Skip to content

Instantly share code, notes, and snippets.

Last active September 18, 2022 04:32
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save gilangvperdana/88bb5676777d8c8557edb3d12fc17280 to your computer and use it in GitHub Desktop.
Save gilangvperdana/88bb5676777d8c8557edb3d12fc17280 to your computer and use it in GitHub Desktop.
BIND9 DNS Forwarder

Forward DNS with BIND9 and Reverse It with NGINX !

  • If you want to create a DNS forwarder Instance who will be Forward your IP DNS Private to DNS Public you can follow this guide.
  • This guide will be implemented on Ubuntu 20.04 LTS.
  • This bind9 port (53) will be forwarded too with Nginx.


  • Ubuntu Server 20.04 LTS
    • 1 for BIND9
    • 1 for VM testing
    • 1 for Nginx Reverse Proxy

Configure BIND9 to be DNS Forwarder

  • Install BIND9
sudo apt-get update
sudo apt-get install bind9 bind9utils bind9-doc
  • Configure named.conf.options
    • This will be forward to &
    • Network & 10.0.0/24 will be whitelisted IP (that poll will may be allowed to connect to bind9)
nano /etc/bind/named.conf.options
acl goodclients {;;
options {
        directory "/var/cache/bind";

        dnssec-enable yes;
        dnssec-validation yes;

        recursion yes;
        allow-query { goodclients; };

        forwarders {

        forward only;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
sudo named-checkconf
sudo service bind9 restart
sudo tail -f /var/log/syslog

Forward DNS port (53) with Nginx

  • In this cases, cause my VM BIND9 connected to VPN (all connection will be routed to VPN endpoint, then my private VM IP can't be reach over network)

  • So, i will create a bastion instance (on same network pool with VM BIND9) to reverse port 53.

  • In this cases, the BIND9 VM IP is

  • Install Nginx

apt install -y nginx
rm /etc/nginx/sites-enabled/*
rm /etc/nginx/sites-available/*
nano /etc/nginx/nginx.conf
include /etc/nginx/conf.d/*.conf.ssh;
  • Configure TCP Nginx Block
nano /etc/nginx/conf.d/tcp.conf.ssh
stream {
  upstream dns-nginxx {
  server {
    listen       53;
  server {
    listen       53 udp;
nginx -t
service nginx reload
  • Stop 53 default port on Nginx VM Set DNSStubListener to no
sudo nano /etc/systemd/resolved.conf
sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
shutdown -r now


  • Test in your testing VM
nano /etc/resolv.conf
nameserver your_nginx_reverse_ip

Make Resolv Conf Permanent?


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment