Setting up a DNS for the local network on the Ubuntu 12.04 (Precise Pangolin) server

Updated version

This is my updated step by step procedure that I took to setup my local dns server for our local network at home using Ubuntu 12.04. If you have an older version of Ubuntu you might want to instead check out the old guide, that was written for Ubuntu 8.04.

Step by step instructions

1: Make sure that the latest version of bind9 is installed (that’s the dns-server software):
sudo apt-get install bind9

2.1: Configure the DNS to cache requests and forward unknown requests to other DNS servers:
sudo nano /etc/bind/named.conf.options

2.2: Uncomment or add the forwarders section and replace the x:es with the ip-address to the primary and secondary dns of your isp:

forwarders {
        x.x.x.x;
        x.x.x.x;
};

Tip: I use OpenDNS as my forwarders, currently 208.67.222.222 and 208.67.220.220.

3.0: Make the server use its own DNS for look-ups:
How to specify which DNS server to use depends on if you are using a dynamic or static ip address:

3.DYNAMIC.1: Edit dhclient.conf:
sudo nano /etc/dhcp/dhclient.conf

3.DYNAMIC.2: Uncomment or add the following line:
prepend domain-name-servers 127.0.0.1;

Note: 127.0.0.1 points to the local machine, making the DNS requests go through our DNS server that we are setting up.

[OPTIONAL]
You might want to also add a search directive to eliminate the need of typing the FQDN when looking up local records. But you should only do this if you cannot control this information in the DHCP server. If you setup the DHCP server as well, then you should make sure that the DHCP server provides the search directive. It would then be automatically used by the DHCP client.

supersede domain-name "home.lan";

3.STATIC.1: Edit /etc/network/interfaces:
sudo nano /etc/network/interfaces

3.STATIC.2: Change or add the dns-nameserver, dns-search and dns-domain directives:

# The primary network interface
auto eth0
iface eth0 inet static
        address 192.168.0.2
        netmask 255.255.255.0
        gateway 192.168.0.1
        network 192.168.0.0
        broadcast 192.168.0.255
        dns-nameservers 127.0.0.1
        dns-search home.lan
        dns-domain home.lan

Note 1: home.lan is the domain name of our local network in this guide. A DNS search directive is used to eliminate the need of typing the FQDN when looking up local records.

Note 2: This setup must also be done for other Ubuntu clients that use a static IP. But then it should point to the IP of our DNS server. If you have a DHCP server you should specify your DNS IP in its settings, as well as the search domain.

4.1: Define the zones for the local domain:
sudo nano /etc/bind/named.conf.local

4.2: Add a zone for the local domain:

zone "home.lan" IN {
    type master;
    file "/etc/bind/zones/home.lan.db";
};

4.3: Also add a zone for reverse dns lookups for the local network:

zone "0.168.192.in-addr.arpa" {
    type master;
    file "/etc/bind/zones/rev.0.168.192.in-addr.arpa";
};

Note: Make sure that it’s literal quotes that are used, so that they aren’t converted if you copy and past them to the terminal. You get literal quotes on a Swedish keyboard by pressing “Shif+2″, on an English keybord it might be “Shif+,” ?

5: Create the zones directory:
sudo mkdir /etc/bind/zones

6.1: Configure the local domain:
sudo nano /etc/bind/zones/home.lan.db

6.2: Example settings, change to match your host names and ip-addresses:

; Use semicolons to add comments.
; Host-to-IP Address DNS Pointers for home.lan
; Note: The extra “.” at the end of the domain names are important.

; The following parameters set when DNS records will expire, etc.
; Importantly, the serial number must always be iterated upward to prevent
; undesirable consequences. A good format to use is YYYYMMDDII where
; the II index is in case you make more that one change in the same day.
$ORIGIN .
$TTL 86400      ; 1 day
home.lan. IN SOA ubuntu.home.lan. hostmaster.home.lan. (
    2008080901 ; serial
    8H ; refresh
    4H ; retry
    4W ; expire
    1D ; minimum
)

; NS indicates that ubuntu is the name server on home.lan
; MX indicates that ubuntu is (also) the mail server on home.lan
home.lan. IN NS ubuntu.home.lan.
home.lan. IN MX 10 ubuntu.home.lan.

$ORIGIN home.lan.

; Set the address for localhost.home.lan
localhost    IN A 127.0.0.1

; Set the hostnames in alphabetical order
print-srv    IN A 192.168.0.9
router       IN A 192.168.0.1
server       IN A 192.168.0.5
ubuntu       IN A 192.168.0.2
xbox         IN A 192.168.0.3

7.1: Create and edit the reverse lookup configuration file:
sudo nano /etc/bind/zones/rev.0.168.192.in-addr.arpa

7.2: Example settings, reversed of the above:

; IP Address-to-Host DNS Pointers for the 192.168.0 subnet
@ IN SOA ubuntu.home.lan. hostmaster.home.lan. (
    2008080901 ; serial
    8H ; refresh
    4H ; retry
    4W ; expire
    1D ; minimum
)
; define the authoritative name server
           IN NS ubuntu.home.lan.
; our hosts, in numeric order
1         IN PTR router.home.lan.
2         IN PTR ubuntu.home.lan.
3         IN PTR xbox.home.lan.
5         IN PTR server.home.lan.
9         IN PTR print-srv.home.lan.

8.0: Restart services to use the new settings:
8.1: Restart bind:
sudo service bind9 restart

8.2: Restart the network interface that you changed in step 3:
sudo nohup sh -c "ifdown eth0 && ifup eth0"Note that networking restart has been deprecated, see this post for more information.

9.0 Test that everything works as expected.
9.1: Test that the dns look-ups works with the local server:
host ping.sunet.se

The response should be:
ping.sunet.se has address 192.36.125.18
ping.sunet.se has IPv6 address 2001:6b0:7::18

9.2: Test that all of your computers are listed with the following command:
host -l home.lan

The output should list all of your entered hosts:
home.lan name server ubuntu.home.lan.
localhost.home.lan has address 127.0.0.1
print-srv.home.lan has address 192.168.0.9
router.home.lan has address 192.168.0.1
server.home.lan has address 192.168.0.5
ubuntu.home.lan has address 192.168.0.2
xbox.home.lan has address 192.168.0.3

9.3: Test that the reverse lookup works:

 host 192.168.0.1

Response:
1.0.168.192.in-addr.arpa domain name pointer ubuntu.home.lan.

Final words

  • You should have a firewall between this server and the internet and make sure that the dns port (53) is not forwarded to your Ubuntu server. Otherwise your dns server will be open for anyone in the world to use. With this setup it is only intended to be used within your local network.
  • Do not forget to update the serial every time you make any changes to a zone file.
About these ads

50 thoughts on “Setting up a DNS for the local network on the Ubuntu 12.04 (Precise Pangolin) server

  1. P. David Polly

    Thank you, I found this page to be extremely helpful. With it I was able to successfully set up a DNS server for my local network.

    I noticed a discrepancy in the naming of the reverse lookup file. In the instructions for adding zone information it is given the name rev.0.168.192 but in the instructions for creating the file it is given the name rev.10.10.10. The names should be the same in both files.

    Reply
    1. lani78 Post author

      Thank you for your comments. I’m happy that you found my guide helpful! I have corrected the mistake with 10.10.10. That’s the address that I actually use, but I changed to the more common 192.168.0.x to make the reversed order clearer.

      Reply
  2. Darius Jones

    I think you need a $ORIGIN directive in your zone file, otherwise it can be guessed incorrectly by BIND. I had to add that to each of my zone files to get host -l and reverse lookup going.

    Reply
    1. lani78 Post author

      You are correct Darius. Thank you for taking your time to point this out. I have the $ORIGIN directive in my file but have somehow missed it here. I will update the guide. Thanks again.

      Reply
  3. Eric

    this might be a stupid question, but what can I do with this? how come when I’m on another computer on my LAN, and i type in say “router” it doesn’t take me to the admin of my router. do i need to change my DNS on other computers on my LAN or something? help!

    Reply
    1. lani78 Post author

      Hi Eric,

      Yes, you must have have your other computers use the DNS server that you have setup. You must also specify the search suffix that you have setup for your DNS. Check out my other tutorial on setting up a DHCP-server, doing so will assign the ip address, dns and search suffix automatically to your other computers. But if you have a router you most likely will need to turn of its own DHCP server first. On the other hand an easier solution would be to set the search suffix and DNS in your router so that it automatically assigns it to connected clients for you, if your router supports this. This works fins with my D-Link DIR-655.

      I hope this helps,
      Lani

      Reply
  4. Ash

    Been trying to setup DNS on ubuntu for some time and finally success after following this tutorial. Thanks for the tutorial it was great help.

    Reply
  5. halim

    Hi lani,
    very interesting post. I followed all your direction to set up a DNS. When I tested it with “host ping.sunet.se” it works fine. Reverse lookup works.
    But when I wanted to test if the computers are listed by typing host -l I get the following message “host mitramedika.lan.mitramedika.lan not found: 9(NOTAUTHO)” . Can you please advise how to solve the problem? thanks

    Reply
    1. lani78 Post author

      Thank you newbie and halim for your comments. I have not seen this problem myself and unfortantly I do not have the opportunity to investigate this right now. I will keep this in mind and try to test it later. Hopefully some other readers can help with the problem.

      Reply
  6. Ekim

    I have been looking for a very good tut like this all along. Thanks a million. I installed it and it worked to perfection but please, is there any GUI for it? I prefer using the Graphical Interface instead ….

    Reply
  7. Iz

    This may be my own doing, but when having trouble restarting bind9, I realized the two files in “zones” was set as root:root. Changing them to bind:bind fixed that. Might be worth to mention though.

    As for the issue described by halim, newbie and green-beast I’m experiencing the same thing. With my ISP added at the end to the complaint (home.lan.isp.se). I can’t think of what might be confusing things, other than possibly the number of NICs (a total of three). Can’t se how though, since I’ve configured every interface accordingly.

    Reply
    1. clouts

      ifdown eth0
      ifup eth0

      This fixed my issue and wrote the correct configurations to my /etc/resolv.conf, don’t know why though…

      Reply
  8. Marc

    hi Lani,

    I have tried this, but cannot for the life of me seem to be able to ping outside of my home network, like http://www.google.co.za – i have followed your guide closely……could you give me some pointers please.
    when i set up the server not to use itself as the dns server, it works fine.
    Thank you
    regards
    Marc

    Reply
  9. Tony

    Thanks for this quick and fully functionall example.

    Evertyting works fine, but I have one issue – I can’t ping my local domain. Is this a missing field in a zone file?

    e.g.:

    $ ping ns01.home.lan
    PING ns01.home.lan (10.0.0.3) 56(84) bytes of data.
    64 bytes from ns01.home.lan (10.0.0.3): icmp_req=1 ttl=64 time=0.017 ms
    64 bytes from mx01.home.lan (10.0.0.3): icmp_req=2 ttl=64 time=0.027 ms
    64 bytes from server.home.lan (10.0.0.3): icmp_req=3 ttl=64 time=0.026 ms
    64 bytes from ns01.home.lan (10.0.0.3): icmp_req=4 ttl=64 time=0.025 ms
    64 bytes from mx01.home.lan (10.0.0.3): icmp_req=5 ttl=64 time=0.024 ms

    $ ping home.lan
    ping: unknown host home.lan

    Reply
  10. Mikael Ljung

    Hi,
    This was very helpful as a starting point; but what if I want to create more zones? Should I just copy the home.lan.db file to newzone.org and change all home.lan entries to newzone.org in that file?
    Greetings
    Mikael

    Reply
  11. xcs491

    @Halim
    Old I know, but I followed this awesome guide and also got the error.

    I attempted to troubleshoot it but honestly got no where. Followed this guide:
    https://help.ubuntu.com/8.04/serverguide/dns-configuration.html

    And was able to get it working correctly on 12.04, and with the explanations of this document was able to add to it. I am very much guessing it is a mistype of mine somewhere, and with the copying of the general files limited my typing errors.

    Thanks for the awesome tutorial Lani!

    Reply
  12. kayla

    @xcs491 I tried the guide you recommended, but I also got the same issues with Halim and Tony. Can someone please shed more light on what we need to do to fix these errors? Thank you in advance

    Reply
  13. umair

    Thanks lani for this great tutorial. It worked for me on the first try. Extremely thankful for your post. Halim and newbie issues seems to be due to their interfaces. I had to put my external interface down temporarily for local DNS entries to take effect,

    Reply
  14. sanjeev

    hello im getting problem to setup dns .following error is occurred\
    “” * Stopping domain name service… bind9
    rndc: connect failed: 127.0.0.1#953: connection refused
    …done.
    * Starting domain name service… bind9
    …fail! “

    Reply
  15. Pingback: Setting up Bind with a Bridged Network on Ubuntu 12.04 LTS | Ubuntu InfoUbuntu Info

  16. kmarty009

    I did find this very helpful. However, do you have anything for creating slave DNS servers? I also have to subnets. .100.x & .200.x. I assume I just need to add those into the files as separate zones?

    Reply
  17. Pingback: d5levelfc | /etc/resolv.conf

  18. Arthimis

    dns-search home.lan
    dns-domain home.lan
    should I give this on client side file or in server side file ?

    Reply
    1. lani78 Post author

      Hi Arthimis,

      Thank you for reading and commenting on my blog!

      The dns-search and dns-domain directives that you are asking about are on the server side in this tutorial (when you are using static ip in the server). But you could also add them on the client side if you are using static ip on the clients as well. But in most cases it is better to use DHCP for the clients and let the DHCP-server provide these directives automatically to the clients.

      I hope this helps.
      Lani

      Reply
  19. hassan

    hi
    sorry for my english
    i have installed ispconfig and have a problem with my dns that’s not working i have compeletly configured my server as you directed.but it is not working.i have installed it on a vmware and my hostname is ubuntu1.example.com:
    1- there is not a router it is necessary to give this item a password?
    2- i don’t have a seperate server for dns how to address the dns?
    3-in the hostnames i must write ubuntu1.example.com.localhost.localdomain?
    my knowledge of servers is very basic and i really need your help

    Reply
  20. Jason

    I just found your guide and it is better than the guide on Ubuntu forums. I could not for the life of me get it to work from their guide but this worked great. Keep up the good work!

    Reply
  21. JeffD

    Excellent tutorial. I had my internal/home DNS server up and running in 15 minutes. Thank you for the effort of documenting and updating this.

    Reply
  22. abhishek

    I have 2 network interfaces one is LAN card another is wireless, in your case you mention point 3.2 /etc/network/interfaces here which one should be changed for using Lan card as when I changed the interfaces file it gave the static ip to wireless card (which is the active one on my machine) , also nohup.out has following in my case
    ;sudo nohup sh -c “ifdown wlan0 && ifup wlan0″
    ifdown: interface wlan0 not configured
    Ignoring unknown interface wlan0=wlan0.
    ~
    because in mycase ifconfig shows eth0 and wlan0 as interfaces,

    Reply
    1. abhishek

      Also I have not set up forwarders section (temporarily) I do not want to use internet on this lan for some time, ( I am testing PXE boot) is configuring forwarders section compulsary or I can leave it commented point 2.2

      Reply
  23. Pingback: setting up of interfaces file for bind9 and static ip on one interface | Ubuntu InfoUbuntu Info

  24. Pingback: 2 lan cards giving one (wireless interface) a static ip « James n Sheri.com

  25. ionut

    My network is like this:
    auto eth0
    iface eth0 inet dhcp
    auto eth1
    iface eth1 inet static
    address 10.0.1.15
    netmask 255.255.255.0
    So I have an old server that gives me a dhcp ip on eth0(of a new server) through a default gateway (192.168.1.1), should I put after iface eth0 inet dhcp line this lines?
    dns-nameservers 127.0.0.1
    dns-search home.lan
    dns-domain home.lan
    Because you mentioned something in 3.STATIC.2 NOTE 2

    Reply
  26. eric

    Nice tutorial, thanks. One remark: If resolving external names doesn’t work and in /var/log/syslog a line like “NS: got insecure response; parent indicates it should be secure” appear (e.g. by using company name servers).
    The used name server doesn’t support DNSSEC so the response appear to be insecure to your server.
    Solution: change /etc/bind/named.conf.options:
    Comment the line “dnssec-validation auto;”
    Add the lines: “dnssec-enable no;” and “dnssec-validation no;”

    Reply
    1. lani78 Post author

      Thank you Eric for sharing your findings and knowledge, both on this post and the other one. Really appreciated, thanks! :)

      Reply
  27. Kev

    What should the ifconfig look like? I ask because when I reboot, the machine comes up with the LAN interface as the UG (gateway) and I get no external traffic, which makes sense. I have to restart the network or manually set the externally pointing interface as the gateway.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s