Updated version
This is my updated step by step procedure that I took to setup my local dns server for our local network at home using Ubuntu 12.04. If you have an older version of Ubuntu you might want to instead check out the old guide, that was written for Ubuntu 8.04.
Step by step instructions
1: Make sure that the latest version of bind9 is installed (that’s the dns-server software):
sudo apt-get install bind9
2.1: Configure the DNS to cache requests and forward unknown requests to other DNS servers:
sudo nano /etc/bind/named.conf.options
2.2: Uncomment or add the forwarders section and replace the x:es with the ip-address to the primary and secondary dns of your isp:
forwarders { x.x.x.x; x.x.x.x; };
Tip: I use OpenDNS as my forwarders, currently 208.67.222.222 and 208.67.220.220.
3.0: Make the server use its own DNS for look-ups:
How to specify which DNS server to use depends on if you are using a dynamic or static ip address:
3.DYNAMIC.1: Edit dhclient.conf:
sudo nano /etc/dhcp/dhclient.conf
3.DYNAMIC.2: Uncomment or add the following line:
prepend domain-name-servers 127.0.0.1;
Note: 127.0.0.1 points to the local machine, making the DNS requests go through our DNS server that we are setting up.
[OPTIONAL]
You might want to also add a search directive to eliminate the need of typing the FQDN when looking up local records. But you should only do this if you cannot control this information in the DHCP server. If you setup the DHCP server as well, then you should make sure that the DHCP server provides the search directive. It would then be automatically used by the DHCP client.
supersede domain-name "home.lan";
3.STATIC.1: Edit /etc/network/interfaces:
sudo nano /etc/network/interfaces
3.STATIC.2: Change or add the dns-nameserver, dns-search and dns-domain directives:
# The primary network interface auto eth0 iface eth0 inet static address 192.168.0.2 netmask 255.255.255.0 gateway 192.168.0.1 network 192.168.0.0 broadcast 192.168.0.255 dns-nameservers 127.0.0.1 dns-search home.lan dns-domain home.lan
Note 1: home.lan is the domain name of our local network in this guide. A DNS search directive is used to eliminate the need of typing the FQDN when looking up local records.
Note 2: This setup must also be done for other Ubuntu clients that use a static IP. But then it should point to the IP of our DNS server. If you have a DHCP server you should specify your DNS IP in its settings, as well as the search domain.
4.1: Define the zones for the local domain:
sudo nano /etc/bind/named.conf.local
4.2: Add a zone for the local domain:
zone "home.lan" IN { type master; file "/etc/bind/zones/home.lan.db"; };
4.3: Also add a zone for reverse dns lookups for the local network:
zone "0.168.192.in-addr.arpa" { type master; file "/etc/bind/zones/rev.0.168.192.in-addr.arpa"; };
Note: Make sure that it’s literal quotes that are used, so that they aren’t converted if you copy and past them to the terminal. You get literal quotes on a Swedish keyboard by pressing “Shif+2”, on an English keybord it might be “Shif+,” ?
5: Create the zones directory:
sudo mkdir /etc/bind/zones
6.1: Configure the local domain:
sudo nano /etc/bind/zones/home.lan.db
6.2: Example settings, change to match your host names and ip-addresses:
; Use semicolons to add comments. ; Host-to-IP Address DNS Pointers for home.lan ; Note: The extra “.” at the end of the domain names are important. ; The following parameters set when DNS records will expire, etc. ; Importantly, the serial number must always be iterated upward to prevent ; undesirable consequences. A good format to use is YYYYMMDDII where ; the II index is in case you make more that one change in the same day. $ORIGIN . $TTL 86400 ; 1 day home.lan. IN SOA ubuntu.home.lan. hostmaster.home.lan. ( 2008080901 ; serial 8H ; refresh 4H ; retry 4W ; expire 1D ; minimum ) ; NS indicates that ubuntu is the name server on home.lan ; MX indicates that ubuntu is (also) the mail server on home.lan home.lan. IN NS ubuntu.home.lan. home.lan. IN MX 10 ubuntu.home.lan. $ORIGIN home.lan. ; Set the address for localhost.home.lan localhost IN A 127.0.0.1 ; Set the hostnames in alphabetical order print-srv IN A 192.168.0.9 router IN A 192.168.0.1 server IN A 192.168.0.5 ubuntu IN A 192.168.0.2 xbox IN A 192.168.0.3
7.1: Create and edit the reverse lookup configuration file:
sudo nano /etc/bind/zones/rev.0.168.192.in-addr.arpa
7.2: Example settings, reversed of the above:
; IP Address-to-Host DNS Pointers for the 192.168.0 subnet @ IN SOA ubuntu.home.lan. hostmaster.home.lan. ( 2008080901 ; serial 8H ; refresh 4H ; retry 4W ; expire 1D ; minimum ) ; define the authoritative name server IN NS ubuntu.home.lan. ; our hosts, in numeric order 1 IN PTR router.home.lan. 2 IN PTR ubuntu.home.lan. 3 IN PTR xbox.home.lan. 5 IN PTR server.home.lan. 9 IN PTR print-srv.home.lan.
8.0: Restart services to use the new settings:
8.1: Restart bind:
sudo service bind9 restart
8.2: Restart the network interface that you changed in step 3:
sudo nohup sh -c "ifdown eth0 && ifup eth0"
Note that networking restart has been deprecated, see this post for more information.
9.0 Test that everything works as expected.
9.1: Test that the dns look-ups works with the local server:
host ping.sunet.se
The response should be:
ping.sunet.se has address 192.36.125.18
ping.sunet.se has IPv6 address 2001:6b0:7::18
9.2: Test that all of your computers are listed with the following command:
host -l home.lan
The output should list all of your entered hosts:
home.lan name server ubuntu.home.lan.
localhost.home.lan has address 127.0.0.1
print-srv.home.lan has address 192.168.0.9
router.home.lan has address 192.168.0.1
server.home.lan has address 192.168.0.5
ubuntu.home.lan has address 192.168.0.2
xbox.home.lan has address 192.168.0.3
9.3: Test that the reverse lookup works:
host 192.168.0.1
Response:
1.0.168.192.in-addr.arpa domain name pointer ubuntu.home.lan.
Final words
- You should have a firewall between this server and the internet and make sure that the dns port (53) is not forwarded to your Ubuntu server. Otherwise your dns server will be open for anyone in the world to use. With this setup it is only intended to be used within your local network.
- Do not forget to update the serial every time you make any changes to a zone file.
Thank you, I found this page to be extremely helpful. With it I was able to successfully set up a DNS server for my local network.
I noticed a discrepancy in the naming of the reverse lookup file. In the instructions for adding zone information it is given the name rev.0.168.192 but in the instructions for creating the file it is given the name rev.10.10.10. The names should be the same in both files.
Thank you for your comments. I’m happy that you found my guide helpful! I have corrected the mistake with 10.10.10. That’s the address that I actually use, but I changed to the more common 192.168.0.x to make the reversed order clearer.
I think you need a $ORIGIN directive in your zone file, otherwise it can be guessed incorrectly by BIND. I had to add that to each of my zone files to get host -l and reverse lookup going.
You are correct Darius. Thank you for taking your time to point this out. I have the $ORIGIN directive in my file but have somehow missed it here. I will update the guide. Thanks again.
this might be a stupid question, but what can I do with this? how come when I’m on another computer on my LAN, and i type in say “router” it doesn’t take me to the admin of my router. do i need to change my DNS on other computers on my LAN or something? help!
Hi Eric,
Yes, you must have have your other computers use the DNS server that you have setup. You must also specify the search suffix that you have setup for your DNS. Check out my other tutorial on setting up a DHCP-server, doing so will assign the ip address, dns and search suffix automatically to your other computers. But if you have a router you most likely will need to turn of its own DHCP server first. On the other hand an easier solution would be to set the search suffix and DNS in your router so that it automatically assigns it to connected clients for you, if your router supports this. This works fins with my D-Link DIR-655.
I hope this helps,
Lani
I’d like to copy this for offline viewing, but it fails. Any idea why?
No I’m sorry, I have no clue.
Been trying to setup DNS on ubuntu for some time and finally success after following this tutorial. Thanks for the tutorial it was great help.
Thank you Ash for your nice comments.
Thanks for the great tutorial. I have wrote the modified version of this post which will work on ubuntu 12.10 with some additional contents:
http://www.techienote.com/2012/11/install-configure-local-dns-server-ubuntu.html
Thanks for this nice local DNS howto!
Hi lani,
very interesting post. I followed all your direction to set up a DNS. When I tested it with “host ping.sunet.se” it works fine. Reverse lookup works.
But when I wanted to test if the computers are listed by typing host -l I get the following message “host mitramedika.lan.mitramedika.lan not found: 9(NOTAUTHO)” . Can you please advise how to solve the problem? thanks
Thank you newbie and halim for your comments. I have not seen this problem myself and unfortantly I do not have the opportunity to investigate this right now. I will keep this in mind and try to test it later. Hopefully some other readers can help with the problem.
I also got this error. One point was missing at the end of a domain name.
I have the same issue as halim ?
aye just checked and same problem as halim here too
I have been looking for a very good tut like this all along. Thanks a million. I installed it and it worked to perfection but please, is there any GUI for it? I prefer using the Graphical Interface instead ….
This may be my own doing, but when having trouble restarting bind9, I realized the two files in “zones” was set as root:root. Changing them to bind:bind fixed that. Might be worth to mention though.
As for the issue described by halim, newbie and green-beast I’m experiencing the same thing. With my ISP added at the end to the complaint (home.lan.isp.se). I can’t think of what might be confusing things, other than possibly the number of NICs (a total of three). Can’t se how though, since I’ve configured every interface accordingly.
ifdown eth0
ifup eth0
This fixed my issue and wrote the correct configurations to my /etc/resolv.conf, don’t know why though…
hi Lani,
I have tried this, but cannot for the life of me seem to be able to ping outside of my home network, like http://www.google.co.za – i have followed your guide closely……could you give me some pointers please.
when i set up the server not to use itself as the dns server, it works fine.
Thank you
regards
Marc
Thanks for this quick and fully functionall example.
Evertyting works fine, but I have one issue – I can’t ping my local domain. Is this a missing field in a zone file?
e.g.:
$ ping ns01.home.lan
PING ns01.home.lan (10.0.0.3) 56(84) bytes of data.
64 bytes from ns01.home.lan (10.0.0.3): icmp_req=1 ttl=64 time=0.017 ms
64 bytes from mx01.home.lan (10.0.0.3): icmp_req=2 ttl=64 time=0.027 ms
64 bytes from server.home.lan (10.0.0.3): icmp_req=3 ttl=64 time=0.026 ms
64 bytes from ns01.home.lan (10.0.0.3): icmp_req=4 ttl=64 time=0.025 ms
64 bytes from mx01.home.lan (10.0.0.3): icmp_req=5 ttl=64 time=0.024 ms
…
$ ping home.lan
ping: unknown host home.lan
Hi,
This was very helpful as a starting point; but what if I want to create more zones? Should I just copy the home.lan.db file to newzone.org and change all home.lan entries to newzone.org in that file?
Greetings
Mikael
Hey Lani,
This is not a question because after following the tutorial my dns server works 🙂
Thank you!!
@Halim
Old I know, but I followed this awesome guide and also got the error.
I attempted to troubleshoot it but honestly got no where. Followed this guide:
https://help.ubuntu.com/8.04/serverguide/dns-configuration.html
And was able to get it working correctly on 12.04, and with the explanations of this document was able to add to it. I am very much guessing it is a mistype of mine somewhere, and with the copying of the general files limited my typing errors.
Thanks for the awesome tutorial Lani!
@xcs491 I tried the guide you recommended, but I also got the same issues with Halim and Tony. Can someone please shed more light on what we need to do to fix these errors? Thank you in advance
I’ve replied it to lz…
Try:
ifdown eth0
ifup eth0
Thanks lani for this great tutorial. It worked for me on the first try. Extremely thankful for your post. Halim and newbie issues seems to be due to their interfaces. I had to put my external interface down temporarily for local DNS entries to take effect,
hello im getting problem to setup dns .following error is occurred\
“” * Stopping domain name service… bind9
rndc: connect failed: 127.0.0.1#953: connection refused
…done.
* Starting domain name service… bind9
…fail! “
Pingback: Setting up Bind with a Bridged Network on Ubuntu 12.04 LTS | Ubuntu InfoUbuntu Info
I did find this very helpful. However, do you have anything for creating slave DNS servers? I also have to subnets. .100.x & .200.x. I assume I just need to add those into the files as separate zones?
Pingback: d5levelfc | /etc/resolv.conf
dns-search home.lan
dns-domain home.lan
should I give this on client side file or in server side file ?
Hi Arthimis,
Thank you for reading and commenting on my blog!
The dns-search and dns-domain directives that you are asking about are on the server side in this tutorial (when you are using static ip in the server). But you could also add them on the client side if you are using static ip on the clients as well. But in most cases it is better to use DHCP for the clients and let the DHCP-server provide these directives automatically to the clients.
I hope this helps.
Lani
hi
sorry for my english
i have installed ispconfig and have a problem with my dns that’s not working i have compeletly configured my server as you directed.but it is not working.i have installed it on a vmware and my hostname is ubuntu1.example.com:
1- there is not a router it is necessary to give this item a password?
2- i don’t have a seperate server for dns how to address the dns?
3-in the hostnames i must write ubuntu1.example.com.localhost.localdomain?
my knowledge of servers is very basic and i really need your help
I just found your guide and it is better than the guide on Ubuntu forums. I could not for the life of me get it to work from their guide but this worked great. Keep up the good work!
Excellent tutorial. I had my internal/home DNS server up and running in 15 minutes. Thank you for the effort of documenting and updating this.
I have 2 network interfaces one is LAN card another is wireless, in your case you mention point 3.2 /etc/network/interfaces here which one should be changed for using Lan card as when I changed the interfaces file it gave the static ip to wireless card (which is the active one on my machine) , also nohup.out has following in my case
;sudo nohup sh -c “ifdown wlan0 && ifup wlan0”
ifdown: interface wlan0 not configured
Ignoring unknown interface wlan0=wlan0.
~
because in mycase ifconfig shows eth0 and wlan0 as interfaces,
Also I have not set up forwarders section (temporarily) I do not want to use internet on this lan for some time, ( I am testing PXE boot) is configuring forwarders section compulsary or I can leave it commented point 2.2
you may like to see a question here http://askubuntu.com/questions/356285/2-lan-cards-giving-one-wireless-interface-a-static-ip
Pingback: setting up of interfaces file for bind9 and static ip on one interface | Ubuntu InfoUbuntu Info
Pingback: 2 lan cards giving one (wireless interface) a static ip « James n Sheri.com
your tutorial works like a charm!
Thank you so much. It worked exactly like I wanted.
My network is like this:
auto eth0
iface eth0 inet dhcp
auto eth1
iface eth1 inet static
address 10.0.1.15
netmask 255.255.255.0
So I have an old server that gives me a dhcp ip on eth0(of a new server) through a default gateway (192.168.1.1), should I put after iface eth0 inet dhcp line this lines?
dns-nameservers 127.0.0.1
dns-search home.lan
dns-domain home.lan
Because you mentioned something in 3.STATIC.2 NOTE 2
Nice tutorial, thanks. One remark: If resolving external names doesn’t work and in /var/log/syslog a line like “NS: got insecure response; parent indicates it should be secure” appear (e.g. by using company name servers).
The used name server doesn’t support DNSSEC so the response appear to be insecure to your server.
Solution: change /etc/bind/named.conf.options:
Comment the line “dnssec-validation auto;”
Add the lines: “dnssec-enable no;” and “dnssec-validation no;”
Thank you Eric for sharing your findings and knowledge, both on this post and the other one. Really appreciated, thanks! 🙂
Thanks so much, I used it in Ubuntu 14.04 and works perfectly
Good to know, thank you for the feedback.
What should the ifconfig look like? I ask because when I reboot, the machine comes up with the LAN interface as the UG (gateway) and I get no external traffic, which makes sense. I have to restart the network or manually set the externally pointing interface as the gateway.
Hi,
Thanks to your site I got Bind working. The problem was the most usual one that the dhcp client was not properly uninstalled.
One thing that I think you should remove from your tutorial is the MX records. Since you describe how to set up a private network the MX records will not be used. The MX records are only to be set up on your external dns. The same is really valid for the reverse lookup. There is no real need to have a reverse lookup zone in your local network. The reverse lookup zone is usually set up for you by your ISP – and they will only do it for you if you have a business grade contract with them
Pingback: Making a Pi / Ubuntu a DHCP and DNS Server | Tech @ MilneandFletch
Just want to say that out of all the tutorials, and after 2 days of trying to figure out how to set up a private DNS and caching for my vm server, this was the ONLY tut that actually worked. THANK YOU SO MUCH!
This is the best tutorial that I have seen on the internet so far for setting up the DNS Lan Network. My question is based on your caution that reads:
“make sure that the dns port (53) is not forwarded to your Ubuntu server”.
Since I am a novice at this stage, I would like to know the syntax that I should use to ensure that my system is not exposed. I am using Ubuntu 16.04.1.
Thanks (This is a great tutorial!)
Hi!
I followed this to the letter (Changing the IP address to how they are at home, of course). Now that I’ve set up the DNS server, how do I get my webserver to use it?