Install Bind 9

Update the system

apt-get update && apt-get dist-upgrade

Install Bind 9

apt-get install bind9 bind9utils bind9-doc
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.       
Statusinformationen werden eingelesen.... Fertig
The following additional packages will be installed:
  libirs141
Die folgenden NEUEN Pakete werden installiert:
  bind9 bind9-doc bind9utils libirs141
0 aktualisiert, 4 neu installiert, 0 zu entfernen und 0 nicht aktualisiert.
Es müssen 808 kB an Archiven heruntergeladen werden.
Nach dieser Operation werden 4.687 kB Plattenplatz zusätzlich benutzt.
Möchten Sie fortfahren? [J/n] J

Set Bind to IPv4 mode

systemctl edit --full bind9
[Service]
ExecStart=/usr/sbin/named -f -u bind -4

Reload the systemd daemon

systemctl daemon-reload

Restart Bind

service bind9 restart

Add remote name daemon controller to services

vi /etc/services
rndc            953/tcp
netstat -patu |grep named
tcp   0   0 192.168.0.4:domain     *:*    LISTEN     31209/named     
tcp   0   0 localhost:domain       *:*    LISTEN     31209/named     
tcp   0   0 localhost:rndc         *:*    LISTEN     31209/named     
udp   0   0 192.168.0.4:domain     *:*               31209/named     
udp   0   0 localhost:domain       *:*               31209/named

Create rndc.key

rndc-confgen -a
cat /etc/bind/rndc.key
key "rndc-key" {
    algorithm hmac-md5;
    secret "1QEesnAjRbnq0XwpMZMNRg==";
};

Configure Bind

vi /etc/bind/named.conf
key "rndc-key" {
    algorithm hmac-md5;
    secret "1QEesnAjRbnq0XwpMZMNRg==";
};
 
controls {
    inet 127.0.0.1 port 953 allow { 127.0.0.1; }
    keys { rndc-key; };
}; 

logging {
    category lame-servers {default_syslog; };
    category dispatch     {default_syslog; };
    category update       {default_syslog; };
    category unmatched    {default_syslog; };
    category xfer-out     {default_syslog; };
    category xfer-in      {default_syslog; };
    category config       {default_syslog; };
    category security     {default_syslog; };
    category general      {default_syslog; };
    category default      {default_syslog; };
    category database     {default_syslog; };
    category security     {default_syslog; };
    category general      {default_syslog; };
    category default      {default_syslog; };
    category database     {default_syslog; };
    category security     {default_syslog; };
    category resolver     {default_syslog; };
    category notify       {default_syslog; };
    category client       {default_syslog; };
    category network      {default_syslog; };
    category queries      {default_syslog; };
    category dnssec       {default_syslog; };
};
vi /etc/bind/named.conf.options
options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        // forwarders {
        //      0.0.0.0;
        // };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035

//      listen-on-v6 { any; };
        listen-on { 127.0.0.1; 192.168.0.4; };

        recursion yes;

        allow-transfer {
                 127.0.0.1;
                 192.168.0.3;
        };

        version "Bomboklaat";

        notify yes;

}
service bind9 restart

Congratulations! Your nameserver is now configured and running.

rndc status
version: BIND 9.10.3-P4-Ubuntu <id:ebd72b3> (Raasklaat)
boot time: Sun, 08 Jan 2017 23:06:58 GMT
last configured: Sun, 08 Jan 2017 23:07:00 GMT
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 101
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
dig @localhost CH TXT version.bind
; <<>> DiG 9.10.3-P4-Ubuntu <<>> @localhost CH TXT version.bind
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21523
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;version.bind.            CH    TXT

;; ANSWER SECTION:
version.bind.        0    CH    TXT    "Raasklaat"

;; AUTHORITY SECTION:
version.bind.        0    CH    NS    version.bind.

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
tail -f /var/log/syslog | grep bind
named[945]: received control channel command 'stop'
named[945]: shutting down: flushing changes
named[945]: stopping command channel on 127.0.0.1#953
named[945]: no longer listening on 127.0.0.1#53
named[945]: no longer listening on 192.168.0.4#53
named[945]: exiting
named[1031]: starting BIND 9.10.3-P4-Ubuntu <id:ebd72b3> -f -u bind -4
named[1031]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--libdir=/usr/lib/i386-linux-gnu' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--enable-native-pkcs11' '--with-pkcs11=/usr/lib/i386-linux-gnu/softhsm/libsofthsm2.so' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE' 'LDFLAGS=-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2 -DDIG_SIGCHASE'
named[1031]: ----------------------------------------------------
named[1031]: BIND 9 is maintained by Internet Systems Consortium,
named[1031]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
named[1031]: corporation.  Support and training for BIND 9 are
named[1031]: available at https://www.isc.org/support
named[1031]: ----------------------------------------------------
named[1031]: adjusted limit on open files from 4096 to 1048576
named[1031]: found 1 CPU, using 1 worker thread
named[1031]: using 1 UDP listener per interface
named[1031]: using up to 4096 sockets
named[1031]: loading configuration from '/etc/bind/named.conf'
named[1031]: reading built-in trusted keys from file '/etc/bind/bind.keys'
named[1031]: initializing GeoIP Country (IPv4) (type 1) DB
named[1031]: GEO-106FREE 20160408 Bu
named[1031]: initializing GeoIP Country (IPv6) (type 12) DB
named[1031]: GEO-106FREE 20160408 Bu
named[1031]: GeoIP City (IPv4) (type 2) DB not available
named[1031]: GeoIP City (IPv4) (type 6) DB not available
named[1031]: GeoIP City (IPv6) (type 30) DB not available
named[1031]: GeoIP City (IPv6) (type 31) DB not available
named[1031]: GeoIP Region (type 3) DB not available
named[1031]: GeoIP Region (type 7) DB not available
named[1031]: GeoIP ISP (type 4) DB not available
named[1031]: GeoIP Org (type 5) DB not available
named[1031]: GeoIP AS (type 9) DB not available
named[1031]: GeoIP Domain (type 11) DB not available
named[1031]: GeoIP NetSpeed (type 10) DB not available
named[1031]: using default UDP/IPv4 port range: [32768, 60999]
named[1031]: listening on IPv4 interface lo, 127.0.0.1#53
named[1031]: listening on IPv4 interface eth0, 192.168.0.4#53
named[1031]: generating session key for dynamic DNS
named[1031]: sizing zone task pool based on 5 zones
named[1031]: using built-in root key for view _default
named[1031]: set up managed keys zone for view _default, file 'managed-keys.bind'
named[1031]: automatic empty zone: 10.IN-ADDR.ARPA
named[1031]: automatic empty zone: 16.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 17.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 18.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 19.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 20.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 21.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 22.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 23.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 24.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 25.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 26.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 27.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 28.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 29.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 30.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 31.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 168.192.IN-ADDR.ARPA
named[1031]: automatic empty zone: 64.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 65.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 66.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 67.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 68.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 69.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 70.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 71.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 72.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 73.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 74.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 75.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 76.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 77.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 78.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 79.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 80.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 81.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 82.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 83.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 84.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 85.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 86.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 87.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 88.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 89.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 90.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 91.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 92.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 93.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 94.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 95.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 96.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 97.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 98.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 99.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 100.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 101.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 102.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 103.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 104.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 105.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 106.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 107.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 108.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 109.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 110.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 111.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 112.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 113.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 114.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 115.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 116.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 117.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 118.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 119.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 120.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 121.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 122.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 123.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 124.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 125.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 126.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 127.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 254.169.IN-ADDR.ARPA
named[1031]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
named[1031]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
named[1031]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
named[1031]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
named[1031]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
named[1031]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
named[1031]: automatic empty zone: D.F.IP6.ARPA
named[1031]: automatic empty zone: 8.E.F.IP6.ARPA
named[1031]: automatic empty zone: 9.E.F.IP6.ARPA
named[1031]: automatic empty zone: A.E.F.IP6.ARPA
named[1031]: automatic empty zone: B.E.F.IP6.ARPA
named[1031]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
named[1031]: automatic empty zone: EMPTY.AS112.ARPA
named[1031]: command channel listening on 127.0.0.1#953
named[1031]: managed-keys-zone: journal file is out of date: removing journal file
named[1031]: managed-keys-zone: loaded serial 12
named[1031]: zone 0.in-addr.arpa/IN: loaded serial 1
named[1031]: zone 255.in-addr.arpa/IN: loaded serial 1
named[1031]: zone 127.in-addr.arpa/IN: loaded serial 1
named[1031]: zone localhost/IN: loaded serial 2
named[1031]: all zones loaded
named[1031]: running