Using Bind as a local DNS-proxy

This page contains the basic instructions and links to more elaborate sites, explaining the basics of installing and starting a BIND9 DNS-caching service on your own Debian server.

Using your own DNS can be faster. It is also a good way of understanding how DNS works. For me, one other reason was that at some point my provider’s DNS was mailfunctioning for some hours. The network was clearly working, since i could just use IP-numbers to go to various site on the internet. I then decided to set up a DNS-cache to avoid such dependency.

On Debian, installing Bind9 via Apt is done using:

apt-get install bind9 dnsutils bind9-doc resolvconf ufw

This installs BIND and some other utilities that can come in handy.
To start bind:

/etc/init.d/bind9 start

After the default installation BIND will be added to the default start-up sequence

After this the basic functionality should be installed.
To use the local version of BIND you should editing /etc/resolv.conf , and point it to the localhost
BIND will automattically listen to port 53, the deafult DNS-port.
Test this using:


This should give domain-information about (in this example), and it should list the local server (your server) in one of the last lines.

Example output:

/home# dig

; <<>> DiG 9.5.1-P2 <<>>
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<-- opcode: QUERY, status: NOERROR, id: 53825
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 1

; IN A



;; ADDITIONAL SECTION: 1744 IN AAAA 2001:888:2000:12::2

;; Query time: 1 msec
;; WHEN: Wed Aug 19 16:26:40 2009
;; MSG SIZE rcvd: 149


The query time ( in one of the last lines) is probably in the order of hunderds of milliseconds for the first query.
Repeating the same query will give a low query-time (0 or 1 ms), since the entry has now been cached locally; This is the easiest way to see that the BIND-cache works.

For more on the configuration you can look at this more extensive 'how-to' .

Switch Logging on:
To switch BIND9-log on in order to see all queries in your logfiles use:

rndc querylog

You can then view the system log( including the DNS queries) using:

cat /var/log/syslog

Allow other computers to use your dns server
To allow other computers to use your dns server, you have to add the following 'allow-query'-option in your /etc/bind/named.conf.options configuration-file ( replace by an IP address, or an IP range ):

allow-query { SomeIP ;; }; allows queries from your localhost. Adding other IP-addresses or ranges allows other computers to use your server. An obvious use is by adding, which allows other machines on your local network to use your local DNS-server.

Block others from using your dns server
In the same way, if the configuration is set to 'allow-query { any } ' , other can be blocked from using youe dns-server by removing 'any', and replacing it by individual IP-numbers or by for example the local IP-range.

This entry was posted in Linux, Networking. Bookmark the permalink.