Configuring a Private Network DNS Server with BIND Setup
What Will You Learn in This Guide?
In this guide, you will set up the internal DNS infrastructure for the private network using BIND9 on Ubuntu 22.04.
You will configure primary and secondary DNS servers and connect clients with Netplan.
Technical Summary
Main Topic: Internal DNS installation with BIND9 on Ubuntu 22.04
Solved Problem: Eliminating IP address dependency
Scope: ACL, Forward Zone, Reverse Zone, Netplan, nslookup
This structure allows you to manage IP changes from a single center.
Why Should You Use Private (Internal) DNS?
IP addresses create management overhead in scaled environments.
Using FQDN simplifies configurations and reduces errors.
Advantages:
- Central DNS management
- Readability in service files
- Easy maintenance and scalability
Sample Infrastructure Structure
| Server | Role | FQDN | Private IP |
|---|---|---|---|
| ns1 | Primary DNS | ns1.dc1.example.com | 10.128.10.11 |
| ns2 | Secondary DNS | ns2.dc1.example.com | 10.128.20.12 |
| host1 | Client | host1.dc1.example.com | 10.128.100.101 |
| host2 | Client | host2.dc1.example.com | 10.128.200.102 |
Change the domain name and IPs according to your own environment.
Installing BIND on DNS Servers
These steps are performed on ns1 and ns2.
sudo apt update
- This command updates the package list.
sudo apt install bind9 bind9utils bind9-doc
- This command installs BIND9 and utilities.
IPv4 Mode
sudo nano /etc/default/named
OPTIONS="-u bind -4"
- This setting only listens for IPv4 traffic.
sudo systemctl restart bind9
- This command restarts the BIND service.
Primary DNS Server (ns1)
- ACL and Recursion Settings
sudo nano /etc/bind/named.conf.options
acl "trusted" {
10.128.10.11;
10.128.20.12;
10.128.100.101;
10.128.200.102;
};
options {
recursion yes;
allow-recursion { trusted; };
listen-on { 10.128.10.11; };
allow-transfer { none; };
forwarders {
1.1.1.1;
8.8.8.8;
};
};
- This structure only allows queries from the private network.
DNS Zone Definitions
sudo nano /etc/bind/named.conf.local
zone "dc1.ornek.com" {
type primary;
file "/etc/bind/zones/db.dc1.ornek.com";
allow-transfer { 10.128.20.12; };
};
zone "128.10.in-addr.arpa" {
type primary;
file "/etc/bind/zones/db.10.128";
allow-transfer { 10.128.20.12; };
};
Forward and Reverse Zone Files
sudo mkdir /etc/bind/zones
- Forward Zone
sudo cp /etc/bind/db.local /etc/bind/zones/db.dc1.ornek.com
- Add A records:
ns1 IN A 10.128.10.11
ns2 IN A 10.128.20.12
host1 IN A 10.128.100.101
host2 IN A 10.128.200.102
- Reverse Zone
sudo cp /etc/bind/db.127 /etc/bind/zones/db.10.128
11.10 PTR ns1.dc1.ornek.com.
12.20 PTR ns2.dc1.ornek.com.
101.100 PTR host1.dc1.ornek.com.
102.200 PTR host2.dc1.ornek.com.
Control and Service Initialization
sudo named-checkconf
sudo named-checkzone dc1.ornek.com /etc/bind/zones/db.dc1.ornek.com
sudo named-checkzone 128.10.in-addr.arpa /etc/bind/zones/db.10.128
sudo systemctl restart bind9
sudo ufw allow Bind9
Connecting Clients to DNS (Netplan)
sudo nano /etc/netplan/00-private-nameservers.yaml
network:
version: 2
ethernets:
eth1:
nameservers:
addresses:
- 10.128.10.11
- 10.128.20.12
search: [dc1.ornek.com]
sudo netplan try
Test
nslookup host1
nslookup 10.128.100.101
- Both queries should return true.
DNS Maintenance Checklist (The only real plus from Gemini)
1. When adding a new server:
-
Add A record to forward zone
-
Add PTR record to reverse zone
-
Serial increase
-
Update trusted ACL
-
sudo systemctl reload bind9
Frequently Asked Questions (FAQ)
1. Why are two DNS servers needed? For redundancy and availability.
2. Why is Reverse DNS important? For logging and security verification.
3. Do I have to use a public domain? No. Private domain can be used.
4. What happens if DNS crashes? Name resolution stops and services are affected.
5. What to do when the zone file changes? Serial is increased and BIND is reloaded.
Result
Thanks to this structure:
-
IP dependency is removed
-
Configurations become simpler
-
Scalable DNS infrastructure is formed
You can use this entire system safely on the GenixNode infrastructure.