The domain name system (DNS) resolves hostnames (e.g. www.example.net) to IP addresses.
BIND is the most used DNS server on the internet.

This tutorial shows how to configure a subdomain in BIND 9 on Debian 10 (buster).

Contents

• Installation
• Domain
• Firewall
• Configuration
  • Zone
  • Reload
• Test
• Dynamic Updates
  • Configuration
  • Client
• External Links for further Information

Installation

The official Debian repository includes BIND 9:

apt install bind9

Domain

To run a name server for a subdomain sub.example.net,
the following records are relevant in the zone of the domain example.net:

sub      IN  NS    ns1.sub.example.net.  ; name server for subdomain sub.example.net
ns1.sub  IN  A     192.0.2.1             ; IPv4 address of ns1.sub.example.net
ns1.sub  IN  AAAA  2001:db8:10::1        ; IPv6 address of ns1.sub.example.net

Firewall

The DNS server ns1.sub.example.net needs to accept incoming packages
on the following ports:

• TCP port 53
• UDP port 53

Configuration

The zone file for sub.example.net needs to be specified in the configuration file:

/etc/bind/named.conf.local

zone "sub.example.net" {
    type master;
    file "/var/lib/bind/db.sub.example.net";
};

Zone

The zone file defines records for a (sub)domain.
Here is an exemplary zone file for the subdomain sub.example.net:

/var/lib/bind/db.sub.example.net

$TTL  86400
@         IN  SOA   ns1.sub.example.net. root.example.net. (
                    2020042301    ; Serial  (YYYYMMDDxx)
                          3600    ; Refresh  (1 hour)
                           600    ; Retry  (10 mins)
                        604800    ; Expire  (7 days)
                          1800 )  ; Negative Cache TTL  (30 mins)

@         IN  NS    ns1.sub.example.net.
ns1       IN  A     192.0.2.1
ns1       IN  AAAA  2001:db8:10::1

; other hostnames
somehost  IN  A     192.0.2.10
another   IN  A     192.0.2.11

The content of the exemplary zone file means the following:

• The default time to live (TTL) for each record is set to 86400 seconds (1 day).
• "@" is an alias for the zone itself (sub.example.net).
• The start of authority (SOA) record contains administrative information
  about the zone: name server, mail address, serial number, ...
• The name server ns1.sub.example.net for the subdomain sub.example.net is
  specified in the NS record.
• IPv4 addresses are stored in A records.
• AAAA records contain IPv6 addresses.

Reload

The following command reloads the configuration:

rndc reload

Test

Install the dnsutils package:

apt install dnsutils

Verify that the DNS lookup returns the correct IP address:

nslookup somehost.sub.example.net

Dynamic Updates

Updating the DNS records is useful when IP addresses are dynamically assigned.
For instance, DHCP servers automatically assign IP addresses to hosts.

Configuration

The following command generates a random rndc key and
prints a configuration example to the terminal:

rndc-confgen

To allow a client to update the DNS records of sub.example.net with an rndc key,
enable it in the configuration file:

/etc/bind/named.conf.local

include "/etc/bind/rndc.key";

zone "sub.example.net" {
    type master;
    file "/var/lib/bind/db.sub.example.net";
    allow-update { key "rndc-key"; };
};

Client

For updating DNS records, the following command line tool is used:

nsupdate

These commands update the IPv4 address of somehost.sub.example.net:

key rndc-key C3...DQ==
update delete somehost.sub.example.net A
update add somehost.sub.example.net 86400 A 192.0.2.123
send

External Links for further Information

• https://www.isc.org/bind/
• https://tools.ietf.org/html/rfc1035
• https://en.wikipedia.org/wiki/Zone_file
• https://wiki.debian.org/Bind9