A DNS server is just like your smartphone address book, it let you reach your contacts by a “name”, such name is know as domain.
The DNS service is essential to surf the web, send emails, etc… Usually the ISP provide a couple of DNS IP addresses, however have a local DNS server may offers many advantages in terms of internet bandwidth load, if your network serves many computers and/or devices; if you are asking which software can be able to provide that kind of features: Bind9 is the one, at last for linux servers.
Have your own local DNS server gives you the ability to save an huge part of the bandwidth consumption by the names resolving for your network devices; why? that’s pretty easy: Your local server will answer to the local requests for name resolving rather than refer to an external server.
-
Install BIND9
Install the packages for bind9 and bind9utils
1apt-get install bind9 bind9utils -
Configuration
Edit the file named.conf.options
1nano /etc/bind/named.conf.optionsFill in the config file with a list of trustworthy hosts
123456Acl trustworthy-hosts {//Insert the list of IP allowed to enjoy the service.192.168.1.0/24;localhost;localnets;}Insert or edit the DNS list, the caching and forwarding options.
1234567891011121314151617options {//Cache pathdirectory “/var/cache/bind”;//Enable Recursionrecursion yes;//Enable requests from the trustworthy hosts listallow-query { trustworthy-hosts; };forwarders {//List of the external DNS IPs to refer to8.8.8.8; #Google Primary208.67.222.222; #OpenDNS Primary}dnssec-enable yes;dnssec-validation yes;auth-nxdomain no; # conform to RFC1035listen-on-v6 { any; };} -
Optimization
If you want to let your DNS server to handle IPv4 only (actually faster and recommended), you need just to specify to listen only for IPv4 in the file /etc/default/bind9 as follows:
1nano /etc/default/bind9Find out the row containing the OPTIONS field and edit its value like this:
1OPTIONS=”-u bind -4” -
Service start, stop and restart
Start bind9 just typing this command in a terminal:
1service bind9 startStop it:
1service bind9 stopRestart the server, after a config change for example:
1service bind9 restart -
Test your DNS server efficiency
To check if your DNS properly does its job, you can use the NameBench tool from your PC; just install it and fill the nameservers field with your DNS Server IP to let it benchmark it for you and compare the performance results with other DNS close to you.
- To download and install NameBanch on your client just follow the link or the instructions for your O.S.
- Windows, MacOSX and Sources: Visit the download section of the google code page of the project
- Ubuntu: Use the software center to install namebench or perform the following in a terminal:
1sudo apt-get install namebench
- If you want just to perform a quick test of your DNS server from its shell, just run the dig command twice looking at the time difference between the 1st and 2nd request.
Just launch this twice in your server terminal:
1dig wikipedia.com
- To download and install NameBanch on your client just follow the link or the instructions for your O.S.
-
Let the DNS server supply our LAN
Once installed, configured and tested, our server need only to be set in our router configuration to make sure that any device use it to solve domain names; you just need to access the administration panel of your modem/router, go to the DHCP settings and fill the primary DNS field with our local DNS server IP and that’s all!
-
Firewall
To configure properly firewall in ubuntu for Bind9, just follow the IpTables tutorial here
Questo post è disponibile anche in: Italian