Setting up a Bind 9 DNS server in Debian/Ubuntu

The Internet will go bust without DNS and the following is a guide to setting up your own DNS server to provide information about your domains and associated services. While this task can be accomplished very easily when using a hosting control panel, it is great fun to set things up on your own.

The following guide lists the steps to follow if you are looking to install the BIND 9 domain name system on your server. BIND is by far the most popular solution on servers around the world. In this guide, we will be installing it on a Debian 6 machine. It should also work on newer releases of Ubuntu just as well.

1. Install the Bind, dnsutils and sysklogd packages:
   apt-get install bind9 dnsutils sysklogd
2. Once Bind is installed, it is automatically started. Let's stop it while we configure the beast:
   /etc/init.d/bind9 stop
3. For security reasons, we need to set up Bind to run as the user bind and restricted to its own directory (via a CHROOT jail). To do this, edit the file /etc/default/bind9 and look for the line that reads:
   OPTIONS="-u bind".
   Modify this line to:
   OPTIONS="-u bind -t /var/lib/named"
   Save the file and exit.
4. Now, let's set up the /var/lib/named directory tree where the service is restricted to run:
   

   mkdir -p /var/lib/named/etc
   mkdir /var/lib/named/dev
   mkdir -p /var/lib/named/var/cache/bind
   mkdir -p /var/lib/named/var/run/bind/run

5. We now move the configuration directory from its original directory at /etc/bind to its new home within /var/lib/named. We, however, create a symbolic link between the old and new locations so that both are valid.
   

   mv /etc/bind /var/lib/named/etc
   ln -s /var/lib/named/etc/bind /etc/bind

6. Some magickery I do not understand: Add null and random devices, and fix the permissions of the directories:
   

   mknod /var/lib/named/dev/null c 1 3
   mknod /var/lib/named/dev/random c 1 8
   chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
   chown -R bind:bind /var/lib/named/var/*
   chown -R bind:bind /var/lib/named/etc/bind

7. Edit the file /etc/init.d/bind9 and look for a line of code that looks like:
   # dirs under /var/run can go away on reboots.
   This section needs to be modified to account for the CHROOT jail we set up earlier. To do this, comment out (using a # prefix) the relevant section of code in this file and add the following below it:
   

   CHROOT_DIR=`echo $OPTIONS | cut -d ' ' -f 4`
   # dirs under /var/run can go away on reboots.
   mkdir -p $CHROOT_DIR/var/run/bind/run
   chmod 775 $CHROOT_DIR/var/run/bind/run
   chown root:bind $CHROOT_DIR/var/run/bind/run >/dev/null 2>&1 || true

   
   Once done, save the file and exit.
8. Finally, we need to set up the system log to incorporate bind output. To do this we edit the file /etc/default/syslogd and modify the line:
   SYSLOGD="-u syslog"
   to read:
   SYSLOGD="-a /var/lib/named/dev/log"
   Save the file and exit.
9. Finally, start/restart the bind and syslog services:
   

   /etc/init.d/sysklogd restart 
   /etc/init.d/bind9 start

Large swathes of this guide have been adapted from other guides written by people more knowledgeable than I. If you are still encountering difficulties, I recommend perusing through one or more of the following guides:

• The Debian Wiki
• The Linode wiki
• Justin Hartman's Debian Wiki

I will soon be writing another article on adding zones as well as setting up master and slave servers. Click on the tags related to this post to locate them.