There's a lot to do so feel free to use the timeline 00:00 Intro 00:57 How It Works 06:31 Build VM 10:38 Install Ubuntu 19:55 Install Bind9 21:30 Configure Forwarder 32:00 Configure Zones 37:48 Configure Forward Zone 45:07 Configure Reverse Zone 49:30 Update Netplan 51:34 Start and Test DNS
I don't understand why written articles make it so difficult or explicitly tied to a domain in the internet. This is exactly what I was looking for, detailed and easy to follow. Cheers!
thanks a lot .i have tried to do this several times in many years by following my tutorials but i never succeed.this time is ok .u explain it very clear and u go straight for the point .ps i'm french speakin just imagine if a guy like me understand what u say .thanks one more time .i 'm already subscribed. very good job bravo !!! Sir
Hi David, I am watching your video studying for a job interview. I have supported Microsoft DNS for years and I am very familiar with it, but this job they using Bind on Debian Linux, and i've never done that. I just wanted to say the video is excellent and was very helpful to me. Thank you.
David, thanks a lot for being generous to share your experience and knowledge. Best explanation for dns services through a server and configuring it properly.
Great video, thanks for sharing, it helped me configuring my bind service at home and understand how to configure each record type. I was stuck at trying to setup the reverse zone and this video helped me to get it working. You gained a new subscriber!
Thanks for the feedback and the sub Good to know the video was helpful I'm always surprised when I come across companies not doing reverse DNS lookups as it's very useful for troubleshooting but also used as a security check And I learned all this a long long time ago when I was doing Microsoft certifications
This was awesome. Very clear instructions with some additional info on how it works so I, not only understand what I'm doing, but also why I'm doing it. Thanks for the video. :)
Awesome presentation job explaining all the steps. I’m so happy people out there like you make comprehensive tutorials about server setups! If possible plz make a video on smart cache server. Thank you
Excellent video and explanation mate. Thank you for all the effort you put in. For the people that are struggling like me here is a hint make sure you tripple check your spelling because you might end up wasting hour(s) just because you forgot 1 letter >.< I am not saying that this happened to me but yeah... it totally did -.-
Great video!!! The only issue I had was my spelling. I will be definitely subscribing and watching the rest of your videos for my future projects!!! Thanks so much!
Good to hear the video was helpful and thanks for the feedback I do pay attention to feedback and so in my more recent videos I started zooming in and increasing font size
David - Thanks for a clear explanation of this. Gone through several tutorials, but this is the most definitive for me. I also use pfsense. Does this negate the use of the pfsense DNS Resolver? Will be great if you can also do a video on how to add a second dns server for redundancy, dns over https and also ipv6.! Keep this up.
Thanks for the feedback, I really appreciate it The pfSense DNS resolver is still useful as a typical IT design will have an internal DNS server, typically AD, for internal queries and that reaches out to a separate DNS server for external queries So in this case I have a Linux DNS server that forwards to the pfSense DNS resolver for Internet DNS resolution I'd prefer to not use the firewall for DNS but I've been waiting on a stable release of Bind that can do DoH (DNS over HTTPS) or DoT (DNS over TLS) And I've just noticed Bind 9.18 is available in Debian so that's something I need to look into As for redundancy, I use virtual machines so my DNS server would just spin up on another hypervisor but I'll add the other method to the list Unfortunately I've no rush for IPv6 as nobody where I live has really bothered with it I did a network design for a hosting provider back in the late 2000s for IPv6 but IPv4 seems to be here to stay as even today it's still not available for residential use
Thanks for the feedback. It's much appreciated The goal is to share what I've learned in IT But there are other things I'm planning to learn about as well, so watch this space
@@TechTutorialsDavidMcKone its a great cause, and it take a lot of courage and effort to share what you learned in very hard way.. You are making real difference and saving hours and hours of time and frustration. I hope you find time strength for this cause. I will share and learn.
This is great but I think either something has been changed in the directory setup or Manjaro just puts everything in different spots. Or maybe it expects you to build all of these from scratch which is pretty common with Manjaro/arch. There is no bind folder for me for instance. The conf is in the etc folder. For example. I use arch btw
Thanks for the feedback, it's really appreciated I haven't used Arch Linux myself as I've only focused on the Debian tree since I got into Linux But looking at the Wiki, yes there is no bind folder wiki.archlinux.org/title/BIND
For security reasons, I prefer not to use the root prompt You can limit the commands users can access with sudo and also the environmentals change depending on who is logged in Some software insists on you being root, but out of habit I try to use sudo as much as possible
@@petermoore8811 You can control sudo rights for individual users If all I do is add a user to the sudo group that person can basically elevate any command But you can edit the /etc/sudoers file and restrict which commands that person can elevate using sudo So even if a user does have sudo rights, you can block them from being able to install software with root privilege for instance
Absolutely great video, really well explained and detailed. One thing I don't understand though: How does your "network" (i.e every computer in your lan) know which server is the DNS server? In this video, you start by already configuring your DNS server, and appear to have not set your DHCP server yet, nor do you show yourself setting the DNS server's address in your router's DHCP. Does this "magically" work and as soon as you finish everything done in this video, the entire network learns of this server and automatically start using it? Or is your firewall responsible for telling everyone the address of your DNS server, and that was done off video?
The video is only about creating a DNS server in Linux There are just too many possibilities when it comes to configuring clients so that wasn't covered I have some computers with static IP configurations for instance, so the DNS server setting is configured manually But how you do that depends on the Operating System and even then, it can be different depending on the version being used Some computers will learn of the DNS server through DHCP but there are lots of DHCP servers out there, and each will be installed and configured in a different way
@@TechTutorialsDavidMcKone Aaaah I see! I'm just now getting into networking stuff, and I thought I could simply create a DNS server, then tell the router's DHCP to set that server as primary DNS and that would be ALL you'd need to do to get it to work in a big network. Guess I jumped a few steps lol. Thank you very much David!
Hi, Thank you so much for the detailed explaination. I have a question, is it applicable to use these steps to create a DNS server on cloud VPS to be used as my own DNS for my local network? I mean like a public DNS but it's only me who's going to use it.
Thanks for the feedback. I appreciate it As to using cloud services... I prefer a clear separation between cloud services and private services So servers in the cloud rely only on cloud services and vice versa Even security companies have been hacked so personally I'd say it isn't worth the risk Another thing that would put me off is if the Cloud service or even just my Internet connection went down. DNS wouldn't be available and my local network would stop working
Thank you David for the very informative video. I followed your video using a Proxmox virtual environment using ubuntu ISO file version 22.04.3 LTS. Strangely, the local DNS is listening on 127.0.0.53 instead of 127.0.0.1; therefore, BIND is not responding. Do you have any idea how to resolve this issue?
Check /etc/resolv.conf and make sure it points to 127.0.0.1 Then restart the named-resolvconf service sudo systemctl restart named-resolvconf.service If it's not that then I suggest checking this web page as I haven't touched Ubuntu in a while and there may have been changes since I released this video www.linuxbabe.com/ubuntu/set-up-local-dns-resolver-ubuntu-20-04-bind9 It mentions 20.04 in the title but references 22.04 as well
Pls david, i am new in cybersecurity but i am trying to work on a CA on DNS vulnerabilties. can i use this tutorial on virtualbox with ubuntu already installed? secondly i am confused about how you got your subnets or should i just use the same subnets that you used for mine?
Yes you can use this on an existing Ubuntu install if you like Probably better to pick your own subnets rather than use the ones I've made public information If you are not familiar with subnets and IP addressing, check out my video on IP Addressing IPv4 ua-cam.com/video/qraqTawkTLc/v-deo.html
I'm using Draw.io although it's now called Diagrams.net It's free and I'm using it on Linux and I think you can get it from the Microsoft Store as well It's even available as an online tool
Hello, for configuring the zones part, can I just name the zones anything I want, or the names must be something specific based on my Wi-Fi or something.
DNS does have a format to follow en.wikipedia.org/wiki/Fully_qualified_domain_name If it's for internal use though then the zone name is what you want it to be However, it's best to match this with what you configure your DHCP server is telling other computers to use and that may be your router running this service
Hi David. for someone working on DNS vulnerabilty, should i first config the DNS server before the vulnerabilities. Help me cos i am just a novice in cybersecurity
It's better to configure the basics then add the security features after If you do lots of things at once and something goes wrong it can be harder to work out where the fault is and so it's best to work in layers First just get it working Next add a security feature and make sure it still works If it doesn't reverse the changes, make sure it works then try again Add another feature and so on
@@TechTutorialsDavidMcKone you are simply the best. telling all my course mate to subscribe to your tutorials. if i encounter any problem i will ask more questions. Thank you David
you make EXCELLENT content. I'm incredibly grateful for all the things you've taught me. You're clear, easy to understand, calm in your approach, get to the point, and explain everything surrounding the point brilliantly. You, @spaceinvaderone and @Ibracorp are my go-to for all things I need to learn, so THANK YOU.
@@TechTutorialsDavidMcKone you know what I appreciate? the simple fact that you acknowledged a comment and replied. I know for some channels that gets impossible to keep up with, but thank you.
Mr ,I do all steps but when I need to check using nslookup or ping it give another ip address is look like (not private ) I do it in virtualBox I don't know what is problem ,could you tell me what is the issue
It's possible the computer you're doing this from isn't pointing to the correct DNS server You'll need to update the computer's networking settings and point it to the DNS server you've created If it's the DNS server itself that has the problem then you'll need to update it's own network settings The changes work for the version of OS I used But if you're using a different version or a different Linux distribution other changes may be needed For instance, some Linux OS' might need you to update the nameserver entry in this config file /etc/resolv.conf file
I love this video, It is well explained, but i was wondering if you can help me with one of steps, im running Linux Mint 20.1 Cinnamon, when i go to the Folder /etc/netplan i do not see the same file you have in your version, this is the only file i have "1-network-manager-all.yaml", so im unable to edit the IP address, can you please help me ?
Hello David, I sove the oter situation now I have this one the I don't understand: how I will configure with out using or install the bind utilities package (linux 2.6 pc with linux DNS server ANd linux Web server) to chare files and to comunicate each other what I have to do or what configuration I have to preform is my first time doing this and I have to make a project configuring this 3. can you help me out.
Not quite sure what you're referring to The server is set up to be the SOA for a particular zone It does have additional functions, mainly to cut down on the number of DNS servers you'd otherwise see in a large network But as it would hold all of the records for that zone it should be able to answer all queries for that domain and so is the authoritative server If you're getting errors I can only suggest checking the configs again Although, DNS can also have problems with hostnames, for example it doesn't like underscores "_" in a hostname
sir question upon changing your pointing DNS Server IP address this 127.0.0.1 do you have another DNS Server running that has 127.0.0.1 set up???. and this exercise DNS server is pointing it to your main DNS Server?? am I right?? because I am just confused, because your DNS server is 172.16.17.10/24 but you are pointing this practice DNS server to another IP...
Good question 127.0.0.1 is referred to as a loopback address Basically this refers to the computer itself So rather then sending DNS requests to 172.16.17.10 for instance which is the IP address on the real interface, we point to 127.0.0.1 Because there is no point sending this out to the actual network when the computer itself will reply And the reason for pointing DNS queries back to itself is because this computer is now our DNS server which can perform internal DNS resolution. It is also acting as a DNS forwarder for public resolution So it can resolve both internal and external DNS queries But rather than going directly to Internet root server, this DNS server will forwards public DNS queries to another DNS server that can do DoT to make public DNS queries encrypted and more secure
sir i have just encountered this problem upon starting the bind9 services "Job for named.service failed because the control process exited with error code. See "systemctl status named.service" and "journalctl -xeu named.service" for details." have you tried this problem??
Hi, thank you for the video... I have followed through. My challenge is that i can not get other computerson the network to use the dns server... What am i doing wrong????
If the computers have a manually entered IP address then the DNS server needs defining there as well Although Linux computers tend to need an update to their /etc/resolv.conf file If the computers receive their IP from a DHCP server, then the DHCP server needs to be updated to send the IP address of this DNS server instead of what it was sending before However, you can also usually manually override the DNS server by doing what was mentioned for a static IP The easiest thing to do is to then reboot the computer for it to update and start using the DNS server
@@TechTutorialsDavidMcKone Thank you for the reply, That was helpful. I tested it and I could resolve my firewall. I was also trying to resolve the LMS that is on the network. I am using DNS forwarding(I have one Public IP Address and multiple servers on LAN) and utilizing my website's DNS to resolve IP addresses... That means, much as the servers are on LAN, one needs the internet to resolve them. That is why I am setting up a local DNS server... When I tried the DNS on the LMS, it gets stuck on the HTTPS... The server uses HTTPS which is handled by the firewall(The server cannot directly interact with certificate providers because of the firewall). When I try to load the pages on the server, it seems not to recognize the HTTPS and keeps loading... indefinitely. I am not sure why it works with the other DNS(The Website One) but not with the one I have built. Otherwise. I appreciate this video... it has pushed me a mil in the right direction.
I suppose it depends on the purpose If you have servers on the LAN then you point your computers to an internal DNS server to resolve a private URL If a server will be public facing then the URL needs to be a public one that a public DNS server will resolve Setting up a server that is both public and private can be tricky as you have to consider options like internal certificates as well as external ones on the same computer, intercepting DNS requests for public URLs, etc It's better to have internal servers and external servers Even if they serve the exact same purpose and it seems like wasting resources, it's just a simpler stategy
The video only covers the installation and basic configuration so I only showed a few different commands that allow you to check that DNS resolution is working As for nslookup, that's more useful for troubleshooting and looking up specific record types. So if you have an email server problem for instance you can run a DNS query to find MX records You can even point the command to a specific DNS server to query that server's database rather than the ones your PC is configured to use so it's very useful
how to let other subnet comunicate with the dns server with out statically assigning an ip address and pointing the dns server's ip address to a client.
@@TechTutorialsDavidMcKone i already have a DHCP from my MerakiMX on vlan20 i already put 8.8.8.8 and the ip address of the DNS ubuntu pointing to DNS. the vlan of my DNS is vlan172. but stil i cant resolve the local domain name of the DNS. from my laptop(vlan20) to DNS(vlan172)
I prefer to use a tier system for DNS resolution to keep things simple The clients only know about the internal DNS server, either through DHCP or static entry The internal DNS server then does internal DNS resolution for the clients But it's also configured as a DNS forwarder and uses a public DNS server for that So if the client needs a public FQDN resolving, the DNS server will do that on their part and cache the result for future client requests Either way, the client only asks the internal DNS server for an answer which avoids overlap Linux computers over complicate DNS resolution as far as I'm concerned and you have to check which DNS server they are actually using For some you need to check the following files /etc/network/interfaces Although Ubuntu uses netplan so have to check the file in this folder /etc/netplan However, they can ignore any DNS settings there and are storing the actual DNS server they're using in this file /etc/resolv.conf And it's not unusual to find the wrong DNS server entry in there
I have a question that comes to mind We assume that we have 5 records, all of them with the same domain name, and each record has a different IP Why when requesting query The Name Serverin Response brings me all five records, not one or two Is this constant in dns consept( i mean all dns softwares works in this way or not)? Or there something that can control this? I mean two records only go not the five
The client can receive multiple responses but it usually just accepts the first one and ignores the others Having said that, a DNS server can also do its own caching so the results can vary But I came across this which might help you balance results www.zytrax.com/books/dns/ch9/rr.html And there's also mention of controlling the ordering using rrset-order www.zytrax.com/books/dns/ch7/queries.html#rrset-order
I am happy for your response because I follow you and watch your videos constantly But here my question is not in this context I want to know the behavior of the nameserver itself when it has more than one record with the same requested domain name. Why does it send them all? Is it a fixed thing in the DNS that all records have the requested domain name are sent without any exception?Is there anything to control this in the context of DNS? I want a detailed response or reference because I want to understand this topic very much @@TechTutorialsDavidMcKone
I read it, but it did not answer my question specifically. I apologize if I am taking up your time, but I need this information This is my exact question Are all the DNS software do the same function when the domain name is requested and there is 5 records of this domain names but have different ips when the requset of this domain name is come is the name server copys all records about this domain name without exception into the response? then now if your answer is yes is it constant of the dns consept ? can i control this by directly?@@TechTutorialsDavidMcKone
@@brezagay6622 I don't know all DNS solutions so I couldn't say if they all behave this way I'm more used to using F5's Big IP for instance in large deployments and that provides more intelligent DNS resolution But in the case of Bind, as those links show, you can configure it to respond in different ways if you need multiple devices to have the same name Although as I mentioned earlier, if the DNS server is doing caching, then it would be expected to respond with one answer after a while because it will ask itself, cache one answer and respond to future requests with that one answer until the cache entry expires
i Have 3 Server's in three diffrent Region, i want to Divert trafic by region. like American Trafic divert to american Server, African Trafic divert to African Server, already i'm Used This Service on Oracle Cloud, it's Very Costlly, so how do i do it , like this, After Create DNS Server.
Are you using Ubuntu? If so which version? I ask because other Linux distros and older versions of Ubuntu don't use netplan to configure the IP address
@@felixmacias4577 Same version as mine and it's not an error I've run into although a common theme seems to be containers Even if I put a mistake in the yaml file, netplan only reports a fault in the configuration What happens if you use "sudo netplan try" There is a bug which feeds back false warnings but seems worth trying
@@TechTutorialsDavidMcKone okay thanks Boss. Please one more question, my 00-installer.yaml configuration is different from yours. Mine is enop3. And don't accept the same format with yours, my Ubuntu is 22.04
@@urielukwueji9684 Different computers will have different names for the network interface so that is left untouched What does need to change in that file is the DNS server being used. We want that entry to be 127.0.0.1 so that the computer uses its own DNS server
@@TechTutorialsDavidMcKone right now im so interested in networking and wanna learn getting real game servers ip, do u know is it possible to fool the DNS that the game is using, so it sends the data/IP to me and imma be there as an proxy and get the IP
i want to host my website from my local pc, need some help, should i need to create dns server, for connecting to domain ??? Or not, will you please tell me steps ...of main points.
If this is for hosting on the Internet then I would strongly advise against it Public facing computers are best left in the cloud or some other hosting domain Web servers arw well known for being hacked and when a computer is hacked it exposes everything else on that network to the attacker
@@TechTutorialsDavidMcKone i know already i am a Hacker, i know Cyber Security - very well, Let's come to the point, i spent 8 year of time, & Made a Free Educational website in 101 Languages, 200 + programming Tutorials, One million plus Articles, similar as Wiki Pedia, / but / Shred hosting crashing down every minute by heavy Traffic, as i said Free, it means i don't have money for vps, so this is the reason i want to host from Home pc, Don't b panic about Security!!
Ipv6 is the shit you can run servers directly on cellphone or a 4g hotspot without port forwarding. A cool side note hotspot limits are in the downloads uploads arnt counted and a users download is my upload so you can download a large file without going against my data limits you just can't upload anything unless it's going directly to my phone where I get no download limits and you can have multiple ipv6 addresses on one network each with it's own 65k ports it also makes finding things harder using nmap if it's not on the same IP. hiding is always a good security measure and with virtual box you can have as many ipv6's as your computer can handle it's atleast 2gb ram per ip on top of the second ip because the first is your phone
Hi mr can you translate your video in Arabic l care about this video and l need to understand all information about this field but you are ltalking so fast it’s problem to me and thank you
I had to use Google Translator to translate the title and description, so I hope that helps Otherwise I suggest turning on subtitles If it doesn't automatically pick the correct language you can set this manually Click the Settings cog, then select Subtitles/CC Next click Auto-translate Then pick Arabic from the list
There are a lot of security risks exposing a DNS server to the Internet It's something best left to service providers And you can usually manage your records for free when you have your own domain
There's a lot to do so feel free to use the timeline
00:00 Intro
00:57 How It Works
06:31 Build VM
10:38 Install Ubuntu
19:55 Install Bind9
21:30 Configure Forwarder
32:00 Configure Zones
37:48 Configure Forward Zone
45:07 Configure Reverse Zone
49:30 Update Netplan
51:34 Start and Test DNS
You did a magnificent job explaining all the steps. I’m so happy people out there like you make comprehensive tutorials about Linux setups!
Many thanks for the feedback, I really appreciate it
And it's good to know you found the video helpful
there are only you who explain BIND9 well in youtub so thank you verry much Mr David McKone
Thanks for the feedback
Good to know the video was helpful
I don't understand why written articles make it so difficult or explicitly tied to a domain in the internet.
This is exactly what I was looking for, detailed and easy to follow. Cheers!
That's great to hear. I really appreciate the feedback
thanks a lot .i have tried to do this several times in many years by following my tutorials but i never succeed.this time is ok .u explain it very clear and u go straight for the point .ps i'm french speakin just imagine if a guy like me understand what u say .thanks one more time .i 'm already subscribed. very good job bravo !!! Sir
Thank you for the feedback, I really appreciate it
And glad to hear the video was useful
Hi David, I am watching your video studying for a job interview. I have supported Microsoft DNS for years and I am very familiar with it, but this job they using Bind on Debian Linux, and i've never done that. I just wanted to say the video is excellent and was very helpful to me. Thank you.
Good to hear the video was helpful and good luck with the interview
Thank you, sir! This video is one of the best I found on UA-cam related to BIND. I'll watch more of your content for sure.
Thanks for taking the time to comment
Good to know you found the video helpful
David, thanks a lot for being generous to share your experience and knowledge. Best explanation for dns services through a server and configuring it properly.
Good to hear you found this useful. And thanks for the feedback, it is really appreciated
Great video, thanks for sharing, it helped me configuring my bind service at home and understand how to configure each record type. I was stuck at trying to setup the reverse zone and this video helped me to get it working.
You gained a new subscriber!
Thanks for the feedback and the sub
Good to know the video was helpful
I'm always surprised when I come across companies not doing reverse DNS lookups as it's very useful for troubleshooting but also used as a security check
And I learned all this a long long time ago when I was doing Microsoft certifications
Thank you for this great video, perfect for preparing to the LFCS certification
Glad it was helpful!
This was awesome. Very clear instructions with some additional info on how it works so I, not only understand what I'm doing, but also why I'm doing it.
Thanks for the video. :)
Thanks for the feedback, it's really appreciated
And good to hear the video was useful
Thank you so much, you are such a great teacher! I'm very grateful to you for your dedication and for sharing your time making these great tutorials.
Thanks very much
Thank you so much for this, I was flapping around between one setup and an other. Your walk though sorted it out.
Thank you for the feedback
Glad to hear you found the video helpful
Thank you very much for your work, the material is as simple and clear as possible. Good luck in the future!
Thanks for the feedback
And always good to hear if a video has been helpful
Thanks for sharing you knowledge in this video David. Here is you well deserved "like". Plz keep the videos coming.
Thank for the feedback. It's much appreciated. And I'm glad you found the video useful
incredible video... well done, you explained it better than my prof😅
Thanks for the feedback
Always appreciated
Awesome presentation job explaining all the steps.
I’m so happy people out there like you make comprehensive tutorials about server setups!
If possible plz make a video on smart cache server. Thank you
Thanks for the feedback and glad to know you found the video useful
When you say smart cache server, are you referring to OpenDNS or something else?
@@TechTutorialsDavidMcKone I didnt find any good video for caching https videos
@@TechTutorialsDavidMcKone basically i work in ISP and looking make my own cache server
Excellent video and explanation mate. Thank you for all the effort you put in.
For the people that are struggling like me here is a hint make sure you tripple check your spelling because you might end up wasting hour(s) just because you forgot 1 letter >.< I am not saying that this happened to me but yeah... it totally did -.-
Thanks for the feedback, really appreciate it
Yeah, that missing dot makes all the difference
Anyway, good to hear that the video was helpful
Great video!!! The only issue I had was my spelling. I will be definitely subscribing and watching the rest of your videos for my future projects!!! Thanks so much!
Thanks for the feedback, it's much appreciated. And glad to hear you found the video useful
Appreciate the video and notes, very informative - thanks!
Thanks for the feedback, always appreciated
And it's good to know you found this useful
This is a superb video! Thanks a lot for your time to create this fabulous tutorial! I´m subscribing and I´ll try mimic all your labs!
Thanks for the feedback, it's really appreciated. Also good to know you found this useful
amazing video, thank you!
Good to hear you found the video useful and thanks for the feedback. It's always appreciated
Big thnx for video,I appriciate explanation in detail,only valid video I found.If I ask you next time to zoom in and to configure bigger font
Good to hear the video was helpful and thanks for the feedback
I do pay attention to feedback and so in my more recent videos I started zooming in and increasing font size
David - Thanks for a clear explanation of this. Gone through several tutorials, but this is the most definitive for me. I also use pfsense. Does this negate the use of the pfsense DNS Resolver? Will be great if you can also do a video on how to add a second dns server for redundancy, dns over https and also ipv6.! Keep this up.
Thanks for the feedback, I really appreciate it
The pfSense DNS resolver is still useful as a typical IT design will have an internal DNS server, typically AD, for internal queries and that reaches out to a separate DNS server for external queries
So in this case I have a Linux DNS server that forwards to the pfSense DNS resolver for Internet DNS resolution
I'd prefer to not use the firewall for DNS but I've been waiting on a stable release of Bind that can do DoH (DNS over HTTPS) or DoT (DNS over TLS)
And I've just noticed Bind 9.18 is available in Debian so that's something I need to look into
As for redundancy, I use virtual machines so my DNS server would just spin up on another hypervisor but I'll add the other method to the list
Unfortunately I've no rush for IPv6 as nobody where I live has really bothered with it
I did a network design for a hosting provider back in the late 2000s for IPv6 but IPv4 seems to be here to stay as even today it's still not available for residential use
everything detailed, great tutorial, you are sharing your experience, thank you..
Thanks for the feedback. It's much appreciated
The goal is to share what I've learned in IT
But there are other things I'm planning to learn about as well, so watch this space
@@TechTutorialsDavidMcKone its a great cause, and it take a lot of courage and effort to share what you learned in very hard way..
You are making real difference and saving hours and hours of time and frustration.
I hope you find time strength for this cause.
I will share and learn.
It helped me out a lot and you have a awlsom video
Thanks for the feedback
Good to know the video helped
great job, liked and subscribed. Thank you 😊
Thank you for the sub and glad to hear you liked the video
Awsome 🤩. Thank you Sir. 😇
I appreciate the feedback and I'm glad to hear you found the video useful
i love you david ❤❤
Good to know the video was useful
Excelente vídeo, muito obrigado.
Thanks. I'm glad you found the video useful
This is great but I think either something has been changed in the directory setup or Manjaro just puts everything in different spots. Or maybe it expects you to build all of these from scratch which is pretty common with Manjaro/arch. There is no bind folder for me for instance. The conf is in the etc folder. For example.
I use arch btw
Thanks for the feedback, it's really appreciated
I haven't used Arch Linux myself as I've only focused on the Debian tree since I got into Linux
But looking at the Wiki, yes there is no bind folder
wiki.archlinux.org/title/BIND
Thanks for the explanation. Very useful. Not sure why you dont do [sudo su -] and use the root prompt. Less typing always better.
For security reasons, I prefer not to use the root prompt
You can limit the commands users can access with sudo and also the environmentals change depending on who is logged in
Some software insists on you being root, but out of habit I try to use sudo as much as possible
@@TechTutorialsDavidMcKone when you sudo a command you give that command root privilege. So there is no security battle won here. Only more typing.
@@petermoore8811 You can control sudo rights for individual users
If all I do is add a user to the sudo group that person can basically elevate any command
But you can edit the /etc/sudoers file and restrict which commands that person can elevate using sudo
So even if a user does have sudo rights, you can block them from being able to install software with root privilege for instance
This video is awesome
Thanks for the feedback and glad to hear you found this useful
Absolutely great video, really well explained and detailed.
One thing I don't understand though:
How does your "network" (i.e every computer in your lan) know which server is the DNS server? In this video, you start by already configuring your DNS server, and appear to have not set your DHCP server yet, nor do you show yourself setting the DNS server's address in your router's DHCP.
Does this "magically" work and as soon as you finish everything done in this video, the entire network learns of this server and automatically start using it? Or is your firewall responsible for telling everyone the address of your DNS server, and that was done off video?
The video is only about creating a DNS server in Linux
There are just too many possibilities when it comes to configuring clients so that wasn't covered
I have some computers with static IP configurations for instance, so the DNS server setting is configured manually
But how you do that depends on the Operating System and even then, it can be different depending on the version being used
Some computers will learn of the DNS server through DHCP but there are lots of DHCP servers out there, and each will be installed and configured in a different way
@@TechTutorialsDavidMcKone Aaaah I see! I'm just now getting into networking stuff, and I thought I could simply create a DNS server, then tell the router's DHCP to set that server as primary DNS and that would be ALL you'd need to do to get it to work in a big network.
Guess I jumped a few steps lol.
Thank you very much David!
Hi,
Thank you so much for the detailed explaination.
I have a question, is it applicable to use these steps to create a DNS server on cloud VPS to be used as my own DNS for my local network?
I mean like a public DNS but it's only me who's going to use it.
Thanks for the feedback. I appreciate it
As to using cloud services...
I prefer a clear separation between cloud services and private services
So servers in the cloud rely only on cloud services and vice versa
Even security companies have been hacked so personally I'd say it isn't worth the risk
Another thing that would put me off is if the Cloud service or even just my Internet connection went down. DNS wouldn't be available and my local network would stop working
@@TechTutorialsDavidMcKone
Thank you for the answer :)
Keep up the good work 😊
thank you for what you do.
I appreciate the feedback. It's always good to know if a video was useful or needs improvement
Thank you David for the very informative video. I followed your video using a Proxmox virtual environment using ubuntu ISO file version 22.04.3 LTS.
Strangely, the local DNS is listening on 127.0.0.53 instead of 127.0.0.1; therefore, BIND is not responding. Do you have any idea how to resolve this issue?
Check /etc/resolv.conf and make sure it points to 127.0.0.1
Then restart the named-resolvconf service
sudo systemctl restart named-resolvconf.service
If it's not that then I suggest checking this web page as I haven't touched Ubuntu in a while and there may have been changes since I released this video
www.linuxbabe.com/ubuntu/set-up-local-dns-resolver-ubuntu-20-04-bind9
It mentions 20.04 in the title but references 22.04 as well
@@TechTutorialsDavidMcKone Thank you very much
Pls david, i am new in cybersecurity but i am trying to work on a CA on DNS vulnerabilties. can i use this tutorial on virtualbox with ubuntu already installed? secondly i am confused about how you got your subnets or should i just use the same subnets that you used for mine?
Yes you can use this on an existing Ubuntu install if you like
Probably better to pick your own subnets rather than use the ones I've made public information
If you are not familiar with subnets and IP addressing, check out my video on IP Addressing IPv4
ua-cam.com/video/qraqTawkTLc/v-deo.html
What program are you using to build diagrams? Thank you for your time.
I'm using Draw.io although it's now called Diagrams.net
It's free and I'm using it on Linux and I think you can get it from the Microsoft Store as well
It's even available as an online tool
@@TechTutorialsDavidMcKone Thank you.
Great video thank you
Thanks very much for the feedback. Good to hear you found the video useful
Hello, for configuring the zones part, can I just name the zones anything I want, or the names must be something specific based on my Wi-Fi or something.
DNS does have a format to follow
en.wikipedia.org/wiki/Fully_qualified_domain_name
If it's for internal use though then the zone name is what you want it to be
However, it's best to match this with what you configure your DHCP server is telling other computers to use and that may be your router running this service
@@TechTutorialsDavidMcKone Neat! Thank you so much for your help!
thank you for lesso teacher
Good to know the video was helpful
Hi David. for someone working on DNS vulnerabilty, should i first config the DNS server before the vulnerabilities. Help me cos i am just a novice in cybersecurity
It's better to configure the basics then add the security features after
If you do lots of things at once and something goes wrong it can be harder to work out where the fault is and so it's best to work in layers
First just get it working
Next add a security feature and make sure it still works
If it doesn't reverse the changes, make sure it works then try again
Add another feature and so on
@@TechTutorialsDavidMcKone you are simply the best. telling all my course mate to subscribe to your tutorials. if i encounter any problem i will ask more questions. Thank you David
you make EXCELLENT content. I'm incredibly grateful for all the things you've taught me. You're clear, easy to understand, calm in your approach, get to the point, and explain everything surrounding the point brilliantly.
You, @spaceinvaderone and @Ibracorp are my go-to for all things I need to learn, so THANK YOU.
also, just became a Patreon! Thank you again for the great content
Thanks for the feedback, always appreciated
And good to know you like the videos
Thank you very much
@@TechTutorialsDavidMcKone you know what I appreciate? the simple fact that you acknowledged a comment and replied. I know for some channels that gets impossible to keep up with, but thank you.
Mr ,I do all steps but when I need to check using nslookup or ping it give another ip address is look like (not private ) I do it in virtualBox I don't know what is problem ,could you tell me what is the issue
It's possible the computer you're doing this from isn't pointing to the correct DNS server
You'll need to update the computer's networking settings and point it to the DNS server you've created
If it's the DNS server itself that has the problem then you'll need to update it's own network settings
The changes work for the version of OS I used
But if you're using a different version or a different Linux distribution other changes may be needed
For instance, some Linux OS' might need you to update the nameserver entry in this config file
/etc/resolv.conf file
I love this video, It is well explained, but i was wondering if you can help me with one of steps, im running Linux Mint 20.1 Cinnamon, when i go to the Folder /etc/netplan i do not see the same file you have in your version, this is the only file i have "1-network-manager-all.yaml", so im unable to edit the IP address, can you please help me ?
The name of the file is random so use the file that you see on your computer
Hello David, I sove the oter situation now I have this one the I don't understand: how I will configure with out using or install the bind utilities package (linux 2.6 pc with linux DNS server ANd linux Web server) to chare files and to comunicate each other what I have to do or what configuration I have to preform is my first time doing this and I have to make a project configuring this 3. can you help me out.
Good tutorial.. but what about authortive domain name server?
However, I get bad owner name on Ubuntu 22.04 LTS with Bind9. What gives?
Not quite sure what you're referring to
The server is set up to be the SOA for a particular zone
It does have additional functions, mainly to cut down on the number of DNS servers you'd otherwise see in a large network
But as it would hold all of the records for that zone it should be able to answer all queries for that domain and so is the authoritative server
If you're getting errors I can only suggest checking the configs again
Although, DNS can also have problems with hostnames, for example it doesn't like underscores "_" in a hostname
Hello dear
Can you tell me why it's swearing?
syntax error near ';' in Checkconf
Difficult to say what the exact problem is but there will be an error in the file so you need to check it line by line to see what that is
Hi i am having an issue with BIND configuration in redhat can you please help?
Unfortunately red hat is a linux distro you have to pay for
It does have support though so I suggest you contact IBM
sir question upon changing your pointing DNS Server IP address this 127.0.0.1 do you have another DNS Server running that has 127.0.0.1 set up???. and this exercise DNS server is pointing it to your main DNS Server?? am I right?? because I am just confused, because your DNS server is 172.16.17.10/24 but you are pointing this practice DNS server to another IP...
Good question
127.0.0.1 is referred to as a loopback address
Basically this refers to the computer itself
So rather then sending DNS requests to 172.16.17.10 for instance which is the IP address on the real interface, we point to 127.0.0.1
Because there is no point sending this out to the actual network when the computer itself will reply
And the reason for pointing DNS queries back to itself is because this computer is now our DNS server which can perform internal DNS resolution. It is also acting as a DNS forwarder for public resolution
So it can resolve both internal and external DNS queries
But rather than going directly to Internet root server, this DNS server will forwards public DNS queries to another DNS server that can do DoT to make public DNS queries encrypted and more secure
@@TechTutorialsDavidMcKone nice so the loopback itself to be configure. thanks sir.. your the best.
sir i have just encountered this problem upon starting the bind9 services "Job for named.service failed because the control process exited with error code.
See "systemctl status named.service" and "journalctl -xeu named.service" for details." have you tried this problem??
hi sir i already figure out this problem..
thanks sir.. but how I am going to resolve this local DNS from another subnet IP?
Hi, thank you for the video... I have followed through.
My challenge is that i can not get other computerson the network to use the dns server... What am i doing wrong????
If the computers have a manually entered IP address then the DNS server needs defining there as well
Although Linux computers tend to need an update to their /etc/resolv.conf file
If the computers receive their IP from a DHCP server, then the DHCP server needs to be updated to send the IP address of this DNS server instead of what it was sending before
However, you can also usually manually override the DNS server by doing what was mentioned for a static IP
The easiest thing to do is to then reboot the computer for it to update and start using the DNS server
@@TechTutorialsDavidMcKone Thank you for the reply, That was helpful. I tested it and I could resolve my firewall.
I was also trying to resolve the LMS that is on the network.
I am using DNS forwarding(I have one Public IP Address and multiple servers on LAN) and utilizing my website's DNS to resolve IP addresses... That means, much as the servers are on LAN, one needs the internet to resolve them. That is why I am setting up a local DNS server...
When I tried the DNS on the LMS, it gets stuck on the HTTPS... The server uses HTTPS which is handled by the firewall(The server cannot directly interact with certificate providers because of the firewall). When I try to load the pages on the server, it seems not to recognize the HTTPS and keeps loading... indefinitely.
I am not sure why it works with the other DNS(The Website One) but not with the one I have built.
Otherwise. I appreciate this video... it has pushed me a mil in the right direction.
I suppose it depends on the purpose
If you have servers on the LAN then you point your computers to an internal DNS server to resolve a private URL
If a server will be public facing then the URL needs to be a public one that a public DNS server will resolve
Setting up a server that is both public and private can be tricky as you have to consider options like internal certificates as well as external ones on the same computer, intercepting DNS requests for public URLs, etc
It's better to have internal servers and external servers
Even if they serve the exact same purpose and it seems like wasting resources, it's just a simpler stategy
What about nslookup, when would we use that?
The video only covers the installation and basic configuration so I only showed a few different commands that allow you to check that DNS resolution is working
As for nslookup, that's more useful for troubleshooting and looking up specific record types. So if you have an email server problem for instance you can run a DNS query to find MX records
You can even point the command to a specific DNS server to query that server's database rather than the ones your PC is configured to use so it's very useful
Do you know how to do this by using a Bind9 Docker container?
I'm not quite there yet in terms of a video release, but Docker is on my roadmap as Proxmox and Truneas both run on Debian
thx!
Good to know you found the video useful
how to let other subnet comunicate with the dns server with out statically assigning an ip address and pointing the dns server's ip address to a client.
You''ll need to use a DHCP server to provide the IP addressing to clients which can include details such as the DNS server(s) to use
@@TechTutorialsDavidMcKone i already have a DHCP from my MerakiMX on vlan20 i already put 8.8.8.8 and the ip address of the DNS ubuntu pointing to DNS. the vlan of my DNS is vlan172. but stil i cant resolve the local domain name of the DNS. from my laptop(vlan20) to DNS(vlan172)
I prefer to use a tier system for DNS resolution to keep things simple
The clients only know about the internal DNS server, either through DHCP or static entry
The internal DNS server then does internal DNS resolution for the clients
But it's also configured as a DNS forwarder and uses a public DNS server for that
So if the client needs a public FQDN resolving, the DNS server will do that on their part and cache the result for future client requests
Either way, the client only asks the internal DNS server for an answer which avoids overlap
Linux computers over complicate DNS resolution as far as I'm concerned and you have to check which DNS server they are actually using
For some you need to check the following files
/etc/network/interfaces
Although Ubuntu uses netplan so have to check the file in this folder
/etc/netplan
However, they can ignore any DNS settings there and are storing the actual DNS server they're using in this file
/etc/resolv.conf
And it's not unusual to find the wrong DNS server entry in there
I have a question that comes to mind
We assume that we have 5 records, all of them with the same domain name, and each record has a different IP
Why when requesting query
The Name Serverin Response brings me all five records, not one or two
Is this constant in dns consept( i mean all dns softwares works in this way or not)?
Or there something that can control this? I mean two records only go not the five
The client can receive multiple responses but it usually just accepts the first one and ignores the others
Having said that, a DNS server can also do its own caching so the results can vary
But I came across this which might help you balance results
www.zytrax.com/books/dns/ch9/rr.html
And there's also mention of controlling the ordering using rrset-order
www.zytrax.com/books/dns/ch7/queries.html#rrset-order
I am happy for your response because I follow you and watch your videos constantly
But here my question is not in this context
I want to know the behavior of the nameserver itself when it has more than one record with the same requested domain name. Why does it send them all?
Is it a fixed thing in the DNS that all records have the requested domain name are sent without any exception?Is there anything to control this in the context of DNS?
I want a detailed response or reference because I want to understand this topic very much
@@TechTutorialsDavidMcKone
@@brezagay6622 Check first web page links I sent
They show how the DNS server's response can change depending on how you configure it
I read it, but it did not answer my question specifically. I apologize if I am taking up your time, but I need this information
This is my exact question
Are all the DNS software
do the same function
when the domain name is requested
and there is 5 records of this domain names but have different ips
when the requset of this domain name is come is the name server copys all records about this domain name without exception into the response?
then now if your answer is yes
is it constant of the dns consept ?
can i control this by directly?@@TechTutorialsDavidMcKone
@@brezagay6622 I don't know all DNS solutions so I couldn't say if they all behave this way
I'm more used to using F5's Big IP for instance in large deployments and that provides more intelligent DNS resolution
But in the case of Bind, as those links show, you can configure it to respond in different ways if you need multiple devices to have the same name
Although as I mentioned earlier, if the DNS server is doing caching, then it would be expected to respond with one answer after a while because it will ask itself, cache one answer and respond to future requests with that one answer until the cache entry expires
i Have 3 Server's in three diffrent Region, i want to Divert trafic by region.
like American Trafic divert to american Server, African Trafic divert to African Server,
already i'm Used This Service on Oracle Cloud, it's Very Costlly,
so how do i do it , like this, After Create DNS Server.
Maybe others can offer suggestions, but the only method I'm familiar with is services you have to pay for like F5's Big-IP DNS
Thank you . I can make vmware this ?
Yes. This was done on a VM running Ubuntu Linux using ESXI 7.0
When I enter "sudo netplan apply" I get a "Failed to connect to bus: No such file or directory". I'm not sure how to fix this.
Are you using Ubuntu? If so which version?
I ask because other Linux distros and older versions of Ubuntu don't use netplan to configure the IP address
@@TechTutorialsDavidMcKone Im using version 20.04.3 LTS of Ubunutu
@@felixmacias4577 Same version as mine and it's not an error I've run into although a common theme seems to be containers
Even if I put a mistake in the yaml file, netplan only reports a fault in the configuration
What happens if you use "sudo netplan try"
There is a bug which feeds back false warnings but seems worth trying
is the IP address used in this video, suppoosed to be same for my own, cos i cant reach the host fater i did the experiment
You'll need to use an IP address that works for your network
@@TechTutorialsDavidMcKone okay thanks Boss. Please one more question, my 00-installer.yaml configuration is different from yours. Mine is enop3. And don't accept the same format with yours, my Ubuntu is 22.04
@@urielukwueji9684 Different computers will have different names for the network interface so that is left untouched
What does need to change in that file is the DNS server being used. We want that entry to be 127.0.0.1 so that the computer uses its own DNS server
@@TechTutorialsDavidMcKone thank you so much Boss 🙌
Plc make a comptia network+ course
I'm not looking to do any training courses
It requires a lot of upfront cost and you'd have to stay on top of the changes
Hello can you answer me a kind of hard question?
Depends. What is the question?
@@TechTutorialsDavidMcKone right now im so interested in networking and wanna learn getting real game servers ip, do u know is it possible to fool the DNS that the game is using, so it sends the data/IP to me and imma be there as an proxy and get the IP
i want to host my website from my local pc, need some help, should i need to create dns server, for connecting to domain ??? Or not, will you please tell me steps ...of main points.
If this is for hosting on the Internet then I would strongly advise against it
Public facing computers are best left in the cloud or some other hosting domain
Web servers arw well known for being hacked and when a computer is hacked it exposes everything else on that network to the attacker
@@TechTutorialsDavidMcKone i know already i am a Hacker, i know Cyber Security - very well, Let's come to the point, i spent 8 year of time, & Made a Free Educational website in 101 Languages, 200 + programming Tutorials, One million plus Articles, similar as Wiki Pedia, / but / Shred hosting crashing down every minute by heavy Traffic, as i said Free, it means i don't have money for vps, so this is the reason i want to host from Home pc,
Don't b panic about Security!!
Señor no ha pensado de broncearse un poco? Se le quiere desde Colombia :)
La luz del sol y este tipo de piel no van bien juntas :(
Ipv6 is the shit you can run servers directly on cellphone or a 4g hotspot without port forwarding. A cool side note hotspot limits are in the downloads uploads arnt counted and a users download is my upload so you can download a large file without going against my data limits you just can't upload anything unless it's going directly to my phone where I get no download limits and you can have multiple ipv6 addresses on one network each with it's own 65k ports it also makes finding things harder using nmap if it's not on the same IP. hiding is always a good security measure and with virtual box you can have as many ipv6's as your computer can handle it's atleast 2gb ram per ip on top of the second ip because the first is your phone
I'm still waiting for a carrier in this country to offer IPv6
And I was helping customers set this up over a decade ago
Hi mr can you translate your video in Arabic l care about this video and l need to understand all information about this field but you are ltalking so fast it’s problem to me and thank you
I had to use Google Translator to translate the title and description, so I hope that helps
Otherwise I suggest turning on subtitles
If it doesn't automatically pick the correct language you can set this manually
Click the Settings cog, then select Subtitles/CC
Next click Auto-translate
Then pick Arabic from the list
Sir, how to Public to internet
There are a lot of security risks exposing a DNS server to the Internet
It's something best left to service providers
And you can usually manage your records for free when you have your own domain