Setup your own secondary DNS SERVER on Ubuntu 18.04 LTS


#1

MIAB was my first DNS and buddyns.com was my second DNS but buddyns.com doesn’t support DNSSEC with the free account. Some mail servers refused to send email to my box because of a not working DNSSEC so I tried to setup a secondary DNS on an existing virtual box running a webserver (LAMP) under Ubuntu 18.04 LTS. It took 5 minutes!

Below, I use ns3.box.example.com for the second DNS, because ns2 is used by MIAB itself.
ns1.box.example.com 1.1.1.1 existing MIAB server
ns3.box.example.com 3.3.3.3 another Ubuntu 18.04 LTS server

In MIAB control panel add ns3.box.example.com A 3.3.3.3 under System, Set custom DNS records
Result:
Domain Name Record Type Value
ns3.box.example.com A 3.3.3.3

In MIAB control panel System, Using a secondary nameserver, Hostname: ns3.box.example.com

On the secondary nameserver:

apt-get install bind9 bind9utils bind9-doc
Edit /etc/bind/named.conf.options
At top of file before ‘options {’ add:

  acl "trusted" {
        1.1.1.1;   # ns1
        3.3.3.3;   # ns3 - can be set to localhost
};

Below ‘directory “/var/cache/bind”;’ add:

    recursion yes;
    allow-recursion { trusted; };
    listen-on { 3.3.3.3; };      # ns3 private IP address
    allow-transfer { none; };          # disable zone transfers by default

    forwarders {
            8.8.8.8; #Google Public DNS
            8.8.4.4; #Google Public DNS
    };
    dnssec-enable yes;

Edit /etc/bind/named.conf.local

zone "example.com" {
    type slave;
    file "db.example.com";
    masters { 1.1.1.1; };  # ns1 private IP
};

Add other domains you are hosting on your MIAB

zone "otherdomain1.com" {
    type slave;
    file "db.otherdomain1.nl";
    masters { 1.1.1.1; };  # ns1 private IP
};

named-checkconf
systemctl restart bind9
ufw allow Bind

Done!
DNS info written to /var/cache/bind/db.example.com

See also:

Of course, I asked my registrar to make two glue records:
ns1.box.example.com 1.1.1.1
ns3.box.example.com 3.3.3.3
and set the nameservers for my domain to:
ns1.box.example.com
ns3.box.example.com

Very good check if everything works:
http://dnsviz.net/d/example.com/dnssec/

Note: I did not add a reverse zone in named.conf.local. Don’t know if this should be done.


#2

When you add a secondary DNS on the custom DNS page it replaces ns2 with what you have added. So rather than ns1 ns2 and ns3 you will actually only have ns1 and ns3. I see that you did note that. Others who have tried have missed this in the past.

Thanks for the helpful guide on how to create a secondary DNS server - not to be confused with how to use secondary DNS. :slight_smile:


#3

Thank you!
I saved your note in my docs folder for future reference :slight_smile:

Beside this I started my MIAB journey using https://puck.nether.net/dns/login

Simple to use and free, with full support of DNSSEC


closed #4

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.