Setup a DNS Server and Domain Name

nurfitri
Setup a DNS Server and Domain Name

What is DNS

You can read more about DNS here. But in short, DNS is a service that translate domain name into IP address. It is like the old yellow phone book that map name to number that we can contact.

Computer communicate using IP address. A domain name is just something we used to make user's life easier (not have to remember the IP address). Everytime a request to a server being made, our machine perform a DNS query to a DNS server to get the IP address of the server. Once we know the IP address of the server, we can then start the connection.

Types of DNS Queries

  1. Recursive
    • this type of query received a query, and help finding the resolved answer. if it doesn't find the address for the domain in its own list. It will send a query to another DNS server asking for the address of the domain. After it find the answer it then return it to the us the client.
  2. Iterative
    • this type of query will not help us finding the answer if it doesn't know the address. Instead it will refer us to another DNS servers. We the client then perform another query to the new DNS server that migh have the answer.

DNS Forwarder

A fowarder is a server that will be use by our server to forwarder queries if our own DNS server can't find the answer. It usually used to seperate the internal name queries with external.

As example the domain usm.my have the ns.usm.my DNS server. This DNS server only store tha domain information related to it internal zones such as cs.usm.my, bio.usm.my. If the client asking for something that is not within the zones it will then forward the request to the forwarder.

Let's say the forwarder set in the ns.usm.my config is the cloudflare DNS server 1.1.1.1 and the google DNS server 8.8.8.8 and 8.8.4.4. When we query for nurbxfit.com using the ns.usm.my as our DNS server, it will first find if it in it primary zones -> secondary zones -> cache. If it doesn't know the answer, it will then foward the query to forwarder set in the config recursively. The ns.usm.my dns server will then return the answer to the client if it is able to resolve the address of nurbxfit.com.

If in case the server didn't find the answer, it will then attempt to resolve it using the iterative queries by refer us the client to another DNS server that might know the answer.

Getting a domain name

Anyone with an internet connection can host their own server on the internet. As long as the client know the address to connect to the server. Without a domain name, a server can be hard to reach and not really accessible.

Like in life, to get public identifiable name that associate with us, we first need to register it so that it is uniquely identifiable to us. For a server on internet, we first need to register our domain name with a domain registrar. The domain registrar acts as a domain dealership that rent us a domain name and then help use register the domain to the domain registry.

Popular Domain Registrar

some hosting provider in malaysia also provides domain name registration:

Some free domain

There are some domain name that are free to register that usually ends with

  • .tk
  • .ml
  • .ga
  • .cf

to get a domain name, we simply go the the registrar and rent our domain name, how to rent is vary depend on each registrar. After we rent our domain name, we simply have the right to use the domain. The domain name is still not associated with our server, that we need to set it up ourself using the Authoritative DNS server. Usually while renting our domain name, we will be prompt to specify the nameserver and its ip address of our authoritative DNS server. After that we need to configure our Authoritative DNS server to map the domain name to a machine ip address.

Checking for Authoritative DNS server

to check for authoritative DNS server of a domain name, we can use type ns options of dig command and check the ;;ANSWER SECTION.

jun@client:~$ dig -t ns cs.usm.my
.....
;; ANSWER SECTION:
cs.usm.my.		28800	IN	NS	ns2.usm.my.
cs.usm.my.		28800	IN	NS	ns.usm.my.
.....

as we can see cs.usm.my 's authoritative DNS server is ns.usm.my and ns2.usm.my

Hosting DNS server using BIND9

Lets us first ssh into our server and install the required dependencies

jun@server:~$ sudo apt update && sudo apt install bind9 bind9utils bind9-doc

By default bind will automatically start after the installation. If bind does not start, we can start it using systemctl.

jun@server:~$ systemctl start bind9

Note

The name of the software we are using as our DNS service is called bind9. While the name of the deamon process running from the software is called named.

To find the running bind process we can use ps

jun@server:~$ sudo ps -ef | grep named

We can see the process /usr/bin/named -f -u bind running.

BIND9 Configuration

Bind main configuration file is located in /etc/bind/named.conf. Looking at the file we can see that it include other file such as:

  • /etc/bind/named.conf.options
  • /etc/bind/named.conf.local
  • /etc/bind/named.conf.default-zones

If we read the content of main config file named.conf, it says that if we want add a DNS zones, we can edit the named.conf.local file. Here is where we add the information about our newly rent domain name.

The named.conf.options contains general options for the server such as the interface the service is listening on or the DNS forwarder list.

using IPv4

to configure our bind9 to use IPv4 address, make a change to the startup options by adding the -4 to tell the server to use IPv4. If we want to use IPv6, simply change -4 to -6.

To make change to the startup options, open the following file /etc/default/named and change the OPTIONS value with the following

# startup options for the server
OPTIONS=" -u bind -4"

the -u bind opitions define that we start our bind service with the user bind. We can now save our changes and restart our services

jun@server:~$ systemctl restart bind9

using forwarder

To set a fowarder for our DNS server, open the /etc/bind/named.conf.options and add the address of our forwarder like this.

forwarders {
	1.1.1.1;
	8.8.8.8;
	8.8.4.4;
}

Then we can restart our service. If our server doesn't know the answer for the request, it will then use the forwarder to get the answer.

Assign our domain to our DNS server

Now that we have a DNS server running, we can start making our DNS server as the Authoritative DNS server for the new domain name we purchased.

Adding new zone

lets add a new zone to our /etc/bind/named.conf.local.

zone "nurbxfit.com" {
	type master;
	file "/etc/bind/db.nurbxfit.com";
}

Here we just added a zone for our domain nurbxfit.com with type master and then we specify the zone file.

A zone file is a plain text file stored in a DNS server that contains an actual representation of the zone and contains all the records for every domain within the zone

After we added a new zone entry in our local config, we can then create our zone file using a template

jun@server:~$ sudo cp /etc/bind/db.empty /etc/bind/db.nurbxfit.com

About Zone file

More about Zone file. In short zone file is the text file that describe a DNS zone. Zone file format is like this

name | record class | ttl | record type | record data

; in zone file a comment start with smicolon ;
  • The name field may be left blank. If so, the record inherits the field from the previous record. A free standing @ is used to denote the current origin or our base domain.
  • The ttl field specifies the number of seconds after which a caching client must discard the record and perform a new resolution operation to obtain fresh information. if we left it blank, it will be set to default TTL (if defined).
  • The record class field indicates the namespace of the record information. The most commonly used namespace is that of the Internet, indicated by parameter IN.
  • The record type field is an abbreviation for the type of information stored in the last field, record data. Example: MX, NS, A,AAAA,CNAME,SOA
  • The record data may consist of iformation elements depends on the record type.

Editing our zone file

open our zone file /etc/bind/db.nurbxfit.com and add the following information about our new domain

; firstly this is a comment
; below is the Time to live TTL.
$TTL 86400

; we first need to specify the Source of Authoritative (SOA) record for our domain
@ IN SOA ns1.nurbxfit.com. root.localhost. (
	1 ; Serial (when we made changes to config, increment this value)
	604800 ; Refresh
	86400 ; Retry
	2419200 ; Expire
	86400 ; Negative Cahce TTL
)

; then we define the nameserver (NS) record
@ IN NS ns1.nurbxfit.com. 

; then we specify a subdomains
; this means ns1.nurbxfit.com has ip of 76.76.21.21
ns1           IN A    76.76.21.21 

; this if we want to set a mail service.
mail          IN MX   10 mail.nurbxfit.com. 

; tell that nurbxfit.com have ip of 76.76.21.21
nurbxfit.com. IN A 76.76.21.21 

; add www subdomain
www           IN A 76.76.21.21

; lets say we have a subdomain that point to other ip address
portfolio     IN A 202.170.58.62

Checking for configuration error

Before we restart our DNS service, we can first check for error for our named.conf

jun@server:~$ named-checkconf

We can also check for any error in our zone file

jun@server:~$ named-checkzone nurbxfit.com /etc/bind/db.nurbxfit.com

if there is no error shown in the ourput of following command, we can now restart our service.

Checking if our DNS working

We can check if our DNS server is working using dig command. we can ask our server if it can resolve the domain name.

Lets try resolvve the domain name nurbxfit.com using the -t a and use the @ followed by our dns server address and the domain name.

jun@server:~$ dig -t a @localhost nurbxfit.com

Here is another example where we use dig to check if ns.usm.my dns server can find the domain cs.usm.my.

jun@client:~$ dig -t a @202.170.56.75 cs.usm.my
....
;; ANSWER SECTION:
cs.usm.my.		3600	IN	A	202.170.57.170
....

As we can see the dns server can resolve the domain cs.usm.my to the ip address 202.179.57.170. To verify this, we can use reverse lookup, to resolve the ip address to a domain name.

jun@client:~$ dig -x 202.170.57.170
....
;; ANSWER SECTION:
170.57.170.202.in-addr.arpa. 3600 IN	PTR	osscentral3.usm.my.
170.57.170.202.in-addr.arpa. 3600 IN	PTR	usmkpt.edu.my.
170.57.170.202.in-addr.arpa. 3600 IN	PTR	cs.usm.my.
170.57.170.202.in-addr.arpa. 3600 IN	PTR	voicingconcern.net.my.
....

alternatively we can use nslookup

jun@client:~$ nslookup 202.170.57.170

170.57.170.202.in-addr.arpa	name = voicingconcern.net.my.
170.57.170.202.in-addr.arpa	name = cs.usm.my.
170.57.170.202.in-addr.arpa	name = usmkpt.edu.my.
170.57.170.202.in-addr.arpa	name = osscentral3.usm.my.

Waiting

after we configure our DNS server, we must wait for the DNS record to propagate across the internet.