DNS server installation
The DNS [Domain Name System] is a key component of a network infrastructure. It allows you to use NAMES instead of IP addresses.
Contents
Introduction
A quick DNS overview is available here: DNS server split principle#Simple DNS zone
Setup
apt-get install bind9 dnsutils bind9-doc
DNS server configuration
You need to configure the OVERRALL behavior of the DNS server.
- What are the external DNS?
- Enable DNSSEC?
- IP v6 support?
Set the external DNS
This is the list of DNS your server will use to populate its own cache.
The external DNS can either be your ISP's DNS or Google's servers.
!! Mind the order !! First DNS have a higher priority.
Edit configuration file:
vim /etc/bind/named.conf.options
Uncomment and adjust the file content
[...]
forwarders {
# Your ISP DNS IP’s
182.176.39.23;
182.176.18.13;
# Google's DNS
8.8.8.8;
8.8.4.4;
};
[...]
Disable DNS SEC
DNS is one of the most vulnerable protocols. Therefore the next generation called "DNS-SEC" is being implemented right now.
But... enabling DNS SEC can lead to security error and forward blocking if you don't have a proper certificate.
I don't have enough time to setup the correct certificate so I disabled DNS-SEC.
Edit configuration file:
vim /etc/bind/named.conf.options
Disable the DNS-SEC options:
dnssec-enable no;
dnssec-validation no;
Disable IPv6 DNS requests
You can still be listening on your local IPv6 interface, however if your router is not IPv6 compatible you should disable IPv6 requests. If you do not disable IPv6 requests then you'll see the following errors in your /var/log/syslog:
error (network unreachable) resolving './DNSKEY/IN': 2001:: ...
Edit the configuration file:
vim /etc/default/bind9
Add / update the options:
OPTIONS="-4"
That means if the host is capable of IPv4 then IPv4 should be preferred.
DNS server logs
Logs are in /var/log/syslog