Set Up BIND Authoritative DNS Server on Debian 11 10

The forward zone configuration is where you define your domain name and the server IP address. This configuration will translate the domain name to the correct IP address of the server. The BIND package comes with the service named and is automatically started and enabled during the BIND package installation. BIND can act as an authoritative DNS server for a zone and a DNS resolver at the same time. It’s a good practice to separate the two roles on two different machines and in this article we disabled the resolver in BIND. If you really want to enable the resolver, follow the instructions below.

This Copr contains the core BIND 9 DNS server and all the required dependencies for the popular DNSTAP logging feature. These packages are provided by the BIND developer, not the operating system, and is intended to provide an up-to-date version of BIND. It is not suitable for use if you are relying on operating system-specific features, such as, for example FreeIPA. Each A record specifies the IP address that corresponds to a host name in the domain. Keys Specifies the names of the keys that can be used.

  • Use nslookup to test if your clients can query your name servers.
  • This textbox defaults to using Markdown to format your answer.
  • There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
  • A resolver is a program that resolves questions about names by sending those questions to appropriate servers and responding to the servers’ replies.
  • You can also use the dig utility to check the NS record of your domain name.
  • The example specifies using the key named rndc-key, which is defined in /etc/rndc.key.

The zone file is /etc/bind/, where we will add DNS records. Zone transfer will be only allowed for the slave DNS server. Also note that you shouldn’t register a host Udemy Review in 2022: Learn Coding and Web Development Online that’s not a name server, even if your registrar will let you. Some registrars don’t check whether the host you’re registering actually has any subdomains delegated to it.

Then, when you move your web server and change its address in your zone data, you’ll wonder why some people are still trying the web server’s old address. Now you may refer to your servers’ private network interfaces by name, rather than by IP address. If all of the names and IP addresses resolve to the correct values, that means that your zone files are configured properly. If you receive unexpected values, be sure to review the zone files on your primary DNS server (e.g. and db.10.128).

Transferring Your Domain Name to Another Registrar

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data. Once the repository is enabled, run yum install isc-bind (RHEL/CentOS 7) or dnf install isc-bind (RHEL/CentOS 8, Fedora). The host utility is recommended for performing DNS lookups. Without any arguments, the command displays a summary of its command-line arguments and options. The fully qualified domain name of the name server, including a trailing period (.) for the root domain. Notify Specifies whether to notify the backup name servers when the zone information is updated.

Starts, and that the directory has enough space for your zone data files. If your named configuration files have no syntax errors, there won’t be any error messages and you will return to your shell prompt. If there are problems with your configuration files, review the error message and the Configure Primary DNS Server section, then try named-checkconf again. In this tutorial, you will set up an internal DNS server using two Ubuntu 20.04 servers. You will use the BIND name server software to resolve private hostnames and private IP addresses. This provides a central way to manage your internal hostnames and private IP addresses, which is indispensable when your environment expands to more than a few hosts.

Getting a response from the DNS server to the DNS client is called a lookup response. Also .local is a zeroconf domain used exclusively in zeroconf networking. & it allows us to publish DNS information on internet as well as allows us to resolve DNS queries for the users. BIND is by far the most used DNS software on Internet.

For simplicity’s sake, this article assumes that you want to use a single DNS zone to manage all DNS records for your domain name. File Specifies the path to the zone file relative Docker Compose to /var/named. The zone file for is stored in /var/named/master-data and the transferred zone data for is cached in /var/named/sec/slave-data.

In their simplest form, nameservers match domain names to IP addresses and share your server’s domain names and IP addresses with the Internet. Without nameservers, potential visitors can only access your server and its websites via IP address. To configure a name server to be the primary master for a zone. You aren’t sure which version of BIND you’re running, or which version is installed on your host. If you’re willing to compile your own version of BIND, all you really need to decide is whether you want to run BIND 8 or BIND 9.

How to use the Linux BIND command to install and configure DNS

Its now confirmed that both forward and reverse lookups are working fine and we have fully functional DNS-BIND server setup on CentOS 7 server. Do not hesitate to leave your suggestions and valuable comments. Will get back to you with awesome article on Linux and other Open Source applications.

install bind

Your primary server should be configured for the new host now. Your primary DNS server is now set up and ready to respond to DNS queries. Let’s move on to configuring the secondary DNS server. The two IP addresses in this block represent Google’s public DNS resolvers, but the IP address of any public recursive name server will work here. For example, you could use the IP address of Cloudflare’s DNS server ( instead.

Removing a Host from DNS

Log into the two servers via SSH and run the following commands to install BIND 9 on Debian 11/10 server from the default repository. BIND 9 is the current version and BIND 10 is a dead project. One server is for the master DNS server and the other is for the slave DNS server. Ideally the two servers should be at different physical locations.

install bind

At this point, you’ve completed the BIND DNS Server installation. You’ll set up the UFW firewall and open the DNS port for any queries to the server. Doing so allows clients to make a query to the BIND DNS server. Next, run the below command to create a new directory (/etc/bind/zones) for string DNS zones configurations. This configuration defines the forward zone (/etc/bind/zones/, and the reverse zone (/etc/bind/zones/ for the domain name. All configuration for BIND is available at the/etc/bind/directory, and configurations for the named service at/etc/default/named.


Please do send your valuable feedback/queries to us, we will be happy to address them all. All servers are connected to a project that runs on This guide outlines how to set up an internal, private DNS system, so you can use any domain name you’d like Android 11 DP2: ‘Wireless debugging’ brings hassle-free ADB instead of The DNS servers will always attempt to first route requests internally, meaning they won’t try to reach the given domain on the public internet. However, using a domain you own may help avoid conflicts with publicly routable domains.

A utility ‘dnstap-read’ has been added to allow dnstap data to be presented in a human-readable format. Instructions are available for Installing and Upgrading BIND 9. ISC provides executables for Windows and packages for Ubuntu and CentOS and Fedora and Debian – BIND 9 ESV, Debian – BIND 9 Stable, Debian – BIND 9 Development version. Most operating systems also offer BIND 9 packages for their users.