- If you want to create a DNS forwarder Instance who will be Forward your IP DNS Private to DNS Public you can follow this guide.
- This guide will be implemented on Ubuntu 20.04 LTS.
- This bind9 port (53) will be forwarded too with Nginx.
- Ubuntu Server 20.04 LTS
- 1 for BIND9
- 1 for VM testing
- 1 for Nginx Reverse Proxy
- Install BIND9
sudo apt-get update
sudo apt-get install bind9 bind9utils bind9-doc
- Configure named.conf.options
- This will be forward to
1.1.1.1
&8.8.4.4
- Network
192.168.20.0/24
&10.0.0/24
will be whitelisted IP (that poll will may be allowed to connect to bind9)
- This will be forward to
nano /etc/bind/named.conf.options
acl goodclients {
192.168.20.0/24;
10.0.0.0/24;
localhost;
localnets;
};
options {
directory "/var/cache/bind";
dnssec-enable yes;
dnssec-validation yes;
recursion yes;
allow-query { goodclients; };
forwarders {
1.1.1.1;
8.8.4.4;
};
forward only;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
sudo named-checkconf
sudo service bind9 restart
sudo tail -f /var/log/syslog
-
In this cases, cause my VM BIND9 connected to VPN (all connection will be routed to VPN endpoint, then my private VM IP can't be reach over network)
-
So, i will create a bastion instance (on same network pool with VM BIND9) to reverse port 53.
-
In this cases, the BIND9 VM IP is
192.168.20.216
-
Install Nginx
apt install -y nginx
rm /etc/nginx/sites-enabled/*
rm /etc/nginx/sites-available/*
nano /etc/nginx/nginx.conf
include /etc/nginx/conf.d/*.conf.ssh;
- Configure TCP Nginx Block
nano /etc/nginx/conf.d/tcp.conf.ssh
stream {
upstream dns-nginxx {
server 192.168.20.216:53;
}
server {
listen 53;
proxy_pass 192.168.20.216:53;
}
server {
listen 53 udp;
proxy_pass 192.168.20.216:53;
}
}
nginx -t
service nginx reload
- Stop 53 default port on Nginx VM
Set
DNSStubListener
tono
sudo nano /etc/systemd/resolved.conf
[Resolve]
#DNS=
#FallbackDNS=
#Domains=
#LLMNR=no
#MulticastDNS=no
#DNSSEC=no
#DNSOverTLS=no
#Cache=no
DNSStubListener=no
#ReadEtcHosts=yes
sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
shutdown -r now
- Test in your testing VM
nano /etc/resolv.conf
nameserver your_nginx_reverse_ip
- https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-caching-or-forwarding-dns-server-on-ubuntu-14-04
- https://www.linuxuprising.com/2020/07/ubuntu-how-to-free-up-port-53-used-by.html
- https://superuser.com/questions/1273792/how-can-i-setup-a-udp-nginx-reverse-proxy-and-how-does-it-work