Home HowTo Why Use Your Own DNS Resolver?

Why Use Your Own DNS Resolver?

By
Content ID
-
25
0
install bind9 dns recursor debian 10 buster
Table of contents

A DNS resolver is a component of the Domain Name System (DNS) that is responsible for converting domain names (such as “google.com”) into IP addresses (such as “216.58.194.174”) that are used by computers to connect to websites and other internet services.

When a user enters a domain name in a web browser or other application, the request is sent to a DNS resolver to find the corresponding IP address. The DNS resolver first checks its local cache to see if it has recently resolved the same domain name. If it hasn’t, the resolver queries one or more other DNS servers on the internet to find the IP address. Once the IP address is found, the resolver returns it to the application, which can then use it to establish a connection to the server hosting the requested content.

DNS resolvers are typically provided by internet service providers (ISPs) or by third-party companies such as Google, Cloudflare, and OpenDNS. The performance and reliability of DNS resolvers can vary depending on factors such as the number of servers they have, their network infrastructure, and their proximity to the user. Some users choose to use alternative DNS resolvers to improve performance, privacy, or control over the DNS resolution process.

Why use Your Own DNS Resolver

If you want to set up your own DNS resolver, you can do so by following these general steps:

  1. Choose a DNS server software: There are many DNS server software options available, including BIND, PowerDNS, and Unbound. Choose one that fits your needs and expertise.
  2. Install and configure the DNS server software: Follow the instructions for your chosen software to install and configure it on your server. You will need to specify which domains you want to resolve and which upstream DNS servers to use.
  3. Set up forwarding: If you want to forward queries to another DNS resolver (such as your ISP’s resolver), you will need to configure your DNS server to do so. This can improve performance and reduce the load on your server.
  4. Secure your DNS server: DNS servers are often targeted by attackers, so it’s important to secure your server with appropriate measures, such as firewalls and access controls.
  5. Test and monitor your DNS resolver: Once your DNS resolver is set up, you should test it to ensure it is working correctly. You can also monitor the server for performance issues and potential security threats.

Note that setting up your own DNS resolver requires some technical expertise and may not be necessary for most users. Many public DNS resolvers are available, such as Google DNS and Cloudflare DNS, which can provide fast and reliable DNS resolution for your internet use.

Your Own DNS Resolver

If you want to set up your own DNS resolver, you can do so by following these general steps:

  1. Choose a DNS server software: There are many DNS server software options available, including BIND, PowerDNS, and Unbound. Choose one that fits your needs and expertise.
  2. Install and configure the DNS server software: Follow the instructions for your chosen software to install and configure it on your server. You will need to specify which domains you want to resolve and which upstream DNS servers to use.
  3. Set up forwarding: If you want to forward queries to another DNS resolver (such as your ISP’s resolver), you will need to configure your DNS server to do so. This can improve performance and reduce the load on your server.
  4. Secure your DNS server: DNS servers are often targeted by attackers, so it’s important to secure your server with appropriate measures, such as firewalls and access controls.
  5. Test and monitor your DNS resolver: Once your DNS resolver is set up, you should test it to ensure it is working correctly. You can also monitor the server for performance issues and potential security threats.

Note that setting up your own DNS resolver requires some technical expertise and may not be necessary for most users. Many public DNS resolvers are available, such as Google DNS and Cloudflare DNS, which can provide fast and reliable DNS resolution for your internet use.

Install BIND9 on Debian 11

here are the general steps to install BIND9 on Debian 11:

  1. Update the package list: Run the command sudo apt update to update the package list on your Debian 11 system.
  2. Install BIND9: Run the command sudo apt install bind9 to install the BIND9 DNS server package. This will install all the necessary packages and dependencies.
  3. Configure BIND9: Once BIND9 is installed, you will need to configure it for your specific needs. The main configuration file for BIND9 is located at /etc/bind/named.conf. You can edit this file with your preferred text editor to specify which domains you want to resolve and how you want to handle DNS queries. You can also configure other options, such as DNS forwarding and logging.
  4. Restart BIND9: After making any changes to the BIND9 configuration file, you will need to restart the BIND9 service to apply the changes. You can do this by running the command sudo systemctl restart bind9.
  5. Test BIND9: Once BIND9 is installed and configured, you can test it by performing a DNS query using the dig command. For example, to query the IP address for the domain example.com, you can run the command dig example.com. This should return the IP address for the domain, indicating that BIND9 is working correctly.

Configurations for a Local DNS Resolver

/etc/bind/ is the directory that contains configurations for BIND.

  • named.conf: the primary config file which includes configs of three other files.
  • db.127: localhost IPv4 reverse mapping zone file.
  • db.local: localhost forward IPv4 and IPv6 mapping zone file.
  • db.empty: an empty zone file

The bind9 package on Debian 10 doesn’t ship with a db.root file, it now uses the root hints file at /usr/share/dns/root.hints. The root hints file is used by DNS resolvers to query root DNS servers. There are 13 groups of root DNS servers, from a.root-servers.net to m.root-servers.net.

Out of the box, the BIND9 server on Debian provides recursive service for localhost and local network clients only. Outside queries will be denied. So you don’t have to edit the configuration files. To get you familiar with BIND 9 configurations, I will show you how to enable recursion service anyway.

The main BIND configuration file /etc/bind/named.conf sources the settings from 3 other files.

  • /etc/bind/named.conf.options
  • /etc/bind/named.conf.local
  • /etc/bind/named.conf.default-zones

To enable recursion service, edit the first file.

sudo nano /etc/bind/named.conf.options

In the options clause, add the following lines. Replace IP addresses in the allow-recursion statement with your own local network addresses.

 // hide version number from clients for security reasons.
 version "not currently available";

 // optional - BIND default behavior is recursion
 recursion yes;

 // provide recursion service to trusted clients only
 allow-recursion { 127.0.0.1; 192.168.0.0/24; 10.10.10.0/24; };

 // enable the query log
 querylog yes;
install bind9 dns recursor debian 10 buster

Save and close the file. Then test the config file syntax.

sudo named-checkconf

If the test is successful (indicated by a silent output), then restart BIND9.

sudo systemctl restart bind9

If you have a firewall running on the BIND server, then you need to open port 53 to allow LAN clients to send DNS queries. If you use UFW firewall, you can run the following command.

sudo ufw allow in from 192.168.0.0/24 to any port 53

This will open TCP and UDP port 53 to the private network 192.168.0.0/24. Then from another computer in the same LAN, we can run the following command to query the A record of google.com. Replace 192.168.0.102 with the IP address of your BIND resolver.

dig A google.com @192.168.0.102

Now on the BIND resolver, check the query log with the following command.

sudo journalctl -eu bind9

This will show the latest log message of the bind9 service unit. I can find the following line in the log, which indicates that a DNS query for google.com’s A record has been received from port 57806 of  IP address 192.168.0.103.

named[1162]: client @0x7f4d2406f0f0 192.168.0.103#57806 (google.com): query: google.com IN A +E(0)K (192.168.0.102)

Setting the Default DNS Resolver on Debian 10 Buster Server

On the BIND server, we need to set 127.0.0.1 as the default DNS resolver. You can check the current DNS resolver on Debian 10 with the following command.

cat /etc/resolv.conf

Sample output:

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#      DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 2001:19f0:300:1704::6
nameserver 108.61.10.10

The bind9 package on Debian 10 ships with a Systemd service unit bind9-resolvconf.service, which will help us set BIND as default DNS resolver on Debian server. By default, this service is disabled, we need to start it and enable auto-start at boot time.

sudo systemctl start bind9-resolvconf

sudo systemctl enable bind9-resolvconf

You can now check the content of /etc/resolv.conf again. As you can see, 127.0.0.1 (BIND) is now the default DNS resolver on Debian 10 Buster.

If your DNS resolver isn’t 127.0.0.1, it might be that your system doesn’t have the resolvconf binary, which causes the bind9-resolvconf service to fail. You need to install the resolvconf package and restart the service.

sudo apt install resolvconf

sudo systemctl restart bind9-resolvconf
Previous articleWhat is DNS, What is the Functions of DNS Server?
Next articleWhich is better – Litespeed or Nginx
Content ID
https://content.id
Content.id adalah media belajar bersama untuk membangun negerisalam https://content.id

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here