Configure DNS server on Debian 9

Question

I need some help configuring a DNS server in Debian 9 (Stretch). I'm following this tutorial, but I think that there is something that I'm doing wrong...

In my case, we will suppose that I own a domain called example.com and my server has an IP that is: 203.0.113.141

First of all, I created the zones in my named.conf.local file. Now, this file looks like this:

zone "example.com" IN {                    // Domain name
     type master;                          // Primary DNS
     file "/etc/bind/fwd.example.com.db"; // Forward lookup file
     allow-update { none; };               // Since this is the primary DNS, it
};                                         // should be none.

zone "141.ip-203-0-113.net" IN { // Reverse lookup name, it was given from my server provider
     type master; // Primary DNS
     file "/etc/bind/rev.example.com.db"; //Reverse lookup file
     allow-update { none; }; //Since this is the primary DNS, it should be none.
};

After that, I created both files with this content:

fwd.example.com.db:

$TTL    604800
@       IN      SOA     example.com. root.example.com. (
                             21         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;

;Name Server Information
       IN      NS      dns.example.com.
;IP address of Name Server
dns     IN      A       203.0.113.141

rev.example.com.db:

$TTL    604800
@       IN      SOA     example.com. root.example.com. (
                             21         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
;@      IN      NS      localhost.
;1.0.0  IN      PTR     localhost.

;Name Server Information
       IN      NS     dns.example.com.
;Reverse lookup for Name Server
141      IN      PTR    dns

Running named-checkconf and named-checkzone commands after configuring those files gives me a correct output, with no errors.

I also restarted bind9 service. But when I try to verify the dns with dig command, the answer is not as expected.

The command dig example.com outputs:

; <<>> DiG 9.10.3-P4-Debian <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53052
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;example.com.                   IN      A

;; AUTHORITY SECTION:
example.com.            604800  IN      SOA     example.com. root.example.com. 21 604800 86400 2419200 604800

;; Query time: 0 msec
;; SERVER: 203.0.113.141#53(203.0.113.141)
;; WHEN: Sat Sep 01 09:05:29 EDT 2018
;; MSG SIZE  rcvd: 81

According to the tutorial I followed, I was expecting a line like:

;; ANSWER SECTION:
www.example.com.      604800  IN      A       203.0.113.141

But it doesn't exists in that output.

Also, when I check the reverse lookup with dig -x 203.0.113.141, the output doesn't show anything related with my domain example.com:

; <<>> DiG 9.10.3-P4-Debian <<>> -x 203.0.113.141
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42358
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;141.113.0.203.in-addr.arpa.     IN      PTR

;; ANSWER SECTION:
141.113.0.203.in-addr.arpa. 86400 IN     PTR     141.ip-203-0-113.net.

;; AUTHORITY SECTION:
0.203.in-addr.arpa.     66624   IN      NS      ns10.ovh.ca.
0.203.in-addr.arpa.     66624   IN      NS      dns10.ovh.ca.

;; Query time: 893 msec
;; SERVER: 54.39.21.141#53(54.39.21.141)
;; WHEN: Sat Sep 01 09:12:51 EDT 2018
;; MSG SIZE  rcvd: 132

Again, according with the tutorial, I was expecting a different ANSWER SECTION, with my domain name in it.

So, do you think that it could be any misconfiguration on any of those files?

Answer 1

Alright, so there are two questions being asked here.

Q1: Why am I not seeing an A record for 'www.example.com'?

There are two reasons for that. First you didn't ask for the A record of 'www.example.com'; secondly, you didn't define such an A record. In your forward zone file you should add the following line,

www            IN A   203.0.113.141

and then query for this record with dig www.example.com.

I assume you also want both "example.com" and "www.example.com" to point to the same web server, in which case you also need to add an A record for the apex (the domain) itself. For that you should add this line:

example.com.   IN A   203.0.113.141

You already have an NS and a SOA record for this apex, but an A record is needed if you want to browse to it as well.

Q2: Why am I not seeing the desired output for my PTR record?

I need to edit this answer in. The reply you receive seems correct to me although it's not what you expected to see.

Edit: I was thinking of the "CNAME hack" in which your ISP creates a CNAME pointing to a subdomain and giving you control over that subdomain. But since the ISP provides a PTR record, I would contact them first and ask for the details on how they want you to set up the PTR record for that IP address (if you're even allowed to do it).