Setting up internal DNS on Ubuntu Server 12.04 LTS

In the past I’ve never really bothered with internal DNS at home, I simply add host records to my servers/laptops and workstations as and when I need too by updating the hosts file but now that I have just finished my new loft conversion and have moved my entire office up there, I’ve dedicated some time in my busy schedule to implement some internal network changes and have decided that I’ll automate internal host resolution so I’ve decided to install BIND on my home Ubuntu 12.04 LTS server, as an avid fan of PowerDNS I would have used that but due to the need to ‘forward’ un-resolved queries I’ve had to use BIND.

So my simple guide here is to help anyone else get started by creating their own local DNS server which will also forward un-resolved requests to public DNS servers to enable transparent external DNS lookups too.

The software we are going to use for the DNS server is ISC BIND (version 9), we can install this simply from the terminal of your server like so:-

apt-get install bind9

Now that BIND is installed we are going to edit /etc/bind/named.conf options and configure BIND to cache requests and forward unresolved queries.

nano /etc/bind/named.conf.options

Ensure that the file is updated (remove the comments from the ‘forwarders’ section and add your external DNS servers), in the below example I’m using Google’s public DNS servers (8.8.8.8 and 8.8.4.4):

forwarders {
 8.8.8.8;
 8.8.4.4;
};

On your server (I assume you have configured a static IP address) edit /etc/network/interfaces and we’ll add these three settings:-

dns-nameservers 127.0.0.1
dns-search home.local
dns-domain home.local

This will ensure that your server now queries itself first before checking the external DNS servers (8.8.8.8 and 8.8.4.4) and by using dns-search and dns-domain options this means that instead of typing say ‘server1.home.local‘ in a browser or when using ping etc you can actually just type ‘server1‘ and this will resolve automatically also!

Now we for the changes to take effect we need to restart the network interface, so to do this run the following command:-

nohup sh -c "ifdown eth0 && ifup eth0"

So now the next thing that we need to do is to create the actual zone file for our local domain (of which in this example is ‘home.local‘), we’ll do so like so:-

nano /etc/bind/named.conf.local

Add a zone for our local domain like so:-

zone "home.local" IN {
 type master;
 file "/etc/bind/zones/home.local.db";
};

and so we can also do reverse lookups too, we’ll also add a reverse lookup zone too:-

zone "0.168.192.in-addr.arpa" {
 type master;
 file "/etc/bind/zones/rev.0.168.192.in-addr.arpa";
}

Now we create the actual the zone database file for our ‘home.local‘ local domain, we’ll do this like so:-

mkdir /etc/bind/zones
nano /etc/bind/zones/home.local.db

Now add the following content into the file (obviously replace the hostnames/IP address with your own personal setup etc.):-

; Use semicolons to add comments.
; Host-to-IP Address DNS Pointers for home.local
; Note: The extra "." at the end of the domain names are important.
; The following parameters set when DNS records will expire, etc.
; Importantly, the serial number must always be iterated upward to prevent
; undesirable consequences. A good format to use is YYYYMMDDII where
; the II index is in case you make more that one change in the same day.
$ORIGIN .
$TTL 86400 ; 1 day
home.local. IN SOA server1.home.local. hostmaster.home.local. (
 2013091901 ; serial
 8H ; refresh
 4H ; retry
 4W ; expire
 1D ; minimum
)

; NS indicates that 'server1' is a/the nameserver on home.local
; MX indicates that 'mail-server' is the mail server on home.local
home.local. IN NS server1.home.local.
home.local. IN MX 10 mail-server.home.local.

$ORIGIN home.local.

; Set the address for localhost.home.local
localhost IN A 127.0.0.1

; Set the hostnames in alphabetical order
print-srv IN A 192.168.0.9
router IN A 192.168.0.1
server2 IN A 192.168.0.5
server1 IN A 192.168.0.2
xbox IN A 192.168.0.3
mail-server IN A 192.168.0.11

Great, now save the file and we will now create the ‘reverse’ DNS zone file (IP-Host name resolution), so now we’ll create a new file like so:-

nano /etc/bind/zones/rev.0.168.192.in-addr.arpa

and now add the following content, again, replace IP addresses and host names with your own!

; IP Address-to-Host DNS Pointers for the 192.168.0 subnet
@ IN SOA server1.home.local. hostmaster.home.local. (
 2013091901 ; serial
 8H ; refresh
 4H ; retry
 4W ; expire
 1D ; minimum
)
; define the authoritative name server
 IN NS server1.home.local.
; our hosts, in numeric order
1 IN PTR router.home.local.
2 IN PTR server1.home.local.
3 IN PTR xbox.home.local.
5 IN PTR server2.home.local.
9 IN PTR print-srv.home.local.
11 IN PTR mail-server.home.local.

Fantastic! – we’re nearly there, now we simply need to restart the BIND daemon for the changes to take effect, we do this like so:

service bind9 restart

Great, our server should now be able to resolve both external (forwarded DNS) queries and our new local DNS records, so lets do some testing:-

host ping.sunet.se

The response received should look as follows:-

ping.sunet.se has address 192.36.125.18
ping.sunet.se has IPv6 address 2001:6b0:7::18

Thats great, now lets do a reverse lookup on all our internal machines like so:-

host -l home.local

You should now see a full list of the host’s (‘A’ records) that we had previously set-up and so one final test – lets test out a reverse lookup, lets execute:-

host 192.168.0.1

The response should have been:

1.0.168.192.in-addr.arpa domain name pointer server1.home.local.

Super stuff!! – That’s it, there you have your own internal DNS server which supports query caching and forward lookups… enjoy!

A few things to be aware of/concious about:-

  • Always remember to increment the ‘serial’ when updating the zone files.
  • Ideally you should ensure that your router/firewall is not allowing public access to your DNS server (TCP port 53) on your internal DNS server as otherwise you DNS server will be available to everyone on the internet which obviously isn’t ideal/a security risk in this instance seems as its been set-up for local network DNS queries.
  • In this set-up we configured the server to use itself for DNS lookup, this also needs to be set-up on the other clients on your network, If you have a DHCP server you should specify your DNS server’s IP in its settings, as well as the search domain. If you don’t have a DHCP server in your network you should configure these manually for the network card/interface.

I hope you found this guide useful!

3 replies on “Setting up internal DNS on Ubuntu Server 12.04 LTS”