Setup your own secondary DNS SERVER on Ubuntu 18.04 LTS

MIAB was my first DNS and was my second DNS but doesn’t support DNSSEC with the free account. Some mail servers refused to send email to my box because of a not working DNSSEC so I tried to setup a secondary DNS on an existing virtual box running a webserver (LAMP) under Ubuntu 18.04 LTS. It took 5 minutes!

Below, I use for the second DNS, because ns2 is used by MIAB itself. existing MIAB server another Ubuntu 18.04 LTS server

In MIAB control panel add A under System, Set custom DNS records
Domain Name Record Type Value A

In MIAB control panel System, Using a secondary nameserver, Hostname:

On the secondary nameserver:

apt-get install bind9 bind9utils bind9-doc
Edit /etc/bind/named.conf.options
At top of file before ‘options {’ add:

  acl "trusted" {;   # ns1;   # ns3 - can be set to localhost

Below ‘directory “/var/cache/bind”;’ add:

    recursion yes;
    allow-recursion { trusted; };
    listen-on {; };      # ns3 private IP address
    allow-transfer { none; };          # disable zone transfers by default

    forwarders {
  ; #Google Public DNS
  ; #Google Public DNS
    dnssec-enable yes;

Edit /etc/bind/named.conf.local

zone "" {
    type slave;
    file "";
    masters {; };  # ns1 private IP

Add other domains you are hosting on your MIAB

zone "" {
    type slave;
    file "";
    masters {; };  # ns1 private IP

systemctl restart bind9
ufw allow Bind

DNS info written to /var/cache/bind/

See also:

Of course, I asked my registrar to make two glue records:
and set the nameservers for my domain to:

Very good check if everything works:

Note: I did not add a reverse zone in named.conf.local. Don’t know if this should be done.


When you add a secondary DNS on the custom DNS page it replaces ns2 with what you have added. So rather than ns1 ns2 and ns3 you will actually only have ns1 and ns3. I see that you did note that. Others who have tried have missed this in the past.

Thanks for the helpful guide on how to create a secondary DNS server - not to be confused with how to use secondary DNS. :slight_smile:

Thank you!
I saved your note in my docs folder for future reference :slight_smile:

Beside this I started my MIAB journey using

Simple to use and free, with full support of DNSSEC

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.