How to Set Up and Configure BIND DNS on Linux (Step‑by‑Step Guide)

Bind Introduction

In LAN environments, BIND (Berkeley Internet Name Domain) provides the named daemon to handle DNS queries. It is developed by ISC; other DNS servers include PowerDNS, dnsmasq, Unbound, CoreDNS.

Setting Up Forward DNS Service

1. Install BIND

Install via package manager (apt, yum) or compile from source. Example:

# ubuntu
apt install bind9

# centos
yum install bind

2. Modify Configuration

Configuration files are under /etc/bind/, main file named.conf. Include other files, e.g., named.conf.options for global options such as port, directory, forwarders, etc.

Port Configuration

BIND listens on UDP/TCP port 53 by default; can be changed in named.conf.options:

# allow any machine to query
listen-on-v6 port 5353 { any; };
listen-on port 5353 { any; };

Logging Configuration

Logs are written to system logs (/var/log/messages or /var/log/syslog). Custom logging can be defined in named.conf.logging:

logging {
    channel query_log {
        file "/var/log/named/query.log";
        severity info;
        print-time yes;
    };
    channel other_log {
        file "/var/log/named/other.log";
        severity info;
        print-time yes;
    };
    category queries { query_log; };
    category default { other_log; };
};

Access Control

Use allow-query and allow-transfer in the options block to restrict clients.

options {
    allow-query { any; };
    allow-transfer { none; };
};

Forwarders

Specify upstream DNS servers:

options {
    forwarders { 114.114.114.114; 180.76.76.76; };
};

3. Zone Configuration

Create a zone file, e.g., /etc/bind/yongshen/db.yongshe.com, and add a zone definition:

zone "yongshen.com." {
    type master;
    file "/etc/bind/yongshen/db.yongshe.com";
};

Zone file example:

$TTL 86400
@   IN  SOA master.yongshe.com. admin.yongshe.com. (
        2023102401 ; Serial
        3600       ; Refresh
        1800       ; Retry
        604800     ; Expire
        86400      ; Minimum TTL
)
@   IN  NS  master.yongshen.com.
master IN A 10.0.0.66
www    IN A 10.0.0.66

Explain record types (A, AAAA, NS, SOA) and placeholders like @ and *.

4. Restart Service

Restart with sudo systemctl restart bind9.service. On Ubuntu the service may be named named or bind9.

5. Testing

Use dig, host, or nslookup to query the server. Example:

dig www.yongshen.com @10.0.0.66 -p 5353

Master‑Slave Configuration

Configure master with allow-transfer pointing to slave IPs, and define slave zones with type slave, masters { ... }; and a file path for the transferred data.

AppArmor Considerations

On Ubuntu, AppArmor may block custom zone directories. Switch the profile to complain mode or edit /etc/apparmor.d/usr.sbin.named to grant read/write access to the desired paths, then reload the profile and restart BIND.