Setting up a DNS server in Linux requires installing BIND and editing zone files for your domain. If you’re wondering how to setup dns server in linux, this guide walks you through the entire process step by step.
DNS servers translate domain names into IP addresses, making the internet usable. Running your own DNS server gives you control, improves performance, and enhances security. BIND (Berkeley Internet Name Domain) is the most popular DNS software on Linux.
This article covers installation, configuration, testing, and troubleshooting. You’ll have a fully functional DNS server by the end.
Prerequisites For Setting Up A DNS Server
Before you start, make sure you have the following:
- A Linux server running Ubuntu 20.04, CentOS 8, or similar distribution
- Root or sudo access to the machine
- A static IP address configured on the server
- Basic knowledge of the command line
- A domain name you control (or a test domain)
If you don’t have a domain, you can use a fake one like example.local for testing. The process is the same.
How To Setup Dns Server In Linux
This section covers the complete setup from start to finish. Follow each step carefully.
Step 1: Update Your System
Always start with a system update. This ensures you have the latest packages and security patches.
On Ubuntu or Debian:
sudo apt update && sudo apt upgrade -yOn CentOS or RHEL:
sudo yum update -yStep 2: Install BIND
BIND is the standard DNS server software. Install it using your package manager.
On Ubuntu/Debian:
sudo apt install bind9 bind9utils bind9-doc -yOn CentOS/RHEL:
sudo yum install bind bind-utils -yOnce installed, check the version to confirm:
named -vStep 3: Configure BIND Options
The main configuration file is /etc/bind/named.conf on Ubuntu or /etc/named.conf on CentOS. This file controls global settings.
Open the file with your text editor:
sudo nano /etc/bind/named.confAdd or modify the options block. Here’s a basic example:
options {
directory "/var/cache/bind";
recursion yes;
allow-query { any; };
listen-on { any; };
forwarders {
8.8.8.8;
8.8.4.4;
};
dnssec-validation auto;
auth-nxdomain no;
listen-on-v6 { any; };
};- directory: Location of zone files
- recursion yes: Allows the server to query other DNS servers
- allow-query: Which clients can query (any means all)
- forwarders: Upstream DNS servers (Google’s here)
Save and close the file.
Step 4: Create Zone Files
Zone files define your domain’s DNS records. You need a forward zone and a reverse zone.
First, edit the named.conf.local file (Ubuntu) or add to named.conf (CentOS):
sudo nano /etc/bind/named.conf.localAdd these lines for your domain (replace example.local with your domain):
zone "example.local" {
type master;
file "/etc/bind/db.example.local";
};
zone "0.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.192";
};The reverse zone uses the network portion of your IP in reverse order. For 192.168.0.x, it’s 0.168.192.in-addr.arpa.
Now create the forward zone file:
sudo nano /etc/bind/db.example.localAdd this content:
$TTL 604800
@ IN SOA ns1.example.local. admin.example.local. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns1.example.local.
@ IN A 192.168.0.10
ns1 IN A 192.168.0.10
www IN A 192.168.0.20
mail IN A 192.168.0.30- $TTL: Time to live for records
- SOA: Start of Authority record
- NS: Nameserver record
- A: Address records mapping hostnames to IPs
Create the reverse zone file:
sudo nano /etc/bind/db.192Add this:
$TTL 604800
@ IN SOA ns1.example.local. admin.example.local. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns1.example.local.
10 IN PTR ns1.example.local.
20 IN PTR www.example.local.
30 IN PTR mail.example.local.The PTR records map IP addresses back to hostnames.
Step 5: Check Configuration For Errors
Always validate your configuration before restarting BIND. Use these commands:
sudo named-checkconfIf no output appears, the configuration is valid. Then check zone files:
sudo named-checkzone example.local /etc/bind/db.example.localsudo named-checkzone 0.168.192.in-addr.arpa /etc/bind/db.192You should see “OK” messages. If there are errors, fix them before proceeding.
Step 6: Start And Enable BIND
Now start the BIND service and enable it to run at boot:
sudo systemctl start namedsudo systemctl enable namedCheck the status to ensure it’s running:
sudo systemctl status namedYou should see “active (running)” in green.
Step 7: Configure Firewall
DNS uses port 53 for both TCP and UDP. Allow traffic through your firewall.
On Ubuntu with UFW:
sudo ufw allow 53/tcpsudo ufw allow 53/udpOn CentOS with firewalld:
sudo firewall-cmd --add-service=dns --permanentsudo firewall-cmd --reloadStep 8: Test Your DNS Server
Use the dig command to query your server. Replace 192.168.0.10 with your server’s IP.
dig @192.168.0.10 www.example.localYou should see the answer section showing the IP 192.168.0.20. Test the reverse lookup too:
dig -x 192.168.0.20 @192.168.0.10If everything works, your DNS server is operational.
Configuring Clients To Use The DNS Server
Now that your server is running, configure client machines to use it.
On Linux Clients
Edit the /etc/resolv.conf file:
sudo nano /etc/resolv.confAdd your DNS server’s IP:
nameserver 192.168.0.10On systems using NetworkManager, update the connection settings instead.
On Windows Clients
Go to Network Settings, find your connection, and set the DNS server to your Linux server’s IP.
On Other Devices
Most routers allow you to set a custom DNS server. Enter your server’s IP in the DHCP settings.
Advanced Configuration Options
Once basic setup works, you can add more features.
Adding Multiple Domains
Simply add more zone blocks in named.conf.local and create corresponding zone files. Each domain gets its own file.
Setting Up A Slave DNS Server
For redundancy, configure a secondary DNS server. On the master server, allow zone transfers:
zone "example.local" {
type master;
file "/etc/bind/db.example.local";
allow-transfer { 192.168.0.11; };
};On the slave server, configure the zone as type slave.
Adding DNSSEC
DNSSEC adds security by signing DNS records. Enable it in named.conf:
dnssec-enable yes;
dnssec-validation yes;Then sign your zones using dnssec-signzone.
Common Troubleshooting Tips
Even with careful setup, issues can arise. Here are solutions to common problems.
DNS Server Not Responding
- Check if BIND is running:
sudo systemctl status named - Verify firewall rules allow port 53
- Ensure the server’s IP is static
Zone File Errors
- Run named-checkzone to find syntax errors
- Check for missing periods at the end of domain names
- Verify serial numbers are incremented after changes
Client Cannot Resolve Names
- Test with dig from the server itself first
- Confirm the client’s resolv.conf points to the right IP
- Check network connectivity between client and server
Log Files To Monitor
BIND logs to /var/log/syslog on Ubuntu or /var/log/messages on CentOS. Use tail to watch:
sudo tail -f /var/log/syslogThis helps identify configuration or runtime errors.
Security Best Practices
Running a DNS server requires attention to security.
- Restrict queries to trusted networks using allow-query
- Disable recursion for external queries if not needed
- Use TSIG keys for zone transfers
- Run BIND in a chroot jail
- Keep BIND updated with security patches
- Monitor logs for unusual activity
These steps prevent your server from being used in DNS amplification attacks.
Automating DNS Management
For dynamic environments, consider automation tools.
Using Ansible
Ansible can deploy BIND configuration across multiple servers. Write playbooks that copy zone files and restart the service.
Using Webmin
Webmin provides a web interface for managing BIND. Install it and access the DNS module for easier editing.
Using Scripts
Write shell scripts to update zone files and reload BIND. This is useful for adding records programmatically.
Performance Tuning
Optimize your DNS server for speed and reliability.
- Increase the number of worker threads in named.conf
- Use caching to reduce upstream queries
- Adjust TTL values for frequently accessed records
- Monitor query load and scale horizontally if needed
A well-tuned server handles thousands of queries per second.
Frequently Asked Questions
What is the difference between BIND and dnsmasq?
BIND is a full-featured DNS server for large networks. Dnsmasq is lightweight and designed for small LANs. For learning how to setup dns server in linux, BIND is the standard choice.
Can I run a DNS server on a virtual machine?
Yes, DNS servers run well on VMs. Ensure the VM has a static IP and enough resources for your query volume.
How do I update DNS records after changes?
Edit the zone file, increment the serial number, then run sudo systemctl reload named. Changes take effect immediately.
Is it safe to use a public DNS server as forwarder?
Yes, using Google (8.8.8.8) or Cloudflare (1.1.1.1) is safe. They provide fast and reliable resolution for external domains.
What should I do if my DNS server stops working after a reboot?
Check that BIND is enabled with sudo systemctl enable named. Also verify the network interface comes up with the correct static IP.
Conclusion
You now have a complete understanding of how to setup dns server in linux. From installing BIND to creating zone files and testing resolution, every step is covered. Running your own DNS server gives you full control over name resolution in your network.
Start with a simple configuration and expand as needed. Monitor logs regularly and keep security in mind. With practice, you’ll manage DNS like a pro.
If you run into issues, refer back to the troubleshooting section. The commands and examples here work on most Linux distributions. Good luck with your DNS server setup.