I recently installed bind9 on one of my raspberry pi’s to use as a dns server for my lan. Here’s my notes from the setup:
Installing BIND9
sudo apt install bind9 bind9utils bind9-doc
Configuring as a Forwarder
Configuration files for bind(9) are located in the /etc/bind
directory. We can edit the named.conf.options
file to configure our server as a forwarder.
// This is the local lan acl, configure to your subnet.
acl local-lan {
localhost;
192.168.1.0/24;
};
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
1.1.1.1; // Cloudflare
8.8.8.8; // Google
};
allow-query { local-lan; };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; // conform to RFC1035
listen-on-v6 { any; };
// Additional config for our usage
recursion yes;
querylog yes; // Disable if you want, nice for debugging.
version "not available"; // Disable for security
};
Adding our own Zones
For adding our own zones, we’ll add a separate file called zone.<domain>
in this folder.
We’ll then add the domain to the /etc/bind/named.conf.local
file so it’ll be served:
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "lan.example.com" {
type master;
file "/etc/bind/zone.lan.example.com";
};
Here’s the content of my /etc/bind/zone.lan.example.com
file:
; BIND data file for us-ne-1 lan0
;
$TTL 604800
@ IN SOA lan.example.com. (
admin.example.com. ; Owner
4 ; Serial - increment after save
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS lan.example.com.
@ IN A 10.10.0.1 ; Address of this server
foo IN A 10.10.0.2 ; Add more records here!
Checking for errors
You can individually debug zonefiles by checking their config
named-checkzone lan.example.com /var/named/zone.lan.example.com
You can also start named
in debug mode:
sudo -u bind named -d 1