Skip to content

Instantly share code, notes, and snippets.

@gilangvperdana
Last active September 18, 2022 04:32
Show Gist options
  • Save gilangvperdana/88bb5676777d8c8557edb3d12fc17280 to your computer and use it in GitHub Desktop.
Save gilangvperdana/88bb5676777d8c8557edb3d12fc17280 to your computer and use it in GitHub Desktop.
BIND9 DNS Forwarder

Forward DNS with BIND9 and Reverse It with NGINX !

  • If you want to create a DNS forwarder Instance who will be Forward your IP DNS Private to DNS Public you can follow this guide.
  • This guide will be implemented on Ubuntu 20.04 LTS.
  • This bind9 port (53) will be forwarded too with Nginx.

Prerequisite

  • Ubuntu Server 20.04 LTS
    • 1 for BIND9
    • 1 for VM testing
    • 1 for Nginx Reverse Proxy

Configure BIND9 to be DNS Forwarder

  • Install BIND9
sudo apt-get update
sudo apt-get install bind9 bind9utils bind9-doc
  • Configure named.conf.options
    • This will be forward to 1.1.1.1 & 8.8.4.4
    • Network 192.168.20.0/24 & 10.0.0/24 will be whitelisted IP (that poll will may be allowed to connect to bind9)
nano /etc/bind/named.conf.options
acl goodclients {
    192.168.20.0/24;
    10.0.0.0/24;
    localhost;
    localnets;
};
options {
        directory "/var/cache/bind";

        dnssec-enable yes;
        dnssec-validation yes;

        recursion yes;
        allow-query { goodclients; };

        forwarders {
                1.1.1.1;
                8.8.4.4;
        };

        forward only;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};
sudo named-checkconf
sudo service bind9 restart
sudo tail -f /var/log/syslog

Forward DNS port (53) with Nginx

  • In this cases, cause my VM BIND9 connected to VPN (all connection will be routed to VPN endpoint, then my private VM IP can't be reach over network)

  • So, i will create a bastion instance (on same network pool with VM BIND9) to reverse port 53.

  • In this cases, the BIND9 VM IP is 192.168.20.216

  • Install Nginx

apt install -y nginx
rm /etc/nginx/sites-enabled/*
rm /etc/nginx/sites-available/*
nano /etc/nginx/nginx.conf
include /etc/nginx/conf.d/*.conf.ssh;
  • Configure TCP Nginx Block
nano /etc/nginx/conf.d/tcp.conf.ssh
stream {
  upstream dns-nginxx {
    server        192.168.20.216:53;
  }
  server {
    listen       53;
    proxy_pass  192.168.20.216:53;
  }
  server {
    listen       53 udp;
    proxy_pass  192.168.20.216:53;
  }
}
nginx -t
service nginx reload
  • Stop 53 default port on Nginx VM Set DNSStubListener to no
sudo nano /etc/systemd/resolved.conf
[Resolve]
#DNS=
#FallbackDNS=
#Domains=
#LLMNR=no
#MulticastDNS=no
#DNSSEC=no
#DNSOverTLS=no
#Cache=no
DNSStubListener=no
#ReadEtcHosts=yes
sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
shutdown -r now

Verify

  • Test in your testing VM
nano /etc/resolv.conf
nameserver your_nginx_reverse_ip

Make Resolv Conf Permanent?

Reference

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment