How to set up your own DNS server with Raspberry Pi

In order for computers to communicate with each other over the internet, all participants in the network have a unique address: Through IP addresses, clients know exactly which servers they should address. But no user can be expected to memorize the numerical sequence of the address, so instead, domain names are used. For this, there’s a domain name system (DNS): It converts numbers into domains and vice versa. To do this, clients first have to query one or more DNS servers before they get the correct address. This can cost valuable time. Therefore, it can be useful to speed up the internet connection by setting up a dedicated DNS server. A Raspberry Pi, the small but many-sided computer, provides a good base for this. We explain to you here how DNS functions and how you can set up your own home DNS server.

What exactly is DNS?

The domain name system helps you to find your way around in networks based on IP addresses. In the address line of your browser, you usually enter a domain like www.example.org. For communication via the internet, computers use either IPv4 or IPv6 addresses. For the communication to function, though, the memorable domain needs to be converted. The name resolution uses DNS servers. For this, the browser should first access a cache. Maybe the address of the individual system is already known, and so doesn’t need to be queried.

If this isn’t the case, then the query is forwarded to one or more DNS servers. The first one queried is usually the DNS server of the internet provider. This compares the query with its database and provides an ideal result. If it doesn’t have an entry for the domain, one of the 13 root nameservers of the internet is requested directly. All addresses of the World Wide Web are stored here.

Along with DNS, it’s also important to notice that most internet users, especially the clients of normal internet users, don’t have a static IP address. Internet providers assign IP addresses within their network typically for only 24 hours at most. After this, a very short forced separation is initiated, the network connection is broken, and the user is assigned a new IP address. This usually isn’t a problem, since clients are seldom addressed from outside of the local network, and only send requests to the server – not the other way around.

In particular instances, though, it’s necessary to set up a dedicated server: Remote desktops or an individual, small game servers are good examples. In such cases, dynamic DNS is used. With a DDNS server, the domestic server is assigned a domain through which it’s accessible. If you would also like to set up a hosted DNS server that can be addressed from outside your local network at any time, you should think about DynDNS.

What does a DNS server provide?

Users prefer to rely on dedicated DNS servers instead of search for outside IP addresses for a variety of different reasons. Setting up your own server makes a lot a sense when multiple devices and people go online within the network, e.g. in a big family, multi-roommate household, or in a small office.

  • Speed: If there’s no cache entry, a web query sometimes runs over several routers and servers before the web content is delivered to the user. While the wait time is usually in the realm of milliseconds, if establishing a connection to the internet provider’s DNS server isn’t necessary, then the process can be accelerated.
  • Privacy: For the domain name system to work, queries have to be forwarded to outside servers. This creates trails on the internet that some users would like to avoid. With a dedicated DNS server, much of the data stays with you.
  • Security: Those who want to host their own DNS server also have control over the entries. Cyber criminals like to try to interfere with queries to provider DNS servers and deliver incorrect IP addresses. Instead of the website that’s meant to be visited, a different one is output. This is extremely risky with online banking: If sensitive account data is entered into an exact copy of the bank website, criminals can quickly access your accounts and your money.
  • Ad blocking: Ad blockers access a list of commercial servers that are to be blocked. This can also be done by an individual DNS server. You can even free all devices in your home network from integrated ads at one time, without having to install extra software on each device.
  • Child filters: Like with advertisements, it can also make sense to set up child filters. Servers that provide content which is not safe for children can simply be blocked using an individual DNS server.
  • Learning curve: Many users simply install their own DNS server to understand more about the way that the internet functions. Energy comes from wall outlets and websites come from the browser: But if you want to understand what’s behind the technology, a DIY project like this comes with a steep learning curve – just like many other ideas for Raspberry Pi.

Set up a DNS server with Raspberry Pi

If you want to install a DNS server on your Raspberry Pi, you need a few things in addition to the minicomputer:

  • SD card with Rasbian installed
  • Ethernet connection to the internet router
  • Power supply via micro-USB cable
  • SSH client (e.g. PuTTY)

As a basis for setting up DNS on Raspberry Pi, we’ll use BIND in this example. BIND is an open source software that loops back to the Berkeley Internet Name Domain server. The program is currently in its ninth version, and is developed further by the Internet Software Consortium (ISC).

First, you need to make sure that Raspberry Pi is assigned a static IP address within the local network. To do this, open the network configuration:

sudo nano /etc/network/interfaces

Once there, assign Raspberry Pi a unique IP address.

Tip

Nano is a simple Linux editor that you should always have installed on your Raspberry Pi.

Now you can install BIND. In addition to the actual program bind9, it’s also helpful to install the two packages bind9utils and dnsutils. These are by no means required, but they contain some useful tools for maintaining your new DNS server. Use the following command:

sudo apt-get install bind9 bind9utils dnsutils

bind9 is now installed on your system. But before you can use your Raspberry Pi as a DNS server, you still need to specify a couple of settings. Open the configuration file of bind9:

sudo nano /etc/bind/named.conf.local

Now set up two zones there: One for the forward lookup, where the domain’s IP address is searched, and a reverse lookup for the inverse query.

sudo nano /etc/bind/named.conf.local 
    zone "home.lan" IN {
            type master;
            file "/etc/bind/db.home.lan";
      };
    zone "1.168.192.in-addr.arpa" {
            type master;
            file "/etc/bind/db.rev.1.168.192.in-addr.arpa";
      };

The code shows that you are using two files (db.home.lan and db.rev.1.168.192.in-addr.arpa) to define the zones. But these need to be created first. Since you set up the files yourself, you can also name them however you want, as long as they’re also entered the same way in any relevant places. Create the file for the forward lookup first:

sudo nano /etc/bind/db.home.lan
    
        home.lan. IN SOA raspberry.home.lan. hostmaster.home.lan. (
             2017081401 ; serial
                8H ; refresh
                4H ; retry
                4W ; expire
                1D ; minimum
        )
        home.lan. IN NS raspberry.home.lan.
        home.lan. IN MX 10 raspberry.home.lan.
        localhost        IN A 127.0.0.1
        raspberry        IN A 192.168.1.31
        router             IN A 192.168.1.1

The last two entries in the file have to be customized. Enter the IP address of your Raspberry Pi (the static IP address that you assigned at the beginning) and of your router. Make sure that the domain names always end with a period. At the beginning of the file, after the serial number, set how much time there should be in between regular actions. The two declarations NS and MX specify that both the name server and the mail server are provided by the Raspberry Pi.

Tip

At the beginning of the file, always enter a serial number: It uses the format YYYYMMDDXX, the date (in the order of year, month, day) plus an ascending serial number – in case you create multiple versions in one day.

Now create the reverse zone file:

sudo nano /etc/bind/db.rev.1.168.192.in-addr.arpa
    @ IN SOA raspberry.home.lan. hostmaster.home.lan. (
        2017081401 ; serial
        8H ; refresh
        4H ; retry
        4W ; expire
        1D ; minimum
    )
               IN NS raspberry.home.lan.
    1         IN PTR router.home.lan.
    31        IN PTR raspberry.home.lan.

This example assumes that your local network address begins with 192.168.1. If this isn’t the case, then you need to enter the correct address in the file and define the file name. Remember that the other file name also needs to be entered in the corresponding position in /etc/bind/named.conf.local.

If you install a DNS server on your Raspberry Pi, then this functions as a cache of DNS queries. This means that as soon as you’ve queried a name resolution, the entry remains saved in your DNS server. For now, DNS queries are still forwarded to another server. The location of which can be set in /etc/bind/named.conf.options. Open the file and change the IP address in the “Forwarders” entry:

sudo nano /etc/bind/named.conf.options 
    forwarders {
      1.2.3.4;
      5.6.7.8;
    };

For example, you can enter the IP address of your internet provider’s DNS server here or of an open system. The Google server (8.8.8.8) is a popular choice. If you want to be independent from commercial providers, you can also use a free system like the Digitalcourage e.V. (85.214.20.141).

You’ve now configured a DNS server with BIND on your Raspberry Pi. For the changes to take effect, you should restart the program from this point:

sudo service bind9 restart

Or:

sudo service bind9 stop
sudo service bind9 start

If you encounter an error when starting the DNS server, it might be worthwhile to take a look at the log file under /var/log/syslog. So that you don’t have to restart the DNS server manually after restarting your Raspberry Pi, you can enter it into the system autostart:

sudo update-rc.d bind9 defaults

Now you just have to enter your new DNS server into your router’s settings, so that requests for name resolution run through your Raspberry Pi. In the device settings (usually accessed via the web interface), enter the IP address of the Raspberry Pi. Now you have control over the DNS entries and can block particular servers, for example to protect yourself from pages that want to harm you or gain access to your information. To do this, you have to set up DNS blocks. This is done in a file, which you enter first into the configuration file of bind9:

sudo nano /etc/bind/named.conf

The file is added as a new entry under the previously existing file, and closed with a semicolon:

include „/etc/bin/named.conf.blocked“;

In this file, only enter the domains that you want to block. To know which domains should be blocked, you can reference several different lists. In this example, we use a list from the DNS-BH Project, which has a premade zone file for BIND. This can be downloaded and opened with a text editor. The entries are already in the correct format, and so can simply be copied into your own block list. Entries must have this format – even when you’re using different sources:

zone "malware-example.ga"  {type master; file "/etc/namedb/blockeddomain.hosts";};

At the end of the line, a file is named to be used when the corresponding domain is called. This file is created as follows:

sudo nano /etc/namedb/blockeddomain.hosts

There, enter the following code:

$TTL        86400
@             IN            SOA         raspberry.home.lan. hostmaster.home.lan. (
                                                        2017081401 ; serial
                                                        8H ; refresh
                                                        2H ; retry
                                                        10D ; expire
                                                        1D ; minimum
)
    NS raspberry.home.lan.
    A 127.0.0.1
* IN            A             127.0.0.1

Make sure once again that you enter the correct values for your domain here (in this case, raspberry.home.lan). Restart bind9 again. Now your DNS server should be correctly configured and ready to start.

Tip

With a Raspberry Pi, you can also set up other servers: Learn how to create a Webserver or a Mailserver with the minicomputer!

Was this article helpful?
We use cookies on our website to provide you with the best possible user experience. By continuing to use our website or services, you agree to their use. More Information.
Page top