# DNS With BIND9 ## DNS First of all, let’s install bind9 `sudo apt install bind9` Then go the bind9 directory: `cd /etc/bind9` ```bash touk@k8snode:/etc/bind$ ls bind.keys db.127 db.255 db.local named.conf.default-zones named.conf.options zones.rfc1918 db.0 db.empty named.conf named.conf.local rndc.key ``` Now, let’s confgiure the file called ‘named.conf.options’: `sudo vim /etc/bind9/named.conf.options` the following output is the content of file: ```bash acl trusted-hosts { localhost; localnets; 192.168.1.0/24; }; options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. forwarders { 1.1.1.1; 8.8.8.8; }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See //======================================================================== dnssec-validation auto; listen-on port 53 { 127.0.0.1; 192.168.1.9; }; listen-on-v6 { any; }; allow-query { trusted-hosts; }; allow-transfer { none; }; recursion yes; allow-recursion { trusted-hosts; }; }; ``` Now, let’s create a zone : {% hint style="info" %} 💡 For simplicity you can get the zone template config file like this `sudo cp db.local homelab.lan.zone` {% endhint %} let’s see my config file: ```bash ; ; BIND data file for homelab.lan zone ; $TTL 604800 @ IN SOA ns1.homelab.lan. admin.homelab.lan. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS ns1.homelab.lan. ns1 IN A 192.168.1.9 ; -- Add dns records web IN A 192.168.1.12 centos IN A 192.168.1.16 ``` Now BIND9 don’t know about this zone, so we need to declare it in a special file: ```bash // // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; zone "homelab.lan" IN { type master; file "/etc/bind/homelab.lan.zone"; }; zone "1.168.192.in-addr.arpa" IN { type master; file "/etc/bind/db.192.168.1"; }; ``` And as you can see we have another zone which is for recursive lookup and that’s why we need to create a file for it : for simplicity purpose, i follow this naming methode: `sudo cp db.127 db.192.168.1` Note: just like the we did before, we get the temlate from another file then we make our configuration Let’s take a look at the content of `db.192.168.1` ```bash ; ; BIND reverse data file for local loopback interface ; $TTL 604800 @ IN SOA ns1.homelab.lan. admin.homelab.lan. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS ns1.homelab.lan. 9 IN PTR ns1.homelab.lan. 12 IN PTR web.homelab.lan. 16 IN PTR centos.homelab.lan. ``` {% hint style="info" %} Reload bind9 with zero downtime: `sudo rndc reconfig` `sudo rndc reload ` {% endhint %} Now it depends if the NetworkManager or resolved is the on controlling the network configuration In my case both are running which means, the NetworkMnager is responsible now And for that you have to change your DNS IP: if it is resolved =⇒ `sudo vim /etc/systemd/resolved.conf` If it is NetworkManager =⇒ You have to use the nmcli, check on this [page](https://taqiyeddine.gitbook.io/exploring-it/lpic-2-linux-engineer-202-450/lpic-2-linux-professional/network-configurtion)