How to configure Bind for your internal network

Most people will probably choose to use the DNS servers provided by their hosting company or their domain registrar. If however you have an internal network, there there are some advantages to creating your own DNS servers. You could configure an internal DNS server as a Caching or Forwarding server which will speed up your network's DNS lookups. Or Perhaps you have an internal lab and want to use internal domains. In this guide, I will show the steps to configure Bind9 DNS server as a caching/forwarding server and also as an athoritative server for your internal domains.

We shall be using CentOS 7. CentOS 7.x ships with Bind9 which makes it relatively easy for us to install.

Install Bind 9

The following command will download and install bind9 for us, including utilities.

yum -y install bind bind-utils

and, lets make sure its started and also that it will start on reboot

systemctl start named
systemctl enable named

Out of the box Configuration is already a Caching/Resolving DNS Server

The CentOS7 bind rpm already comes with a basic caching/forwarding configuration in /etc/named.conf which looks like below without the comments:

options {
        listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; };
        recursion yes;
        dnssec-enable yes;
        dnssec-validation yes;
        bindkeys-file "/etc/named.iscdlv.key";
        managed-keys-directory "/var/named/dynamic";
        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

Initial Customization to the Caching/Forwarding DNS configuration

The default configuration works but it only works for the localhost. So we need to do two changes: We need to add our network IP and also add the allowed network ranges.

Look for the listen-on port 53 line and update it as follows. In my case I am using 172.16.16.16 as the DNS server IP.

listen-on port 53 { 127.0.0.1; 172.16.16.16;};

Next add your network range so that other servers within your network can query the DNS server.

allow-query     { localhost; 172.16.16.0/16 };

After this you can restart.

systemctl restart named

Congratulations, you now have a working DNS Caching/Forwarding server for your local network.

Add Authoritative configuration so we can answer queries for a local internal domain.

If you , like me are running a local lab, then you will want to configure your internal DNS server to resolve internal servers. For example, all my lab servers have a domain of lab.jnvilo.com and the rest are in home.jnvilo.com

So let us say we want to answer queries for:

  • lab.jnvilo.com
  • home.jnvilo.com

Add a zone definition for each of the above two sub domains.

zone "lab.jnvilo.com" {
    type master;
    file "/etc/named/zones/db.lab.jnvilo.com";
};
zone "home.jnvilo.com" {
    type master;
    file "/etc/named/zones/db.home.jnvilo.com";
};

We should also add reverse zones. In this case I am adding 172.16.16.0/24

zone "16.16.172.in-addr.arpa" {
    type master;
    file "/etc/named/zones/db.172.16.16";
};

Create the Forward Zone file for lab.jnvilo.com

Earlier we added a zone definition in /etc/named and referred to its configuration with an entry like "/etc/named/zones/db.lab.jnvilo.com". We must create this file as shown below:

$TTL    604800
@       IN      SOA     ns1.example.com. admin.example.com. (
                              5         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;

; Name servers
example.com.    IN      NS      ns1.example.com.
example.com.    IN      NS      ns2.example.com.

; A records for name servers
ns1             IN      A       192.0.2.1
ns2             IN      A       192.0.2.2

; Other A records
@               IN      A       192.0.2.3
www             IN      A       192.0.2.3

Also create the Forward Zone file for home.jnvilo.com

$TTL    604800
@       IN      SOA     ns1.example.com. admin.example.com. (
                              5         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;

; Name servers
example.com.    IN      NS      ns1.example.com.
example.com.    IN      NS      ns2.example.com.

; A records for name servers
ns1             IN      A       192.0.2.1
ns2             IN      A       192.0.2.2

; Other A records
@               IN      A       192.0.2.3
www             IN      A       192.0.2.3

And Finally the Reverse Zone

$TTL    604800
@       IN      SOA     example.com. admin.example.com. (
                              5         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;

; Name servers
        IN      NS      ns1.example.com.
        IN      NS      ns2.example.com.

; PTR records
1       IN      PTR      ns1.example.com.
2       IN      PTR      ns2.example.com.
3       IN      PTR      www.example.com.