sudo apt update
sudo apt install bind9 bind9utils bind9-doc dnsutils -yCheck service status:
sudo systemctl status namedStart and enable on boot if needed:
sudo systemctl start named
sudo systemctl enable namedEdit /etc/bind/named.conf.options:
options {
directory "/var/cache/bind";
listen-on port 53 { any; };
allow-query { localhost; 192.168.1.0/24; }; // ← change to your LAN
recursion yes;
forwarders {
8.8.8.8;
8.8.4.4;
1.1.1.1;
};
dnssec-validation auto;
auth-nxdomain no;
};Validate and restart:
sudo named-checkconf
sudo systemctl restart namedTest from the server:
dig google.com @127.0.0.1sudo ufw allow 53
# Or restrict to your LAN only:
sudo ufw allow from 192.168.1.0/24 to any port 53
sudo ufw reloadAdd zone to /etc/bind/named.conf.local:
zone "home.lan" {
type master;
file "/etc/bind/db.home.lan";
};Create and edit zone file:
sudo cp /etc/bind/db.local /etc/bind/db.home.lan
sudo chown bind:bind /etc/bind/db.home.lan
sudo nano /etc/bind/db.home.lanExample content for db.home.lan:
$TTL 604800
@ IN SOA ns.home.lan. root.home.lan. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
@ IN NS ns.home.lan.
ns IN A 192.168.1.10
router IN A 192.168.1.1
tv IN A 192.168.1.55Validate & apply:
sudo named-checkzone home.lan /etc/bind/db.home.lan
sudo named-checkconf
sudo systemctl restart namedsudo journalctl -u named -f # Live logs
dig example.com @127.0.0.1
rndc status
rndc reload # Reload config without restart
sudo named-checkconf # Check main config
sudo named-checkzone home.lan /etc/bind/db.home.lan