Skip to content

Instantly share code, notes, and snippets.

Last active Sep 18, 2022
What would you like to do?
BIND9 DNS Forwarder

Forward DNS with BIND9 and Reverse It with NGINX !

  • If you want to create a DNS forwarder Instance who will be Forward your IP DNS Private to DNS Public you can follow this guide.
  • This guide will be implemented on Ubuntu 20.04 LTS.
  • This bind9 port (53) will be forwarded too with Nginx.


  • Ubuntu Server 20.04 LTS
    • 1 for BIND9
    • 1 for VM testing
    • 1 for Nginx Reverse Proxy

Configure BIND9 to be DNS Forwarder

  • Install BIND9
sudo apt-get update
sudo apt-get install bind9 bind9utils bind9-doc
  • Configure named.conf.options
    • This will be forward to &
    • Network & 10.0.0/24 will be whitelisted IP (that poll will may be allowed to connect to bind9)
nano /etc/bind/named.conf.options
acl goodclients {;;
options {
        directory "/var/cache/bind";

        dnssec-enable yes;
        dnssec-validation yes;

        recursion yes;
        allow-query { goodclients; };

        forwarders {

        forward only;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
sudo named-checkconf
sudo service bind9 restart
sudo tail -f /var/log/syslog

Forward DNS port (53) with Nginx

  • In this cases, cause my VM BIND9 connected to VPN (all connection will be routed to VPN endpoint, then my private VM IP can't be reach over network)

  • So, i will create a bastion instance (on same network pool with VM BIND9) to reverse port 53.

  • In this cases, the BIND9 VM IP is

  • Install Nginx

apt install -y nginx
rm /etc/nginx/sites-enabled/*
rm /etc/nginx/sites-available/*
nano /etc/nginx/nginx.conf
include /etc/nginx/conf.d/*.conf.ssh;
  • Configure TCP Nginx Block
nano /etc/nginx/conf.d/tcp.conf.ssh
stream {
  upstream dns-nginxx {
  server {
    listen       53;
  server {
    listen       53 udp;
nginx -t
service nginx reload
  • Stop 53 default port on Nginx VM Set DNSStubListener to no
sudo nano /etc/systemd/resolved.conf
sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
shutdown -r now


  • Test in your testing VM
nano /etc/resolv.conf
nameserver your_nginx_reverse_ip

Make Resolv Conf Permanent?


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment