How To Configure DNS Server On Ubuntu 18.04 / Ubuntu 16.04

-
Prerequisites

1. A Ubuntu machine (18.04.4 LTS)
2. IP Address 192.168.1.210
3. Hostname  (ns1.example.com)

sudo apt update

Install DNS Server

The package name for the DNS server on Ubuntu is bind9 and is available in the base repository. Use the apt command to install the bind9 package.
sudo apt install -y bind9 bind9utils bind9-doc dnsutils

Configure DNS Server

The /etc/bind/ directory is the main configuration directory of the DNS server, and it holds configuration files and zone lookup files.
Global configuration file is /etc/bind/named.conf. You should not use this file for your local DNS zone rather you can use /etc/bind/named.conf.local file.

Create Zones

Let us begin by creating a forward zone for your domain.
sudo nano /etc/bind/named.conf.local

Forward Zone
The following is the forward zone entry for the example.com domain in the named.conf.local file.
zone "example.com" IN { // Domain name
    
      type master; // Primary DNS

     file "/etc/bind/forward.example.com.db"; // Forward lookup file

     allow-update { none; }; // Since this is the primary DNS, it should be none.

};

Reverse Zone
The following entries are for the reverse zone in the named.conf.local file.
zone "1.168.192.in-addr.arpa" IN { //Reverse lookup name, should match your network in reverse order

     type master; // Primary DNS

     file "/etc/bind/reverse.example.com.db"; //Reverse lookup file

     allow-update { none; }; //Since this is the primary DNS, it should be none.

};


Create Zone lookup file

Once you create zones, you can go ahead and create zone data files that hold DNS records for the forward zone and reverse zone.
Forward Zone lookup file
Copy the sample entries to zone file called forward.example.com.db for the forward zone under /etc/bind directory.
Record types in the zone file,
SOA – Start of Authority
NS – Name Server
A – A record
MX – Mail for Exchange
CN – Canonical Name
Domain names should end with a dot (.).
sudo cp /etc/bind/db.local /etc/bind/forward.example.com.db
Edit the zone.
sudo nano /etc/bind/forward.example.com.db
Update the content shown below.
Whenever you change any records in the lookup file, make sure you update the serial number to some random number, higher than current.

$TTL    604800
@       IN      SOA     ns1.example.com. root.example.com. (
                              3         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
;@      IN      NS      localhost.
;@      IN      A       127.0.0.1
;@      IN      AAAA    ::1

;Name Server Information

@        IN      NS      ns1.example.com.

;IP address of Name Server

ns1     IN      A       192.168.1.210

;Mail Exchanger

example.com.   IN     MX   10   mail.example.com.

;A – Record HostName To Ip Address

www     IN       A      192.168.1.100
mail    IN       A      192.168.1.150

;CNAME record

ftp     IN      CNAME   www.example.com.

Reverse Zone lookup file
Copy the sample entries to the zone file called reverse.example.com.db for the reverse zone under /etc/bind directory and create reverse pointers for the above forward zone records.
PTR – Pointer
SOA – Start of Authority
sudo cp /etc/bind/db.127 /etc/bind/reverse.example.com.db
Edit the reverse zone file.
sudo nano /etc/bind/reverse.example.com.db
Update the content shown below.
Whenever you change any DNS records in the lookup file, make sure to update the serial number to some random number, higher than the current one.
$TTL    604800
@       IN      SOA     example.com. root.example.com. (
                              3         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
;@      IN      NS      localhost.
;1.0.0  IN      PTR     localhost.

;Name Server Information

@       IN      NS     ns1.example.com.

;Reverse lookup for Name Server

10      IN      PTR    ns1.example.com.

;PTR Record IP address to HostName

100     IN      PTR    www.example.com.
150     IN      PTR    mail.example.com.

Check BIND Configuration Syntax

Use named-checkconf command to check the syntax and named.conf* files for any errors.
sudo named-checkconf
Command will return to the shell if there are no errors.
Also, you can use named-checkzone to check the syntax errors in zone files.

Forward zone

sudo named-checkzone itzgeek.local /etc/bind/forward.example.com.db
Output:
zone example.com/IN: loaded serial 3
OK

Reverse zone

named-checkzone 1.168.192.in-addr.arpa /etc/bind/reverse.example.com.db
Output:
zone 1.168.192.in-addr.arpa/IN: loaded serial 3
OK

Restart bind service.
sudo systemctl restart bind9
Enable it on system startup.
sudo systemctl enable bind9
Check the status of the bind9 service.
sudo systemctl status bind9

DNS Record Update

Whenever you change a DNS record, do not forget to change the serial number in the zone file and reload the zone.
Change example.com & 1.168.192.in-addr.arpa with your zone names.
### Forward Zone ###

sudo rndc reload example.com

### Reverse Zone ###

sudo rndc reload 1.168.192.in-addr.arpa


Ref:

Comments

Post a Comment

Popular posts from this blog

Cambium cnPilot E400/E410/E500 Configuration Tutorial

-
Image
Basic Connectivity:   Router (Broadband/mikrotik |dhcp enabled) >>> E400/E410/E500 + LAPTOP Cambium (Powered ON) [POE port] >>>> LAPTOP [LAN port] Step 1: Open Cambium controller in the browser. Step 2: After entering in to the site click on the Onboard Device option from Home Tab of Left Panel. Step 3: In the Onboard Option, we will get Claim Device option to adopt a Cambium AP. Step 4: Now we will move to the Cambium AP configuration Part. Below are credentials of default login access of cnpilot E400/E410/E500/E410/E500. IP:192.168.0.1 Command Line Access: Username: admin Telnet: Disabled by default Password: admin SSH: Enabled by default (on standard port: 22) ***We can also use dhcp IP to login to the cnpilot E400/E410/E500. We will get login page. Step 5: We can see several TAB on left panel. On the DashBoard Tab, we will get some overall information. Some are useful for the configuration; some are useful for troubleshoo...
Read more

Disabling Zimbra's AntiSpam, Amavis and AntiVirus filtering

-
 Check whether antispam and antivirus service is enabled currently on server using the given command zmprov -l gs <mail.example.com> | egrep -i 'serviceen|servicein'  The above command will list all the services which are currently installed and enabled on the server. Disable the antivirus and antispam services using the given commands zmprov -l ms <mail.example.com> -zimbraServiceEnabled antispam  zmprov -l ms <mail.example.com> -zimbraServiceEnabled amavis zmprov -l ms <mail.example.com> -zimbraServiceEnabled antivirus  Comment the following line in the file /opt/zimbra/postfix/conf/main.cf content_filter = smtp-amavis:[127.0.0.1]:10024  Restart services on server zmcontrol restart  Confirm that the antispam and antivirus services are disabled with the given command zmprov -l gs <mail.example.com> | egrep -i 'serviceen|servicein'  zmcontrol status 
Read more

Error "Unable to retrive Zimbra GPG key for package validation"

-
From the installation log we see: Executing: /tmp/tmp.mSlzRMclVa/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 9BE6ED79 gpg: requesting key 9BE6ED79 from hkp server keyserver.ubuntu.com gpg: keyserver timed out gpg: keyserver receive failed: keyserver error 1. Open port 11371 11371 tcp,udp hkp OpenPGP HTTP Keyserver 2. Force it to use port 80: gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 9BE6ED79 Ref: https://wiki.zimbra.com/wiki/Error_%22Unable_to_retrive_Zimbra_GPG_key_for_package_validation%22
Read more