name server (NS) and IP address (A record).

Step 3: Editing Named.conf Options

To enable recursion and set up forwarding to public DNS resolvers, edit /etc/bind/named.conf.options:

                        options {
    directory "/var/cache/bind";
    recursion yes;
    allow-query { any; };
    forwarders {
        8.8.8.8; // Google Public DNS
        8.8.4.4;
    };
};
                    

Step 4: Configuring DNS Records

Next, edit the /etc/bind/named.conf.local file to define your domain’s zone:

                        zone "example.com" {
    type master;
    file "/var/named/db.example.com";
};
                    

This informs BIND where to find the zone file you created earlier.

Step 5: Restart BIND Service

Once your configuration is complete, restart the BIND service to apply the changes:

sudo systemctl restart bind9

To ensure it runs at startup, enable the service:

sudo systemctl enable bind9

• Using Dig or Nslookup

  
  

  Verify that your DNS server is functioning properly using tools like dig or nslookup. For example, to test your domain, run:

  
  

  dig @localhost example.com

  
  

  This command queries your local DNS server for the specified domain.

• Using Online Tools like DNS lookup

  
  

  You can also use external services like MXToolbox to check the accuracy of your DNS configuration. These tools provide a convenient way to test from an external perspective.

  
  

  With these steps, your BIND DNS server should now be up and running!

• - Errors in Zone Files

  
  

  Ensure zone files are correctly formatted. Use this command to validate:

  
  

  named-checkzone example.com /var/named/db.example.com

• - Firewall Blocking DNS Traffic

  
  

  Ensure port 53 (TCP/UDP) is open:

  
  

  sudo ufw allow 53

• - Logs for Debugging

  
  

  Check logs for errors:

  
  

  sudo tail -f /var/log/syslog

After you have a DNS server, you can now refer servers and services by their meaningful domain names instead of a cumbersome IP address. This reduces the need for configuration files, bringing more intuitiveness and less room for error.

Should you need to update a server or service, you can do so in one centralized location, your primary DNS server, eliminating the hassle of modifying multiple configuration files across your network.

As you implement and rely on your DNS setup, it’s crucial to ensure proper maintenance to avoid potential disruptions. A secondary DNS server serves as a redundancy measure that helps make sure your DNS will work regardless of whether or not your primary server goes down. Of course, regular backups of your DNS settings help you restore quickly from unforeseen cases of failures or misconfigurations.