BIND9
Enable port 53 in firewall
sudo vim /etc/netplan/50-cloud-init.yaml:%d [ENTER]network:
version: 2
ethernets:
enp6s18:
dhcp4: no
addresses:
- 192.168.8.4/22
gateway4: 192.168.8.1
nameservers:
addresses:
- 1.1.1.1
- 8.8.8.8sudo netplan applyReboot the server and login using 192.168.8.4
sudo ufw allow 53sudo ufw reloadsudo ufw statusUpdate system packages
sudo apt update && sudo apt upgrade -yInstall BIND9
sudo apt install bind9 bind9utils bind9-doc -yCreate the Zones Directory
sudo mkdir -p /etc/bind/zonesConfigure BIND9
sudo vim /etc/bind/named.conf.optionsCopy paste from below
acl "internal" {
192.168.8.0/22;
127.0.0.1;
};
options {
directory "/var/cache/bind";
recursion yes;
allow-recursion { "internal"; };
forwarders {
1.1.1.1; // Cloudflare
8.8.8.8; // Google
};
dnssec-validation auto;
auth-nxdomain no; // conforms to RFC1035
listen-on { any; };
};Navigate to bind9 folder
cd /etc/bind/ls -lCreate bind9 config files
sudo vim /etc/bind/named.conf.localCopy paste from below
zone "aspireclan.com" {
type master;
file "/etc/bind/zones/db.aspireclan.com";
};
zone "tidyshelves.com" {
type master;
file "/etc/bind/zones/db.tidyshelves.com";
};
zone "shelvera.com" {
type master;
file "/etc/bind/zones/db.shelvera.com";
};sudo vim /etc/bind/zones/db.aspireclan.comCopy paste from below
$TTL 604800
@ IN SOA ns1.aspireclan.com. admin.aspireclan.com. (
2025041102 ; Serial (use YYYYMMDDNN format)
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns1.aspireclan.com.
ns1 IN A 192.168.8.60 ; Replace with your DNS server's internal IP
; Internal records
dev.docs IN A 192.168.8.110
apis.fp IN A 13.234.112.90
fp IN A 13.234.112.90
udmse IN A 192.168.8.5
pve IN A 192.168.8.5
acfw IN A 192.168.8.5
nas IN A 192.168.8.5
dhcp IN A 192.168.8.5
; Add additional records as neededsudo vim /etc/bind/zones/db.tidyshelves.comCopy paste from below
$TTL 604800
@ IN SOA ns1.tidyshelves.com. admin.tidyshelves.com. (
2025041102 ; Serial (use YYYYMMDDNN format)
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns1.tidyshelves.com.
ns1 IN A 192.168.8.60 ; Replace with your DNS server's internal IP
; Internal records
;udmse IN A 192.168.8.50
; Add additional records as neededsudo vim /etc/bind/zones/db.shelvera.comCopy paste from below
$TTL 604800
@ IN SOA ns1.shelvera.com. admin.shelvera.com. (
2026011701 ; Serial (use YYYYMMDDNN format)
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns1.shelvera.com.
ns1 IN A 192.168.8.60 ; Replace with your DNS server's internal IP
; Internal records
local.api IN A 192.168.8.28
local.api IN A 192.168.8.29
; Add additional records as neededsudo vim /etc/default/namedchange OPTIONS="-u bind" to OPTIONS="-u bind -4"
Validate syntax of Bind configuration and zone files
sudo named-checkconf /etc/bind/named.conf.optionssudo named-checkconf /etc/bind/named.conf.localsudo named-checkzone aspireclan.com /etc/bind/zones/db.aspireclan.comsudo named-checkzone tidyshelves.com /etc/bind/zones/db.tidyshelves.comsudo named-checkzone shelvera.com /etc/bind/zones/db.shelvera.comsudo systemctl restart bind9sudo systemctl status bind9[OPTIONAL] Testing
THIS COMMANDS SHOULD WORK
dig +trace TXT _acme-challenge.test.aspireclan.comdig -4 +trace TXT _acme-challenge.test.aspireclan.com