BIND9 (Berkeley Internet Name Domain) is the most widely deployed DNS server software. It handles both authoritative DNS (serving zone records for your domains) and recursive DNS (resolving queries for clients). This guide installs BIND9 on Ubuntu 26.04 LTS as a caching/forwarding resolver.
Tested and valid on:
- Ubuntu 26.04 LTS
Prerequisites
- Ubuntu 26.04 LTS
- A user with sudo privileges
- Port 53 available (TCP and UDP)
Step 1 – Install BIND9
sudo apt update
sudo apt install bind9 bind9utils bind9-doc -y
named --versionStep 2 – Configure as a Caching/Forwarding Resolver
sudo nano /etc/bind/named.conf.optionsSet:
options {
directory "/var/cache/bind";
forwarders {
8.8.8.8;
1.1.1.1;
};
forward only;
dnssec-validation auto;
listen-on { any; };
allow-query { localhost; 192.168.1.0/24; };
};Step 3 – Test the Configuration
sudo named-checkconf
sudo systemctl restart bind9
sudo systemctl status bind9Step 4 – Test DNS Resolution
dig @localhost google.com
dig @localhost example.com AStep 5 – Configure an Authoritative Zone
sudo nano /etc/bind/named.conf.localAdd:
zone 'example.com' {
type master;
file '/etc/bind/db.example.com';
};sudo cp /etc/bind/db.local /etc/bind/db.example.com
sudo nano /etc/bind/db.example.comEdit with your records:
$ORIGIN example.com.
$TTL 86400
@ IN SOA ns1.example.com. admin.example.com. (
2026051601 3600 900 604800 86400 )
@ IN NS ns1.example.com.
ns1 IN A 192.168.1.100
www IN A 192.168.1.100sudo named-checkzone example.com /etc/bind/db.example.com
sudo systemctl reload bind9Step 6 – Configure Logging
sudo nano /etc/bind/named.conf.loggingAdd:
logging {
channel default_log {
file '/var/log/named/named.log' versions 3 size 5m;
severity dynamic;
print-time yes;
};
category default { default_log; };
};Step 7 – Allow in UFW
sudo ufw allow 53/tcp
sudo ufw allow 53/udpConclusion
BIND9 is running as a DNS server on Ubuntu 26.04 LTS. Use it as an internal DNS resolver for your network, or configure authoritative zones for your domains. Always keep BIND updated to patch security vulnerabilities.
