How to set up your own DNS server with Raspberry Pi
In order for computers to communicate with each other over the internet, all participants in the network have a unique address: Through IP addresses, clients know exactly which servers they should address. But no user can be expected to memorize the numerical sequence of the address, so instead, domain names are used. For this, there’s a domain name system (DNS): It converts numbers into domains and vice versa. To do this, clients first have to query one or more DNS servers before they get the correct address. This can cost valuable time. Therefore, it can be useful to speed up the internet connection by setting up a dedicated DNS server. A Raspberry Pi, the small but many-sided computer, provides a good base for this. We explain to you here how DNS functions and how you can set up your own home DNS server.
What exactly is DNS?
The domain name system helps you to find your way around in networks based on IP addresses. In the address line of your browser, you usually enter a domain like www.example.org. For communication via the internet, computers use either IPv4 or IPv6 addresses. For the communication to function, though, the memorable domain needs to be converted. The name resolution uses DNS servers. For this, the browser should first access a cache. Maybe the address of the individual system is already known, and so doesn’t need to be queried.
If this isn’t the case, then the query is forwarded to one or more DNS servers. The first one queried is usually the DNS server of the internet provider. This compares the query with its database and provides an ideal result. If it doesn’t have an entry for the domain, one of the 13 root nameservers of the internet is requested directly. All addresses of the World Wide Web are stored here.
Along with DNS, it’s also important to notice that most internet users, especially the clients of normal internet users, don’t have a static IP address. Internet providers assign IP addresses within their network typically for only 24 hours at most. After this, a very short forced separation is initiated, the network connection is broken, and the user is assigned a new IP address. This usually isn’t a problem, since clients are seldom addressed from outside of the local network, and only send requests to the server – not the other way around.
In particular instances, though, it’s necessary to set up a dedicated server: Remote desktops or an individual, small game servers are good examples. In such cases, dynamic DNS is used. With a DDNS server, the domestic server is assigned a domain through which it’s accessible. If you would also like to set up a hosted DNS server that can be addressed from outside your local network at any time, you should think about DynDNS.
What does a DNS server provide?
Users prefer to rely on dedicated DNS servers instead of search for outside IP addresses for a variety of different reasons. Setting up your own server makes a lot a sense when multiple devices and people go online within the network, e.g. in a big family, multi-roommate household, or in a small office.
- Speed: If there’s no cache entry, a web query sometimes runs over several routers and servers before the web content is delivered to the user. While the wait time is usually in the realm of milliseconds, if establishing a connection to the internet provider’s DNS server isn’t necessary, then the process can be accelerated.
- Privacy: For the domain name system to work, queries have to be forwarded to outside servers. This creates trails on the internet that some users would like to avoid. With a dedicated DNS server, much of the data stays with you.
- Security: Those who want to host their own DNS server also have control over the entries. Cyber criminals like to try to interfere with queries to provider DNS servers and deliver incorrect IP addresses. Instead of the website that’s meant to be visited, a different one is output. This is extremely risky with online banking: If sensitive account data is entered into an exact copy of the bank website, criminals can quickly access your accounts and your money.
- Ad blocking: Ad blockers access a list of commercial servers that are to be blocked. This can also be done by an individual DNS server. You can even free all devices in your home network from integrated ads at one time, without having to install extra software on each device.
- Child filters: Like with advertisements, it can also make sense to set up child filters. Servers that provide content which is not safe for children can simply be blocked using an individual DNS server.
- Learning curve: Many users simply install their own DNS server to understand more about the way that the internet functions. Energy comes from wall outlets and websites come from the browser: But if you want to understand what’s behind the technology, a DIY project like this comes with a steep learning curve – just like many other ideas for Raspberry Pi.
Set up a DNS server with Raspberry Pi
If you want to install a DNS server on your Raspberry Pi, you need a few things in addition to the minicomputer:
- SD card with Rasbian installed
- Ethernet connection to the internet router
- Power supply via micro-USB cable
- SSH client (e.g. PuTTY)
As a basis for setting up DNS on Raspberry Pi, we’ll use BIND in this example. BIND is an open source software that loops back to the Berkeley Internet Name Domain server. The program is currently in its ninth version, and is developed further by the Internet Software Consortium (ISC).
First, you need to make sure that Raspberry Pi is assigned a static IP address within the local network. To do this, open the network configuration:
sudo nano /etc/network/interfaces
Once there, assign Raspberry Pi a unique IP address.
Nano is a simple Linux editor that you should always have installed on your Raspberry Pi.
Now you can install BIND. In addition to the actual program bind9, it’s also helpful to install the two packages bind9utils and dnsutils. These are by no means required, but they contain some useful tools for maintaining your new DNS server. Use the following command:
sudo apt-get install bind9 bind9utils dnsutils
bind9 is now installed on your system. But before you can use your Raspberry Pi as a DNS server, you still need to specify a couple of settings. Open the configuration file of bind9:
sudo nano /etc/bind/named.conf.local
Now set up two zones there: One for the forward lookup, where the domain’s IP address is searched, and a reverse lookup for the inverse query.
sudo nano /etc/bind/named.conf.local
zone "home.lan" IN {
type master;
file "/etc/bind/db.home.lan";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.rev.1.168.192.in-addr.arpa";
};
The code shows that you are using two files (db.home.lan and db.rev.1.168.192.in-addr.arpa) to define the zones. But these need to be created first. Since you set up the files yourself, you can also name them however you want, as long as they’re also entered the same way in any relevant places. Create the file for the forward lookup first:
sudo nano /etc/bind/db.home.lan
home.lan. IN SOA raspberry.home.lan. hostmaster.home.lan. (
2017081401 ; serial
8H ; refresh
4H ; retry
4W ; expire
1D ; minimum
)
home.lan. IN NS raspberry.home.lan.
home.lan. IN MX 10 raspberry.home.lan.
localhost IN A 127.0.0.1
raspberry IN A 192.168.1.31
router IN A 192.168.1.1
The last two entries in the file have to be customized. Enter the IP address of your Raspberry Pi (the static IP address that you assigned at the beginning) and of your router. Make sure that the domain names always end with a period. At the beginning of the file, after the serial number, set how much time there should be in between regular actions. The two declarations NS and MX specify that both the name server and the mail server are provided by the Raspberry Pi.
At the beginning of the file, always enter a serial number: It uses the format YYYYMMDDXX, the date (in the order of year, month, day) plus an ascending serial number – in case you create multiple versions in one day.
Now create the reverse zone file:
sudo nano /etc/bind/db.rev.1.168.192.in-addr.arpa
@ IN SOA raspberry.home.lan. hostmaster.home.lan. (
2017081401 ; serial
8H ; refresh
4H ; retry
4W ; expire
1D ; minimum
)
IN NS raspberry.home.lan.
1 IN PTR router.home.lan.
31 IN PTR raspberry.home.lan.
This example assumes that your local network address begins with 192.168.1. If this isn’t the case, then you need to enter the correct address in the file and define the file name. Remember that the other file name also needs to be entered in the corresponding position in /etc/bind/named.conf.local.
If you install a DNS server on your Raspberry Pi, then this functions as a cache of DNS queries. This means that as soon as you’ve queried a name resolution, the entry remains saved in your DNS server. For now, DNS queries are still forwarded to another server. The location of which can be set in /etc/bind/named.conf.options. Open the file and change the IP address in the “Forwarders” entry:
sudo nano /etc/bind/named.conf.options
forwarders {
1.2.3.4;
5.6.7.8;
};
For example, you can enter the IP address of your internet provider’s DNS server here or of an open system. The Google server (8.8.8.8) is a popular choice. If you want to be independent from commercial providers, you can also use a free system like the Digitalcourage e.V. (85.214.20.141).
You’ve now configured a DNS server with BIND on your Raspberry Pi. For the changes to take effect, you should restart the program from this point:
sudo service bind9 restart
Or:
sudo service bind9 stop
sudo service bind9 start
If you encounter an error when starting the DNS server, it might be worthwhile to take a look at the log file under /var/log/syslog. So that you don’t have to restart the DNS server manually after restarting your Raspberry Pi, you can enter it into the system autostart:
sudo update-rc.d bind9 defaults
Now you just have to enter your new DNS server into your router’s settings, so that requests for name resolution run through your Raspberry Pi. In the device settings (usually accessed via the web interface), enter the IP address of the Raspberry Pi. Now you have control over the DNS entries and can block particular servers, for example to protect yourself from pages that want to harm you or gain access to your information. To do this, you have to set up DNS blocks. This is done in a file, which you enter first into the configuration file of bind9:
sudo nano /etc/bind/named.conf
The file is added as a new entry under the previously existing file, and closed with a semicolon:
include „/etc/bin/named.conf.blocked“;
In this file, only enter the domains that you want to block. To know which domains should be blocked, you can reference several different lists. In this example, we use a list from the DNS-BH Project, which has a premade zone file for BIND. This can be downloaded and opened with a text editor. The entries are already in the correct format, and so can simply be copied into your own block list. Entries must have this format – even when you’re using different sources:
zone "malware-example.ga" {type master; file "/etc/namedb/blockeddomain.hosts";};
At the end of the line, a file is named to be used when the corresponding domain is called. This file is created as follows:
sudo nano /etc/namedb/blockeddomain.hosts
There, enter the following code:
$TTL 86400
@ IN SOA raspberry.home.lan. hostmaster.home.lan. (
2017081401 ; serial
8H ; refresh
2H ; retry
10D ; expire
1D ; minimum
)
NS raspberry.home.lan.
A 127.0.0.1
* IN A 127.0.0.1
Make sure once again that you enter the correct values for your domain here (in this case, raspberry.home.lan). Restart bind9 again. Now your DNS server should be correctly configured and ready to start.
With a Raspberry Pi, you can also set up other servers: Learn how to create a Webserver or a Mailserver with the minicomputer!