An important part of managing server configuration and infrastructure includes maintaining an easy way to look up network interfaces and IP addresses by name, by setting up a proper Domain Name System (DNS). Using fully qualified domain names (FQDNs), instead of IP addresses, to specify network addresses eases the configuration of services and applications, and increases the maintainability of configuration files. Setting up your own DNS for your private network is a great way to improve the management of your servers.
Installation and Configuration:
sudo apt-get install install bind9 bind9utils
Setting Bind to IPv4 Mode
set BIND to IPv4 mode since our network uses IPv4. Edit the bind9
default settings file by typing:
sudo nano /etc/default/bind9
Add “-4” to the end of the OPTIONS
parameter. It should look like this :
OPTIONS="-u bind -4"
Configure Access Control List
The acl statement can be used to define groups of hosts that can be permitted or denied access to the nameserver.. Hence, open the named options configuration file and define the acl block as shown below.
sudo nano /etc/bind/named.conf.options
Add the the following accepted IP list. It should look like this :
acl "allowed" {
150.140.0.0/16;
};
On the same file enter the following configuration options:
options {
directory "/var/cache/bind";
recursion yes;
allow-recursion { localhost; allowed; };
listen-on port 53 { 150.140.139.248; }; # which inerface to listen ie localhost; NIC1, NIC2 etc
allow-query { localhost; allowed; };
allow-transfer { none; };
forwarders {
8.8.8.8;
8.8.4.4;
};
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
this is more than enough for forwarding DNS queries and avoid tracking your activity. If you wish to move forward with a real implementation of DNS server you have to create your forward and reverse zones files. Check this tutorial from Digital Ocean.