You are here

Setting up a Bind 9 DNS server in Debian/Ubuntu

Submitted by Druss on Tue, 2011-05-03 11:46

The Internet will go bust without DNS and the following is a guide to setting up your own DNS server to provide information about your domains and associated services. While this task can be accomplished very easily when using a hosting control panel, it is great fun to set things up on your own.

The following guide lists the steps to follow if you are looking to install the BIND 9 domain name system on your server. BIND is by far the most popular solution on servers around the world. In this guide, we will be installing it on a Debian 6 machine. It should also work on newer releases of Ubuntu just as well.

  1. Install the Bind, dnsutils and sysklogd packages:
    apt-get install bind9 dnsutils sysklogd
  2. Once Bind is installed, it is automatically started. Let's stop it while we configure the beast:
    /etc/init.d/bind9 stop
  3. For security reasons, we need to set up Bind to run as the user bind and restricted to its own directory (via a CHROOT jail). To do this, edit the file /etc/default/bind9 and look for the line that reads:
    OPTIONS="-u bind".
    Modify this line to:
    OPTIONS="-u bind -t /var/lib/named"
    Save the file and exit.
  4. Now, let's set up the /var/lib/named directory tree where the service is restricted to run:
    mkdir -p /var/lib/named/etc
    mkdir /var/lib/named/dev
    mkdir -p /var/lib/named/var/cache/bind
    mkdir -p /var/lib/named/var/run/bind/run
  5. We now move the configuration directory from its original directory at /etc/bind to its new home within /var/lib/named. We, however, create a symbolic link between the old and new locations so that both are valid.
    mv /etc/bind /var/lib/named/etc
    ln -s /var/lib/named/etc/bind /etc/bind
  6. Some magickery I do not understand: Add null and random devices, and fix the permissions of the directories:
    mknod /var/lib/named/dev/null c 1 3
    mknod /var/lib/named/dev/random c 1 8
    chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
    chown -R bind:bind /var/lib/named/var/*
    chown -R bind:bind /var/lib/named/etc/bind
  7. Edit the file /etc/init.d/bind9 and look for a line of code that looks like:
    # dirs under /var/run can go away on reboots.
    This section needs to be modified to account for the CHROOT jail we set up earlier. To do this, comment out (using a # prefix) the relevant section of code in this file and add the following below it:
    CHROOT_DIR=`echo $OPTIONS | cut -d ' ' -f 4`
    # dirs under /var/run can go away on reboots.
    mkdir -p $CHROOT_DIR/var/run/bind/run
    chmod 775 $CHROOT_DIR/var/run/bind/run
    chown root:bind $CHROOT_DIR/var/run/bind/run >/dev/null 2>&1 || true

    Once done, save the file and exit.
  8. Finally, we need to set up the system log to incorporate bind output. To do this we edit the file /etc/default/syslogd and modify the line:
    SYSLOGD="-u syslog"
    to read:
    SYSLOGD="-a /var/lib/named/dev/log"
    Save the file and exit.
  9. Finally, start/restart the bind and syslog services:
    /etc/init.d/sysklogd restart 
    /etc/init.d/bind9 start

Large swathes of this guide have been adapted from other guides written by people more knowledgeable than I. If you are still encountering difficulties, I recommend perusing through one or more of the following guides:

I will soon be writing another article on adding zones as well as setting up master and slave servers. Click on the tags related to this post to locate them.