====== DNS server configuration ======

===== Installation =====
Download and install the packages
<code bash>
sudo apt install bind9 bind9utils bind9-doc bind9-host dnsutils
</code>

===== Configuration =====

==== DNS Forwarders ====
To setup a caching nameserver, add the IP addresses of the ISP's (e.g., Academia Sinica) DNS servers. Uncomment and edit the following in ''/etc/bind/named.conf.options'':
<code bash>
forwarders {
		// Google
		8.8.8.8;
		8.8.4.4;
           };
</code>

==== Logging ====

add the following code to ''/etc/bind/named.conf.local'':
<code bash>
logging {
	channel default-log {
		file "/var/log/named/default.log" size 100m;
		severity info;
		print-time yes;
	};
	channel lamer-log {
		file"/var/log/named/lamer.log" size 100m;
		severity info;
		print-severity yes; 
		print-time yes;
		print-category yes;
	};
	channel query-log {
		file "/var/log/named/query.log" size 1000m;
		severity info;
		print-time yes;
	 };
	channel security-log {
		file"/var/log/named/security.log" size 100m;
		severity info;
		print-severity yes;
		print-time yes;
		print-category yes;
	};
	category default { default-log;};
	category lame-servers { lamer-log; };
	category queries { query-log;};
	category security { security-log;};
};
</code>

prepare log directory:
<code bash>
sudo mkdir -p /var/log/named
sudo chown bind:bind /var/log/named
</code>
note:
the log directory "/var/log/named" is hard-coded in ''/etc/apparmor.d/usr.sbin.named''
<code bash>
  # some people like to put logs in /var/log/named/ instead of having
  # syslog do the heavy lifting.
  /var/log/named/** rw,
  /var/log/named/ rw,
</code>
this part would need to be changed if a custom log directory is used.


start service
<code bash>
# enable auto start at boot time:
sudo systemctl enable named
# start
sudo systemctl start named
</code>

check status
<code bash>
systemctl status named
</code>

check the "Current DNS Server"
<code bash>
systemd-resolve --status
</code>

To set BIND as the default resolver, edit ''/etc/systemd/resolved.conf''
In the [Resolve] section, add ''DNS=127.0.0.1''
<code bash>
# restart and check again
sudo systemctl restart systemd-resolved
systemd-resolve --status
</code>

===== Test =====
Use "dig" against the loopback interface to make sure it is listening on port 53:
<code bash>
$ dig -x 127.0.0.1

; <<>> DiG 9.7.0-P1 <<>> -x 127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18580
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;1.0.0.127.in-addr.arpa.		IN	PTR

;; ANSWER SECTION:
1.0.0.127.in-addr.arpa.	655360	IN	PTR	localhost.

;; Query time: 1 msec
;; SERVER: 140.109.13.10#53(140.109.13.10)
;; WHEN: Fri Aug 26 10:51:34 2011
;; MSG SIZE  rcvd: 63
</code>

Use "dig" against an outside domain to check the query time:
<code bash>
$ dig ubuntu.com

; <<>> DiG 9.7.0-P1 <<>> ubuntu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46633
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ubuntu.com.			IN	A

;; ANSWER SECTION:
ubuntu.com.		600	IN	A	91.189.94.156

;; Query time: 275 msec
;; SERVER: 140.109.13.10#53(140.109.13.10)
;; WHEN: Fri Aug 26 10:54:43 2011
;; MSG SIZE  rcvd: 44
</code>

Note the query time toward the end of the command output is 275 msec. Rerun the command to see if the query time is improved (because the result is now cached).

===== References =====
  * [[https://help.ubuntu.com/10.04/serverguide/C/dns.html]]
  * [[https://www.linuxbabe.com/ubuntu/set-up-local-dns-resolver-ubuntu-20-04-bind9]]