Create a DNS server on Debian

The DNS server handles the translation of IP addresses to domain names.

Thanks to this, I can for example reach my nas server: 172.16.20.20 with nas.it.fr

Rather than remembering an IP address, we remember a name.

An issue with sudo?

Please don’t use the root account
If you configure your server directly as root, don’t forget to remove sudo from each command.
If you set a password for the root account, the sudo command won’t be accepted. Connect directly as root to execute commands.
You can also reinstall your system leaving the root password empty during installation.
sudo will install and work properly.

ℹ️ Here is the configuration for this tutorial:

DNS Server IP	Network Mask	Machine name (hostname)	Domain name
172.16.10.10	255.255.0.0	dns	it.fr

These 4 fields should be replaced throughout the tutorial with your own (matching your configuration).

Name the machine#

sudo nano /etc/hostname

dns

Here we name the machine dns

Ensure the server’s IP address is STATIC#

ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:cd:01:1a brd ff:ff:ff:ff:ff:ff
    altname enp11s0
    inet 172.16.10.10/16 brd 172.16.255.255 scope global ens192
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fecd:11a/64 scope link
       valid_lft forever preferred_lft forever

ip a displays the network configuration of the interfaces connected to the machine.

My interface ens192 has the IP address and mask 172.16.10.10/16

If you fixed the machine’s address when installing (manual network configuration), skip to the next step.

Pass the IP address of the interface to static

sudo nano /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug ens192
iface ens192 inet static
address 172.16.10.10
netmask 255.255.0.0
gateway 172.16.1.1

Edit the host file#

sudo nano /etc/hosts

172.16.10.10  dns.it.fr  dns
127.0.0.1 dns

IP_SERVEUR_DNS HOSTNAME.DOMAINE HOSTNAME

Edit the resolv.conf file#

sudo nano /etc/resolv.conf

domain it.fr
search it.fr
nameserver 172.16.10.10

CAUTION
It is necessary to restart the machine:
Terminal window
sudo reboot

After restarting the machine, proceed to the next step.

Install bind9#

sudo apt update  &&  sudo apt install bind9 dnsutils

sudo apt update will update the list of packages based on the sources.list file
sudo apt install bind9 dnsutils installs bind9 to manage DNS zones.

Copy and rename the configuration template#

sudo cp /etc/bind/db.local /etc/bind/db.it.fr

The cp command allows us to copy db.local (the default configuration file for bind9), and rename it to a new file db.it.fr

Edit the DNS zone configuration file#

TIP
To save time, we’ll directly replace the “localhost” fields with “it.fr” (our domain), in the configuration file.

To do this, we use the sed utility:

sudo sed 'i/localhost/it.fr/g' db.it.fr

Verify your configuration:

;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     it.fr. root.it.fr. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      localhost.
@       IN      A       172.16.10.10
@       IN      AAAA       ::1
dns       IN       A       172.16.10.10
client       IN       A       172.16.20.20

The A record named client allows us to reach 172.16.20.20 with client.it.fr

Add a DNS record

Hostname	IN	Type	IP Address
nas	IN	A	172.16.30.30

;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     it.fr. root.it.fr. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      localhost.
@       IN      A       172.16.10.10
@       IN      AAAA       ::1
dns       IN       A       172.16.10.10
client       IN       A       172.16.20.20
nas       IN       A       172.16.30.30

Here is a description of the main types of DNS records:

A	AAAA	CNAME	MX	TXT	NS	SOA	SRV	PTR
Associates a hostname with an IPv4 address (32 bits)	Associates a hostname with an IPv6 address (128 bits)	Transfers a domain or a subdomain to another domain, does not provide an IP address	Directs mail to a mail server	Can be used to register notes. It is often used for mail security.	Stores the DNS server for an entry	Stores administrative information for a domain	Specifies a port for specific services	Provides a domain name in reverse searches. The inverse resolution (the opposite of type A).

Complete list

📝 Edit the named.conf file#

It is necessary to specify the path of the configuration files for the DNS zones:

sudo nano /etc/bind/named.conf.local

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "it.fr" {
        type master;
        file "/etc/bind/db.it.fr";
        allow-query { any; };
};
zone "10.16.172.in-addr.arpa" {
        type master;
        file "/etc/bind/db.it.fr.inv";
};

Line 9 zone "MON_DOMAIN"
Line 11 file "/etc/bind/db.MON_DOMAIN";
Line 14 Reverse address: zone "3_PREMIERS_OCTETS_ADDRESSE_RESEAU.in-addr.arpa"

Example: If my network address is: 192.168.1.0/24 reversed: 1.168.192

Line 16 file "/etc/bind/db.MON_DOMAIN.inv";

📝 Edit the named.conf.options file#

We will now configure the file that manages query redirection options:

sudo nano /etc/bind/named.conf.options

options {
  directory "/var/cache/bind";

  // If there is a firewall between you and nameservers you want
  // to talk to, you may need to fix the firewall to allow multiple
  // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

  // If your ISP provided one or more IP addresses for stable
  // nameservers, you probably want to use them as forwarders.
  // Uncomment the following block, and insert the addresses replacing
  // the all-0's placeholder.

   forwarders {
     172.16.10.10;
     1.1.1.1;
   };

  //========================================================================
  // If BIND logs error messages about the root key being expired,
  // you will need to update your keys.  See https://www.isc.org/bind-keys
  //========================================================================
  dnssec-validation auto;

  auth-nxdomain no;    # conform to RFC1035
  version none;
          forward only;
  // listen-on-v6 { any; };
};

Line 13, the forwarders option defines the DNS servers.
I therefore enter the IP address of my DNS server.
It’s also thanks to this that network machines can access the WAN,
by specifying a public DNS (cloudflare: 1.1.1.1 or google: 8.8.8.8 etc).