How To: DNS with BIND9 on Debian – Part 1/2

Part 2 now available

This two part tutorial will guide you in creating a DNS caching server as well as configuring some simple DNS zones for your private network. Part 1 will focus on setting up a simple caching nameserver with BIND. Part 2 will go into Zones and how to configure them.

The instructions in this guide should be compatible with Ubuntu 10+ as well as Debian 6 and 7.

This tutorial presumes you have basic knowledge of how DNS works as well as basic knowledge on how to navigate the Linux terminal (editing documents, moving around within the file system etc.).

As most of you know, DNS is the system that is used to convert hostnames (google.com) to an IP address (173.194.32.32). Most business and home networks use their ISPs DNS servers for resolving hostnames. For the most part this is acceptable, but the name resolving process can be sped up by including a caching name server in your personal network infrastructure. In addition, you can create your own DNS zone(s) to create and handle hostnames in your own network.

Firstly, let’s take a look at what caching does. When you type in a hostname in your browser, you will send a request to a DNS server to find the matching IP address of that domain. Once the IP address is returned, you can then proceed to the website.

In the event the DNS server does not have the answer it must ask other DNS servers or even the root name servers for the IP address. This process takes some time. Therefore, to reduce the load on the root name servers and to speed up response times most DNS servers will retain requests which have been asked in the past. This technique is called caching. When another request comes in for a domain that has previously been resolved the DNS server will have it available in its cache and can return an answer instantly.

Normally, in a home or small business network you will be using an offsite DNS service, more than likely from your ISP. All requests will be sent to your ISP and you will then get an answer in reply. Hopefully the ISP has the request in its own cache so that the response time is as fast as possible. However, having a caching DNS server on your own network will improve DNS performance dramatically. It will work in the same way as your ISPs DNS server, but it will be local and readily available – and fast!

Best of all, a simple caching name server is quick and easy to setup provided you have some spare hardware or capacity available for another virtual machine.

Settings up a caching DNS server
Prerequisites: Installed, updated and setup Debian with a static IP

1. install BIND9 and DNS utilities

apt-get install bind9 dnsutils

Once the packages are installed all we have to do to setup the caching server is to tell BIND which DNS server it can use if it doesn’t know the answer. These are called DNS forwarders. A good choice are your current DNS servers, the ones provided by your ISP for example. So when your caching DNS server doesn’t know the answer it will ask these forwarding servers. Usually leveraging their large cache for a fast response.

2. Open the following file:

/etc/bind/named.conf.options

Edit the file as shown below. Remove the // to un-comment the block concerning forwarders and replace the zeroed out IP addresses with the address of your ISP DNS servers. You can have as many forwarders as you like. Remember to save the file.

options {
directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk.  See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

forwarders {
000.00.00.000;
000.00.00.00;
};

3. Restart BIND9

/etc/init.d/bind9 restart

4. It’s also worthwhile changing the default DNS to 127.0.0.1 (Its self) in Debian. Just comment out your current nameservers in case you want to use them again.
Open:

/etc/resolv.conf
domain mydomain.local
search mydomain.local
nameserver 127.0.0.1
#nameserver 111.11.11.111

5. restart networking

/etc/init.d/networking restart

6. Test your DNS.
Start by typing the following command:
dig google.com
You should get an output similar to this (Note, the “Query Time”):

;; Query time: 238 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar 17 12:23:07 2013
;; MSG SIZE rcvd: 488

Now run it one more time:

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar 17 12:23:38 2013
;; MSG SIZE rcvd: 488

The Query time went from 238ms to 0ms. That’s because the previous request is now cached locally in BIND.

Caching is now setup and this server is ready to handle queries from clients. Just change your clients DNS address to the address of the Debian server with BIND to take advantage of your new DNS server. The server can be optimized further and also be further secured, however that is outside the scope of this post.

The next post in this series will cover how to create your own DNS Zone which can be used either in a small business or at home. The advantage to having your own DNS zone is that you can have hostnames within your local LAN. Instead of typing 111.11.11.111 to connect to a local PC you can just type – server.mine.com or server1.mine.com.

Jack.

Part 2 now available

Comments

  1. sohrab says

    I am iranian and i can’t good speak English but VERY VERY VERY VERY VERY VERY VERY Tank you

    Good Luck My frind….!

Trackbacks

Leave a Reply

Your email address will not be published. Required fields are marked *