If you want to install a DNS server on your Raspberry Pi, you need a few things in addition to the minicomputer:
- SD card with Rasbian installed
- Ethernet connection to the internet router
- Power supply via micro-USB cable
- SSH client (e.g. PuTTY)
As a basis for setting up DNS on Raspberry Pi, we’ll use BIND in this example. BIND is an open source software that loops back to the Berkeley Internet Name Domain server. The program is currently in its ninth version, and is developed further by the Internet Software Consortium (ISC).
First, you need to make sure that Raspberry Pi is assigned a static IP address within the local network. To do this, open the network configuration:
sudo nano /etc/network/interfaces
Nano is a simple Linux editor that you should always have installed on your Raspberry Pi.
Now you can install BIND. In addition to the actual program bind9, it’s also helpful to install the two packages bind9utils and dnsutils. These are by no means required, but they contain some useful tools for maintaining your new DNS server. Use the following command:
sudo apt-get install bind9 bind9utils dnsutils
bind9 is now installed on your system. But before you can use your Raspberry Pi as a DNS server, you still need to specify a couple of settings. Open the configuration file of bind9:
sudo nano /etc/bind/named.conf.local
Now set up two zones there: One for the forward lookup, where the domain’s IP address is searched, and a reverse lookup for the inverse query.
sudo nano /etc/bind/named.conf.local
zone "home.lan" IN {
type master;
file "/etc/bind/db.home.lan";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.rev.1.168.192.in-addr.arpa";
};
The code shows that you are using two files (db.home.lan and db.rev.1.168.192.in-addr.arpa) to define the zones. But these need to be created first. Since you set up the files yourself, you can also name them however you want, as long as they’re also entered the same way in any relevant places. Create the file for the forward lookup first:
sudo nano /etc/bind/db.home.lan
home.lan. IN SOA raspberry.home.lan. hostmaster.home.lan. (
2017081401 ; serial
8H ; refresh
4H ; retry
4W ; expire
1D ; minimum
)
home.lan. IN NS raspberry.home.lan.
home.lan. IN MX 10 raspberry.home.lan.
localhost IN A 127.0.0.1
raspberry IN A 192.168.1.31
router IN A 192.168.1.1
The last two entries in the file have to be customized. Enter the IP address of your Raspberry Pi (the static IP address that you assigned at the beginning) and of your router. Make sure that the domain names always end with a period. At the beginning of the file, after the serial number, set how much time there should be in between regular actions. The two declarations NS and MX specify that both the name server and the mail server are provided by the Raspberry Pi.
At the beginning of the file, always enter a serial number: It uses the format YYYYMMDDXX, the date (in the order of year, month, day) plus an ascending serial number – in case you create multiple versions in one day.
Now create the reverse zone file:
sudo nano /etc/bind/db.rev.1.168.192.in-addr.arpa
@ IN SOA raspberry.home.lan. hostmaster.home.lan. (
2017081401 ; serial
8H ; refresh
4H ; retry
4W ; expire
1D ; minimum
)
IN NS raspberry.home.lan.
1 IN PTR router.home.lan.
31 IN PTR raspberry.home.lan.
If you install a DNS server on your Raspberry Pi, then this functions as a cache of DNS queries. This means that as soon as you’ve queried a name resolution, the entry remains saved in your DNS server. For now, DNS queries are still forwarded to another server. The location of which can be set in /etc/bind/named.conf.options. Open the file and change the IP address in the “Forwarders” entry:
sudo nano /etc/bind/named.conf.options
forwarders {
1.2.3.4;
5.6.7.8;
};
You’ve now configured a DNS server with BIND on your Raspberry Pi. For the changes to take effect, you should restart the program from this point:
sudo service bind9 restart
Or:
sudo service bind9 stop
sudo service bind9 start
If you encounter an error when starting the DNS server, it might be worthwhile to take a look at the log file under /var/log/syslog. So that you don’t have to restart the DNS server manually after restarting your Raspberry Pi, you can enter it into the system autostart:
sudo update-rc.d bind9 defaults
Now you just have to enter your new DNS server into your router’s settings, so that requests for name resolution run through your Raspberry Pi. In the device settings (usually accessed via the web interface), enter the IP address of the Raspberry Pi. Now you have control over the DNS entries and can block particular servers, for example to protect yourself from pages that want to harm you or gain access to your information. To do this, you have to set up DNS blocks. This is done in a file, which you enter first into the configuration file of bind9:
sudo nano /etc/bind/named.conf
The file is added as a new entry under the previously existing file, and closed with a semicolon:
include „/etc/bin/named.conf.blocked“;
In this file, only enter the domains that you want to block. To know which domains should be blocked, you can reference several different lists. In this example, we use a list from the DNS-BH Project, which has a premade zone file for BIND. This can be downloaded and opened with a text editor. The entries are already in the correct format, and so can simply be copied into your own block list. Entries must have this format – even when you’re using different sources:
zone "malware-example.ga" {type master; file "/etc/namedb/blockeddomain.hosts";};
At the end of the line, a file is named to be used when the corresponding domain is called. This file is created as follows:
sudo nano /etc/namedb/blockeddomain.hosts
There, enter the following code:
$TTL 86400
@ IN SOA raspberry.home.lan. hostmaster.home.lan. (
2017081401 ; serial
8H ; refresh
2H ; retry
10D ; expire
1D ; minimum
)
NS raspberry.home.lan.
A 127.0.0.1
* IN A 127.0.0.1
Make sure once again that you enter the correct values for your domain here (in this case, raspberry.home.lan). Restart bind9 again. Now your DNS server should be correctly configured and ready to start.
Based on idea found by www.ionos.com