How to Configure a BIND9 DNS Server on Ubuntu for Selective Forwarding with Custom AAAA Record for Google.com


3 views

When setting up a school project DNS server, we need to implement two key behaviors:

  1. Authoritative response for google.com with a custom IPv6 address
  2. Recursive forwarding for all other domains
sudo apt update
sudo apt install bind9 bind9utils -y

Edit the main BIND configuration:

sudo nano /etc/bind/named.conf.options

Add these configurations:

options {
    directory "/var/cache/bind";
    
    // Forward all other requests
    forwarders {
        8.8.8.8;
        8.8.4.4;
    };
    forward only;
    
    dnssec-validation auto;
    
    listen-on-v6 { any; };
};

First, declare the zone in named.conf.local:

sudo nano /etc/bind/named.conf.local

Add this zone configuration:

zone "google.com" {
    type master;
    file "/etc/bind/db.google.com";
};

Create the zone file:

sudo nano /etc/bind/db.google.com

Here's a sample configuration with IPv6 response:

$TTL 86400
@ IN SOA ns1.google.com. admin.google.com. (
    2023081501 ; Serial
    3600       ; Refresh
    1800       ; Retry
    604800     ; Expire
    86400      ; Minimum TTL
)

@ IN NS ns1.google.com.
@ IN AAAA 2001:4860:4860::8888 ; Sample IPv6 address
www IN AAAA 2001:4860:4860::8844 ; Sample IPv6 for www

Check for syntax errors:

sudo named-checkconf
sudo named-checkzone google.com /etc/bind/db.google.com

Restart BIND9 service:

sudo systemctl restart bind9

Test with dig:

dig @localhost google.com AAAA +short
dig @localhost example.com A +short

You should see:

  1. Your custom IPv6 address for google.com
  2. Normal resolution for other domains via forwarders
  • Configure firewall rules to allow UDP/TCP port 53
  • Consider implementing rate limiting in BIND
  • Monitor query logs for unusual activity

For educational environments or testing scenarios, you might need a DNS server that handles a specific domain name while forwarding all other queries. Here's how to implement this using Bind9 on Ubuntu, which will:

  • Authoritatively respond to queries for google.com with a predefined IPv6 address
  • Forward all other DNS queries to your network's primary resolver
  • Maintain standard DNS functionality for the rest of your network

Before starting, ensure you have:

sudo apt update
sudo apt install bind9 bind9utils -y

Edit the main Bind configuration file:

sudo nano /etc/bind/named.conf.options

Add the forwarding configuration:

options {
    directory "/var/cache/bind";
    forwarders {
        8.8.8.8;  // Replace with your network's primary DNS
        8.8.4.4;
    };
    forward only;
    dnssec-validation no;  // Disable for lab environments
    auth-nxdomain no;
    listen-on-v6 { any; };
};

Create a new zone configuration:

sudo nano /etc/bind/named.conf.local

Add the zone definition:

zone "google.com" {
    type master;
    file "/etc/bind/db.google.com";
};

Create the zone file:

sudo nano /etc/bind/db.google.com

Add the DNS records:

$TTL    86400
@       IN      SOA     ns1.google.com. admin.google.com. (
                        2023080101      ; Serial
                        3600            ; Refresh
                        1800            ; Retry
                        604800          ; Expire
                        86400 )         ; Minimum TTL

        IN      NS      ns1.google.com.
        IN      AAAA    2607:f8b0:4005:80b::200e  ; Google's IPv6
ns1     IN      A       127.0.0.1

Check configuration syntax:

sudo named-checkconf
sudo named-checkzone google.com /etc/bind/db.google.com

Restart the service:

sudo systemctl restart bind9

Query your DNS server:

dig google.com @localhost AAAA +short
nslookup google.com 127.0.0.1

For other domains, verify forwarding works:

dig example.com @localhost
  • Check logs: sudo journalctl -u bind9 -f
  • Verify port 53 is open: sudo netstat -tulnp | grep 53
  • Test recursion: dig +trace example.com