I use debian as pure text operating system.
You have to install following packages:
apt install bind9 bind9utils bind9-doc dnsutils
Config the options:
nano /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
listen-on port 53 { 127.0.0.1; 192.168.1.1; };
listen-on-v6 port 53 { ::1; 1234:1234:1234:1235::1; };
allow-query { localhost; 192.168.1.0/24; 1234:1234:1234:1235::/64; };
allow-recursion { localhost; 192.168.1.0/24; 1234:1234:1234:1235::/64; };
allow-transfer { localhost; };
forwarders { 76.76.2.2; 76.76.10.2; 2606:1a40::2; 2606:1a40:1::2; };
recursion yes;
dnssec-validation auto;
};
Check the syntax:
named-checkconf
Restart named:
systemctl restart named
Configure the zones:
nano /etc/bind/named.conf.local
zone "local" IN {
type master;
file "/etc/bind/forward.local";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "/etc/bind/reverse.local";
allow-update { none; };
};
zone "5.3.2.1.4.3.2.1.4.3.2.1.4.3.2.1.ip6.arpa" IN {
type master;
file "/etc/bind/reverse6.local";
allow-update { none; };
}
Edit the zones for basic actions:
nano /etc/bind/forward.local
$TTL 604800
@ IN SOA test.local. root.test.local. (
11 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;DNS Server Records
@ IN NS test.local.
test IN A 192.168.1.1
test IN AAAA 1234:1234:1234:1235::1
;DNS Records
nano /etc/bind/reverse.local
$TTL 604800
@ IN SOA test.local. root.test.local. (
11 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;DNS Server Records
@ IN NS test.local.
test IN A 192.168.1.1
test IN AAAA 1234:1234:1234:1235::1
1 IN PTR test.local.
;DNS Records
nano /etc/bind/reverse6.local
$TTL 604800
@ IN SOA test.local. root.test.local. (
11 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;DNS Server Records
@ IN NS test.local.
test IN A 192.168.1.1
test IN AAAA 1234:1234:1234:1235::1
1 IN PTR test.local.
;DNS Records
Check the configuration and restart named:
named-checkzone local /etc/bind/forward.local
named-checkzone local /etc/bind/reverse.local
named-checkzone local /etc/bind/reverse6.local
systemctl restart named
I did’n changed the /etc/resolv.conf because the dns server is running on a second network card. In a system with a single card you have to edit and change:
nano /etc/resolv.conf
domain local
search local
nameserver 192.168.1.1
nameserver 1234:1234:1234:1235::1
The same. If you got a single network card you have to change your network card:
nano /etc/network/interfaces
iface enp3s0 inet static
....
dns-nameservers 192.168.1.1
.....
iface enp3s0 inet6 static
....
dns-nameservers 1234:1234:1234:1235::1
......
systemctl restart networking
If you got a dhcp running you have to change the configuration:
nano /etc/dhcp/dhcpd.conf
....
option domain-name-servers 192.168.1.1;
.....
nano /etc/dhcp/dhcpd6.conf
.....
option dhcp6.name-servers 1234:1234:1234:1235::1;
......
systemctl restart isc-dhcp-server.service
Test the dns service:
dig -t test test.local
;; Warning, ignoring invalid type test
; <<>> DiG 9.18.24-1-Debian <<>> -t test test.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4046
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 9b679c6c78d81e760100000065cff9b39f28506590c75054 (good)
;; QUESTION SECTION:
;test.local. IN A
;; ANSWER SECTION:
test.local. 604800 IN A 192.168.1.23
;; Query time: 0 msec
;; SERVER: 192.168.1.23#53(192.168.1.23) (UDP)
;; WHEN: Sat Feb 17 01:11:31 CET 2024
;; MSG SIZE rcvd: 83
dig -x 192.168.1.1
; <<>> DiG 9.18.24-1-Debian <<>> -x 192.168.1.23
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49926
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 3f05e7ec1ffed5a10100000065cff9dcf1eb5d5e8b94cea8 (good)
;; QUESTION SECTION:
;1.1.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
1.1.168.192.in-addr.arpa. 604800 IN PTR test.local.
;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1) (UDP)
;; WHEN: Sat Feb 17 01:12:12 CET 2024
;; MSG SIZE rcvd: 106
If everything is ok you can add more machines like in these examples:
nano /etc/bind/forward.local
;DNS Records
gamepc IN A 192.168.1.100
gamepc IN AAAA 1234:1234:1234:1235::100
tvpc IN A 192.168.1.101
tvpc IN AAAA 1234:1234:1234:1235::101
nano /etc/bind/reverse.local
;DNS Records
100 IN PTR gamepc.local.
101 IN PTR tvpc.local.
nano /etc/bind/reverse6.local
;DNS Records
0.0.1 IN PTR gamepc.local.
1.0.1 IN PTR tvpc.local.
MOST important! You have to rise the serial number in these files after each change!
systemctl restart named