From charlesreid1

This page contains instructions for setting up a DNS server in Linux.

DNS: defined in RFC 1034 and RFC 1035

Also see Man in the Middle/DNS

DNS Server

DNS stands for domain name system - it turns IP addresses into human-readable host names.

DNS is useful for the wider internet, obviously, but is also useful on a small network. DNS is useful for more than a handful of networked computers.


On Debian, use bind9 (BIND = Berkeley Internet Name Domain). This is the most popular name server around. Once you install it, Debian should boot it up for you and configure the daemon.

First, install it:

$ apt-get install bind9

Check that it is running:

$ systemctl status bind9
● bind9.service - BIND Domain Name Server
   Loaded: loaded (/lib/systemd/system/bind9.service; disabled)
  Drop-In: /run/systemd/generator/bind9.service.d
   Active: active (running) since Mon 2016-03-14 15:00:06 PDT; 18s ago
     Docs: man:named(8)
 Main PID: 16356 (named)
   CGroup: /system.slice/bind9.service
           └─16356 /usr/sbin/named -f -u bind

Mar 14 15:00:06 basilisk named[16356]: automatic empty zone: 8.B.D.
Mar 14 15:00:06 basilisk named[16356]: command channel listening on
Mar 14 15:00:06 basilisk named[16356]: couldn't add command channel ::1#953: address not available
Mar 14 15:00:06 basilisk named[16356]: managed-keys-zone: loaded serial 0
Mar 14 15:00:06 basilisk named[16356]: zone loaded serial 1
Mar 14 15:00:06 basilisk named[16356]: zone loaded serial 1
Mar 14 15:00:06 basilisk named[16356]: zone loaded serial 1
Mar 14 15:00:06 basilisk named[16356]: zone localhost/IN: loaded serial 2
Mar 14 15:00:06 basilisk named[16356]: all zones loaded
Mar 14 15:00:06 basilisk named[16356]: running

Until the DNS server is configured, it won't be doing anything for us.

Configuring DNS

The configuration file for BIND is located in /etc/bind/named.conf.

If the file has text in it already, back it up and clear it out. Now what we'll do is include two additional configuration files, to make our lives easier:

include "/etc/bind/named.conf.options"
include "/etc/bind/named.conf.local"

Note that we can put those files wherever we want, and create our own layout of configuration files.

Configure DNS Forwarding

Start by setting up your DNS server to forward DNS requests that it can't handle to another (public) DNS server. Start by editing the BIND configuration options:

$ vim /etc/bind/named.conf.options

Edit this file and add the following contents:

options {
    forwarders {;;

What we are doing here is to create instructions for where to forward DNS requests, if it cannot find what it is looking for. (Note that this is usually done by default, but doing it this way allows us to specify which DNS servers to use.) These two ( or are both name servers from Google.

Local DNS Configuration

Now we can set up the DNS configuration for the local network and its subnets. Start by editing the file:

$ vim /etc/bind/named.conf.local

Add the following contents to that file:

zone "local.lan" IN {
    type master; file "/etc/bind/net.local.lan";

zone "" {
    type master; notify no; file "etc/bind/revp.10.10.96";

zone "" {
    type master; notify no; file "etc/bind/revp.10.10.97";

zone "" {
    type master; notify no; file "etc/bind/revp.10.10.98";

zone "" {
    type master; notify no; file "etc/bind/revp.10.10.99";

Here is an explanation of the pieces:

  • The first line defines our local domain name. We picked the very boring name of "local.lan"
  • This block calls out another file, "/etc/bind/net.local.lan"
  • The remaining four blocks create configurations for reverse lookups on the four subnets we are creating. If you only have one subnet on your network, you will only include one block for the one subnet.
  • Each subnet has its own reverse-lookup file where we can configure things. Each file is stored in /etc/bind.

DNS Records

Now let's look at the actual DNS records (in the reverse-lookup files listed in the code above).

Starting with /etc/bind/net.local.lan:

; dns zone for for local.lan network


@ IN SOA local.lan. administrator.local.lan. (

201507261 ; serial

8H ; refresh
4H ; retry
4W ; expire
1D ) ; minimum
@ IN NS hermes.local.lan.
ceres           IN      A
euphoria        IN      A
galaxy          IN      A
hermes          IN      A
puppet      CNAME galaxy
; end dns zone for for local.lan network

Going through this line by line:

  • TTL is time to live, set to 1 day - this is how long DNS records are cached (important with multiple DNS servers or dynamic IP addresses)
  • SOA is start of authority, which defines which comptuer has DNS authority on this local network. The administrator.local.lan is an email address.
  • 201507261 is the serial number. if you change a zone file in bind, you should change this serial number. It is the first thing the daemon reads and it is how the daemon knows if the DNS records have been changed. Always increment the serial number by 1 if you change the file.
  • The refresh/retry/expire/maximum settings dictate how often other (non-master) DNS servers will be told to check for updates (H = hours, W = weeks, D = days). Normally there are no non-master DNS servers, so this won't do anything. But if you do add more DNS servers, you'll have to set this stuff.
  • @ IN NS hermes.local.lan identifies the name server. The name "hermes" is an arbitrary name for the local computer running the DNS server.
  • galaxy IN A - there are four sample address records given in the file above. The records map the listed domain name ("galaxy") to a particular host IP address. If someone looks for galaxy.local.lan the DNS server will resolve it to the IP address The letter "A" indicates the type of CNAME record.

Subnet Configuration

The last remaining task is to configure each subnet using the subnet configuration files specified above.

As an example, the subnet would have the following configuration file:

@ IN SOA hermes.local.lan. administrator.local.lan. (
201507261 ; serial
28800 ; refresh (8 hours)
14400 ; retry (4 hours)
2419200 ; expire (4 weeks)
86400 ; minimum (1 day)
@ NS hermes.local.lan.
1    PTR    hermes.local.lan.
3    PTR    nagios.local.lan.
4    PTR    galaxy.local.lan.

A few things to note about this file:

  • As before, we set the time to live, and the SOA (start of authority)
  • This file also has a serial number - like before, change the serial number any time you change the file.
  • The name records that are listed (1, 3, and 4) are pointers to particular IP addresses. In this case, we only identify the last octet of the IP address, since the remaining 10.10.96 portion is already set.
  • Each subnet should have its own configuration file that looks like the above

Restart Bind Service

$ systemctl restart bind9

Test DNS Server

Test your DNS server using the dig utility. Dig stands for Domain Information Groper. It can request information from a DNS server.

Try it with an internal host name:

$ dig nagios.local.lan

Your DNS server should come up under SERVER in the output - this will ensure the DNS is functioning properly. If not, verify that your config file is correct, that your serial number was incremented, and whether you have restarted BIND since your last configuration change.

Use these as a working skeleton to set up a working DNS server. Change hostnames, IP addresses, and subnets to match your case.


See the Template:LinuxNetworkingFlag for more related pages.