Setting up a Bind 9 DNS server in Debian/Ubuntu

The Internet will go bust without DNS and the following is a guide to setting up your own DNS server to provide information about your domains and associated services. While this task can be accomplished very easily when using a hosting control panel, it is great fun to set things up on your own.

The following guide lists the steps to follow if you are looking to install the BIND 9 domain name system on your server. BIND is by far the most popular solution on servers around the world. In this guide, we will be installing it on a Debian 6 machine. It should also work on newer releases of Ubuntu just as well.

1. Install the Bind, dnsutils and sysklogd packages:
   apt-get install bind9 dnsutils sysklogd
2. Once Bind is installed, it is automatically started. Let's stop it while we configure the beast:
   /etc/init.d/bind9 stop
3. For security reasons, we need to set up Bind to run as the user bind and restricted to its own directory (via a CHROOT jail). To do this, edit the file /etc/default/bind9 and look for the line that reads:
   OPTIONS="-u bind".
   Modify this line to:
   OPTIONS="-u bind -t /var/lib/named"
   Save the file and exit.
4. Now, let's set up the /var/lib/named directory tree where the service is restricted to run:
   mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run
5. We now move the configuration directory from its original directory at /etc/bind to its new home within /var/lib/named. We, however, create a symbolic link between the old and new locations so that both are valid.
   mv /etc/bind /var/lib/named/etc
ln -s /var/lib/named/etc/bind /etc/bind
6. Some magickery I do not understand: Add null and random devices, and fix the permissions of the directories:
   mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind
7. Edit the file /etc/init.d/bind9 and look for a line of code that looks like:
   # dirs under /var/run can go away on reboots.
   This section needs to be modified to account for the CHROOT jail we set up earlier. To do this, comment out (using a # prefix) the relevant section of code in this file and add the following below it:
   CHROOT_DIR=`echo $OPTIONS | cut -d ' ' -f 4`
# dirs under /var/run can go away on reboots.
mkdir -p $CHROOT_DIR/var/run/bind/run
chmod 775 $CHROOT_DIR/var/run/bind/run
chown root:bind $CHROOT_DIR/var/run/bind/run >/dev/null 2>&1 || true
   Once done, save the file and exit.
8. Finally, we need to set up the system log to incorporate bind output. To do this we edit the file /etc/default/syslogd and modify the line:
   SYSLOGD="-u syslog"
   to read:
   SYSLOGD="-a /var/lib/named/dev/log"
   Save the file and exit.
9. Finally, start/restart the bind and syslog services:
   /etc/init.d sysklogd restart
/etc/init.d bind9 start

Large swathes of this guide have been adapted from other guides written by people more knowledgeable than I. If you are still encountering difficulties, I recommend perusing through one or more of the following guides:

• The Debian Wiki
• The Linode wiki
• Justin Hartman's Debian Wiki

I will soon be writing another article on adding zones as well as setting up master and slave servers. Click on the tags related to this post to locate them.