- The DNS server handles the translation of IP addresses to domain names.
Thanks to this, I can for example reach my nas server: 172.16.20.20 with nas.it.fr
- Rather than remembering an IP address, we remember a name.
Danger (Please don't use the root account)
If you configure your server directly as root, don’t forget to remove sudo from each command.
If you set a password for the root account, the sudo command won’t be accepted.
Connect directly as root to execute commands.
You can also reinstall your system leaving the root password empty during installation.
sudo will install and work properly.
ℹ️ Here is the configuration for this tutorial:
| DNS Server IP | Network Mask | Machine name (hostname) | Domain name |
|---|---|---|---|
| 172.16.10.10 | 255.255.0.0 | dns | it.fr |
These 4 fields should be replaced throughout the tutorial with your own (matching your configuration).
Name the machine
sudo nano /etc/hostnamedns- Here we name the machine
dns
Ensure the server’s IP address is STATIC
ip a1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:cd:01:1a brd ff:ff:ff:ff:ff:ff altname enp11s0 inet 172.16.10.10/16 brd 172.16.255.255 scope global ens192 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fecd:11a/64 scope link valid_lft forever preferred_lft foreverip adisplays the network configuration of the interfaces connected to the machine.
My interface ens192 has the IP address and mask 172.16.10.10/16
If you fixed the machine’s address when installing (manual network configuration), skip to the next step.
sudo nano /etc/network/interfaces# This file describes the network interfaces available on your system# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interfaceauto loiface lo inet loopback
# The primary network interfaceallow-hotplug ens192iface ens192 inet staticaddress 172.16.10.10netmask 255.255.0.0gateway 172.16.1.1Edit the host file
sudo nano /etc/hosts172.16.10.10 dns.it.fr dns127.0.0.1 dnsIP_SERVEUR_DNS HOSTNAME.DOMAINE HOSTNAME
Edit the resolv.conf file
sudo nano /etc/resolv.confdomain it.frsearch it.frnameserver 172.16.10.10Danger
It is necessary to restart the machine:
sudo rebootAfter restarting the machine, proceed to the next step.
Install bind9
sudo apt update && sudo apt install bind9 dnsutils-
sudo apt updatewill update the list of packages based on thesources.listfile -
sudo apt install bind9 dnsutilsinstalls bind9 to manage DNS zones.
Copy and rename the configuration template
sudo cp /etc/bind/db.local /etc/bind/db.it.frThe cp command allows us to copy db.local (the default configuration file for bind9), and rename it to a new file db.it.fr
Edit the DNS zone configuration file
Tip
To save time, we’ll directly replace the “localhost” fields with “it.fr” (our domain), in the configuration file.
- To do this, we use the
sedutility:
sudo sed 'i/localhost/it.fr/g' db.it.fr- Verify your configuration:
;; BIND data file for local loopback interface;$TTL 604800@ IN SOA it.fr. root.it.fr. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL;@ IN NS localhost.@ IN A 172.16.10.10@ IN AAAA ::1dns IN A 172.16.10.10client IN A 172.16.20.20The A record named client allows us to reach 172.16.20.20 with client.it.fr
| Hostname | IN | Type | IP Address |
|---|---|---|---|
| nas | IN | A | 172.16.30.30 |
;; BIND data file for local loopback interface;$TTL 604800@ IN SOA it.fr. root.it.fr. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL;@ IN NS localhost.@ IN A 172.16.10.10@ IN AAAA ::1dns IN A 172.16.10.10client IN A 172.16.20.20nas IN A 172.16.30.30Here is a description of the main types of DNS records:
| A | AAAA | CNAME | MX | TXT | NS | SOA | SRV | PTR |
|---|---|---|---|---|---|---|---|---|
| Associates a hostname with an IPv4 address (32 bits) | Associates a hostname with an IPv6 address (128 bits) | Transfers a domain or a subdomain to another domain, does not provide an IP address | Directs mail to a mail server | Can be used to register notes. It is often used for mail security. | Stores the DNS server for an entry | Stores administrative information for a domain | Specifies a port for specific services | Provides a domain name in reverse searches. The inverse resolution (the opposite of type A). |
📝 Edit the named.conf file
It is necessary to specify the path of the configuration files for the DNS zones:
sudo nano /etc/bind/named.conf.local//// Do any local configuration here//
// Consider adding the 1918 zones here, if they are not used in your// organization//include "/etc/bind/zones.rfc1918";
zone "it.fr" { type master; file "/etc/bind/db.it.fr"; allow-query { any; };};zone "10.16.172.in-addr.arpa" { type master; file "/etc/bind/db.it.fr.inv";};-
Line 9
zone "MON_DOMAIN" -
Line 11
file "/etc/bind/db.MON_DOMAIN"; -
Line 14 Reverse address:
zone "3_PREMIERS_OCTETS_ADDRESSE_RESEAU.in-addr.arpa"
Example: If my network address is: 192.168.1.0/24 reversed: 1.168.192
- Line 16
file "/etc/bind/db.MON_DOMAIN.inv";
📝 Edit the named.conf.options file
We will now configure the file that manages query redirection options:
sudo nano /etc/bind/named.conf.optionsoptions { directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder.
forwarders { 172.16.10.10; 1.1.1.1; };
//======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035 version none; forward only; // listen-on-v6 { any; };};-
Line 13, the
forwardersoption defines the DNS servers.
I therefore enter the IP address of my DNS server. -
It’s also thanks to this that network machines can access the WAN,
by specifying a public DNS (cloudflare: 1.1.1.1orgoogle: 8.8.8.8etc).