Skip to main content

DNS Server Configuration on Linux

This article is a quick configuration manual of a Linux DNS server using bind. I believe thatbind do not need much introduction, but before you proceed with the installation and configuration of bind nameserver make sure that bind DNS server is exactly what you want. Default setup and execution of bind on Debian or Ubuntu may take around 200MB of RAM with no zones added to the config file. Unless you reduce the memory usage of a bind via various bind "options" config settings, be prepared to have some spare RAM available just for this service. This fact is even more important if you pay for your own VPS server.

Another DNS nameservers available on a Linux systems are NSD ( Name Server Daemon) or djbdns ( tinydns ). Both are lightweight alternatives to bind9 DNS server and have less RAM requirements. Apparently are even faster. 
In this article we will not go into details of what Domain Name Service ( DNS ) is nor how DNS works. Rather we simply concentrate in a simple configuration of a custom zone and config file for a given domain / host supporting www, mail services.

Sample scenario notes to help you ready this DNS bind howto:
·         nameserver IP address
·         sample domain / host:
·         authoritative nameservers for a zone: ( ) and ( )
·         www and mail services for will point to:
1. bind9 nameserver installation
Unless you prefer to install bind from a source code the installation is rather simple. On a Debian or Ubuntu Linux server you can install a bind nameserver with a following command:
apt-get install bind9 dnsutils
CentOS or Fedora alternative:
yum install bind dnsutils
dnsutils is not compulsory package to run bind webserver, but we will use a dig command which is part of this package as a testing tool of your bind configuration.
2. Creating a DNS zone file
At this stage we will need to create a new zone file for a domain Navigate to /etc/bind/ directory execute following sequence of commands to navigate to zones/master/
cd /etc/bind
mkdir -p zones/master
cd zones/master/
/etc/bind/zones/master directory will contain a zone file for a domain. If you prefer to use another directory to hold this file you are free to do so. The following zone file will hold a DNS record to assist a nameserver resolve a fully qualified domain name to an IP address. Create and save with a following content:
; BIND data file for
$TTL    3h
@       IN      SOA (
                          1        ; Serial
                          3h       ; Refresh after 3 hours
                          1h       ; Retry after 1 hour
                          1w       ; Expire after 1 week
                          1h )     ; Negative caching TTL of 1 day
@       IN      NS
@       IN      NS    IN      MX      10    IN      A
ns1                     IN      A
ns2                     IN      A
www                     IN      CNAME
mail                    IN      A
ftp                     IN      CNAME
Here is just a quick review of some lines from the above bind DNS zone file:
·         SOA Record: nameserver authoritative for a zone is and is an email address of a person responsible for this DNS zone.
·         NS Records: two nameservers for a zone are ns[1,2]
·         MX ( Mail Exchange): mail exachange record. Number 10 means a preference for discarting a records A : A simply means address inanother words in's zone a ns1 would ahve a A ( address )
·         CNAME Record ( Canonical Name record ): restart the query using the canonical name instead of the original name
3. address-to-name mappings
At this stage the bind DNS server can resolve an IP address mapped to a host. What we should do now is the teach our nameserver the other way around, which is, to resolve a host from an IP address. For this we are going to need yet another file and that isdb.192.168.0 with a following content:
; BIND reverse data file for
$TTL    604800      IN      SOA (
                          1         ; Serial
                          3h       ; Refresh after 3 hours
                          1h       ; Retry after 1 hour
                          1w       ; Expire after 1 week
                          1h )     ; Negative caching TTL of 1 day
;       IN      NS       IN      NS   IN      PTR
·         PTR: a NDS record used for a mapping of an IP address to a host name.
4. Updating a BIND Configuration File
At this point we should have two files ready:
·         /etc/bind/zones/master/
·         /etc/bind/zones/master/db.192.168.0
All we need to do now is to insert both zone file names into a bind's configuration file named.conf.local. To do that add following lines into this file:
zone "" {
       type master;
       file "/etc/bind/zones/master/";

zone "" {
       type master;
       file "/etc/bind/zones/master/db.192.168.0";
Last thing before we go ahead to check a configuration is to add and IP address af a stable DNS server to a named.conf.options file. This IP address is used in case that a local DNS server do not know the answer the a name resolution query. In IP address of a DNS server in many cases is provided by your Internet provider. Alternatively if you are google fan use or
Replace a following blog of text withing a named.conf.options file:
       // forwarders {
       // };
with new stable DNS server IP address
        forwarders {
5. Checking bind's zone files and configuration
Before we attempt to start a bind nameserver with a new zone and configuration here are some tools to check if we have not done some typo or misconfiguration.
To check a configuration files run a following command:
With this named-checkconf command the rule is: no news are good news. If no output had been produced your config files looks OK.
To check a DNS zone files we can use named-checkzone command:
named-checkzone /etc/bind/zones/master/
zone loaded serial 1
reverse zone file check:
named-checkzone /etc/bind/zones/master/db.192.168.0
zone loaded serial 2
6. Start / restart bind nameserver
At this point nothing can stop us to run bind9 dns server:
 /etc/init.d/bind9 start
Starting domain name service...: bind9.
Alternatively, if your bind server is already running use a following command to to assist you with its restart:
/etc/init.d/bind9 restart
Stopping domain name service...: bind9.
Starting domain name service...: bind9.
7. Testing a bind server configuration
A dig command from dnsutils package will become handy to help us to test a new configuration of bind nameserver.
dig command can be used from any PC which has a network access the your DNS server but preferably your should start your testing from a localhost. In our this case the IP address of our name server is First we will test host-to-IP resolution:
dig @

; <<>> DiG 9.6-ESV-R1 <<>> @
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60863
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;           IN      A

;; ANSWER SECTION:    10800   IN      CNAME        10800   IN      A

;; AUTHORITY SECTION:        10800   IN      NS        10800   IN      NS

;; ADDITIONAL SECTION:    10800   IN      A    10800   IN      A

;; Query time: 0 msec
;; WHEN: Thu Aug  5 18:50:48 2010
;; MSG SIZE  rcvd: 135
Next we test IP-to-host resolution:
dig @ -x

; <<>> DiG 9.6-ESV-R1 <<>> @ -x
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10810
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;     IN      PTR


;; AUTHORITY SECTION: 604800  IN      NS 604800  IN      NS

;; ADDITIONAL SECTION:    10800   IN      A    10800   IN      A

;; Query time: 0 msec
;; WHEN: Thu Aug  5 18:52:06 2010
;; MSG SIZE  rcvd: 140
Congratulations, you have just created and configured your own DNS zone using bind nameserver.


Popular posts from this blog

CentOS / Redhat : Configure CentOS as a Software Router with two interfaces

Linux can be easily configured to share an internet connection using iptables. All you need to have is, two network interface cards as follows: a) Your internal (LAN) network connected via eth0 with static ip address b) Your external WAN) network is connected via eth1 with static ip address  ( public IP provided by ISP ) Please note that interface eth1 may have public IP address or IP assigned by ISP. eth1 may be connected to a dedicated DSL / ADSL / WAN / Cable router: Step # 1: Enable Packet Forwarding Login as the root user. Open /etc/sysctl.conf file # vi /etc/sysctl.conf Add the following line to enable packet forwarding for IPv4: net.ipv4.conf.default.forwarding=1 Save and close the file. Restart networking: # service network restart Step # 2: Enable IP masquerading In Linux networking, Network Address Translation (NAT) or Network Masquerading (IP Masquerading) is a technique of transceivin

Virtual Box and Alt/Tab Keys

I use virtual box for all my testing activities. It comes too often that I have a virtual box VM window open & I want to switch to my host machine to see some stuff like tutorials etc.. If you press the alt+tab combination it just works inside the VM & doesn't switches to host machine. In these scenarios you can press the host key once ( not hold it ) & then whatever you press goes to host machine. So in general where host key is the default Right Ctrl, just press Right Ctrl once & now press the alt+tab & it will switch you out to host machine. This is really helpful when you have the VM windows open or you're working on seamless mode. Hope it help others too.

Set date and time in Linux

There are few ways to set the date and time on Linux command line. In order to do this, you must login as root and execute the following methods as follow: For you to remember the syntax, issue the command “date” first [root@linuxtechtips ~]# date Mon Aug 20 18:30:29 SGT 2012 Let say you want to change it to Sept 6, 2012, 3pm, just follow the pattern above [root@linuxtechtips ~]# date 090615002012 Thu Sep  6 15:00:00 SGT 2012 where as: 09 = month (September) 06 = day 15 = hour 00 = min 2012 = year Now it’s set, as simple as that: [root@linuxtechtips ~]# date Thu Sep  6 15:00:01 SGT 2012 Another example, you want it to change to 20th of December, 2012, 10:45pm [root@linuxtechtips ~]# date 122022452012 Thu Dec 20 22:45:00 SGT 2012 Viola!!! [root@linuxtechtips ~]# date Thu Dec 20 22:45:03 SGT 2012 Now if you want to challenge yourself, then you can use this as well: Using our example date above, use the date comman