How to install and configure ISC BIND DNS

Instructions are Ubuntu Bionic Raspberry Pi version (arm64)

Download latest stable release and unpack

 wget https://downloads.isc.org/isc/bind9/9.16.2/bind-9.16.2.tar.xz
 tar -xf bind-9.16.2.tar.xz
 cd bind-9.16.2

Install prerequisites

 sudo apt install build-essential pkg-config python-ply libuv1-dev libssl-dev

Configure

 ./configure --prefix=/opt/bind-9.16.2 --with-tuning=small

Compile and install

 make
 sudo make install
 sudo ln -s /opt/bind-9.16.2 /opt/bind
 sudo groupadd named
 sudo useradd -g named -s /usr/sbin/nologin named
 chown named:named /opt/bind/var

Configure DNS

 /opt/bind/sbin/rndc-confgen

Create rndc.conf file based on the output of rndc-confgen as well as add the key to named.conf file

 vi /opt/bind/etc/rndc.conf

 key "rndc-key" {
         algorithm hmac-sha256;
         secret "<secret>";
 };
 options {
         default-key "rndc-key";
         default-server 127.0.0.1;
         default-port 953;
 };

 chmod 600 /opt/bind/etc/rndc.conf

 vi /opt/bind/etc/named.conf
 
 acl mynets { 192.168.1.0/24; 127.0.0.0/8; };
 options {
        directory "/opt/bind/var";
        allow-query { mynets; };
        recursion yes;
        max-cache-size 5%;
        dnssec-validation yes;
 };
 key "rndc-key" {
       algorithm hmac-sha256;
       secret "<secret>";
 };
 controls {
       inet 127.0.0.1 port 953
           allow { 127.0.0.1; } keys { "rndc-key"; };
 };
 zone "0.0.127.in-addr.arpa" {
        type master;
        file "localhost.rev";
        notify no;
 };
 zone "1.168.192.in-addr.arpa" {
        type master;
        file "192.168.1.rev";
        notify no;
 };
 zone "creatica.local" {
        type master;
        file "creatica.local";
 };

 chgrp named /opt/bind/etc/named.conf
 chmod 640 /opt/bind/etc/named.conf

 vi /opt/bind/var/localhost.rev

 $TTL 3600
 $ORIGIN 0.0.127.in-addr.arpa.
 @       SOA 0.0.127.in-addr.arpa postmaster 2020050101 3600 600 360000 60
         NS  ns.creatica.local.
 1       IN      PTR     localhost.

 vi /opt/bind/var/192.168.1.rev

 $TTL 3600
 $ORIGIN 1.168.192.in-addr.arpa.
 @       SOA 1.168.192.in-addr.arpa postmaster 2020050302 3600 600 360000 60
         NS  ns.creatica.local.
 2      IN      PTR     beruta.creatica.local.
 3      IN      PTR     beruta-rp3.creatica.local.

 vi /opt/bind/var/creatica.local

 $TTL 3600
 $ORIGIN creatica.local.
 @       SOA creatica.local postmaster 2020050301 3600 600 360000 60
         NS  ns.creatica.local.
 beruta  A       192.168.1.2
 beruta-rp3 A    192.168.1.3
 ntp     CNAME   beruta
 0.ntp   CNAME   beruta
 ns      A       192.168.1.2

 sudo vi /lib/systemd/system/named.service

 [Unit]
 Description=DNS Server
 After=network.target

 [Service]
 Environment="PATH=/opt/ntp/bin:$PATH"
 TimeoutStartSec=3600
 PIDFile=/opt/bind/var/run/named/named.pid
 ExecStartPre=/opt/bind/sbin/named-checkconf -z /opt/bind/etc/named.conf
 ExecStartPre=/opt/ntp/bin/ntp-wait -n 3595 -s 1
 ExecStart=/opt/bind/sbin/named -4 -u named -c /opt/bind/etc/named.conf
 Type=forking

 [Install]
 WantedBy=multi-user.target

Run

 sudo systemctl enable named
 sudo systemctl start named

Test

 nslookup creatica.org 127.0.0.1

After modifying zone files, just run

 sudo /opt/bind/sbin/rndc reload