Setting up Bind9 as a forwarding DNS server

I recently installed bind9 on one of my raspberry pi’s to use as a dns server for my lan. Here’s my notes from the setup:

Installing BIND9

sudo apt install bind9 bind9utils bind9-doc

Configuring as a Forwarder

Configuration files for bind(9) are located in the /etc/bind directory. We can edit the named.conf.options file to configure our server as a forwarder.

// This is the local lan acl, configure to your subnet.
acl local-lan {
  localhost;
  192.168.1.0/24;
};

options {
  directory "/var/cache/bind";

  // If there is a firewall between you and nameservers you want
  // to talk to, you may need to fix the firewall to allow multiple
  // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

  // If your ISP provided one or more IP addresses for stable
  // nameservers, you probably want to use them as forwarders.
  // Uncomment the following block, and insert the addresses replacing
  // the all-0's placeholder.

  forwarders {
    1.1.1.1; // Cloudflare
    8.8.8.8; // Google
  };

  allow-query { local-lan; };

  //========================================================================
  // If BIND logs error messages about the root key being expired,
  // you will need to update your keys.  See https://www.isc.org/bind-keys
  //========================================================================
  dnssec-validation auto;

  auth-nxdomain no;    // conform to RFC1035
  listen-on-v6 { any; };

  // Additional config for our usage
  recursion yes;
  querylog yes; // Disable if you want, nice for debugging.
  version "not available"; // Disable for security
};

Adding our own Zones

For adding our own zones, we’ll add a separate file called zone.<domain> in this folder.

We’ll then add the domain to the /etc/bind/named.conf.local file so it’ll be served:

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "lan.example.com" {
    type master;
    file "/etc/bind/zone.lan.example.com";
};

Here’s the content of my /etc/bind/zone.lan.example.com file:

; BIND data file for us-ne-1 lan0
;
$TTL    604800
@       IN      SOA     lan.example.com. (
                     admin.example.com. ; Owner
                              4         ; Serial - increment after save
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;

@           IN      NS    lan.example.com.
@           IN      A     10.10.0.1 ; Address of this server
foo         IN      A     10.10.0.2 ; Add more records here!

Checking for errors

You can individually debug zonefiles by checking their config

named-checkzone lan.example.com /var/named/zone.lan.example.com

You can also start named in debug mode:

sudo -u bind named -d 1

Change Log

  • 2020-03-01 - Initial Revision

Found a typo or technical problem? file an issue!