How to Setup Bind (DNS Server) on Debian 12

In this blog post, you will learn how to setup Bind (DNS Server) on Debian 12 step-by-step.

BIND (Berkeley Internet Name Domain) is a feature-rich, open-source DNS software extensively utilized on Unix/Linux systems because of its optimum performance and stability. Many companies use Bind, which is available for free download, to run authoritative servers and a caching DNS server.

IPv6, split DNS, DNSSEC, Transaction Signatures (TSIG), load balancing, incremental zone transfer (IXFR), DNS Notify, and Transaction Security are among the technologies it supports.

Currently, the latest version of BIND is 9. Nowadays, a lot of system administrators and network administrators utilize Bind9 DNS to perform various tasks such as reverse translation, DNS query resolution, publication of DNS information online, and domain name translation to IP address translation.

Overall, Bind offers admins fine-grained control over a DNS server and has full DNS security extension support.


  • An active running Debian 12 system.
  • Sudo or root privileges
  • A reliable static IP address

Lab Details

  • Bind Server IP:
  • Domain:
  • Private Network:

Without any further delay, let’s deep dive into Bind 9 or DNS server installation and configuration.

1) Install Bind DNS Server on Debian 12

First, let’s start by updating the apt package manager.

sudo apt update

The Bind DNS package can be found in the Debian 12 default repositories. Run beneath apt command to install bind9 package.

sudo apt install bind9


Use the following command to confirm the Bind 9 version after installation:

sudo named -v


Now, run the following command to start and enable the Bind DNS service to start at system boot.

sudo systemctl start named
sudo systemctl enable named

To check the Bind service status, execute the command as shown:

sudo systemctl status named


2) Setup Bind (DNS Server) on Debian 12

The Bind DNS server keeps all of its configuration files under the /etc/bind directory. To list all the files, run the command as shown:

ls -l /etc/bind/


Let’s start modifying the /etc/bind/named.conf.options configuration file by adding forwarders, allow query parameters and acl for private network.

Note:  Your local DNS server will attempt to resolve the DNS query; if not, it will be forwarded to the forwarders.

sudo vi /etc/bind/named.conf.options

Add the following parameters:

acl private-network {;

options {
        directory "/var/cache/bind";
        allow-query { localhost; private-network; };
        allow-transfer { localhost; };
        forwarders {; };
        recursion yes;
        dnssec-validation auto;
        listen-on-v6 { any; };

Setup Bind DNS Server on Debian 12

When you’re done, save the changes and exit the file. Next, modify the /etc/bind/named.conf.local file to specify your domain’s forward and reverse lookup zones.

sudo vi /etc/bind/named.conf.local

Add the following lines:

zone "" IN {
        type master;
        file "/etc/bind/";
        allow-update { none; };

zone "" IN {
        type master;
        file "/etc/bind/";
        allow-update { none; };


Save and exit the file.

The following explains the contents of the configuration file:

  • is your forward zone.
  • is your reverse zone.
  • is your forward lookup zone file.
  • is your reverse lookup zone file.

Use the following command to check the configuration file for syntax errors:

sudo named-checkconf

If everything is okay, you shouldn’t receive any output.


3) Configure the Zone Configuration Files

The forward and reverse lookup zones require configuration files to be generated for your domain to work. A DNS zone that translates a domain name into an IP address is known as a forward lookup zone, while the reverse lookup zone is the one that changes an IP address into a domain name.

To get started, run the following command to access the /etc/bind directory:

sudo cd /etc/bind/

Now, execute the following commands, which will copy the forward and reverse lookup zone files:

sudo cp db.127
sudo cp db.local

Next, configure the forward lookup zone file.

sudo vi

Add the following lines:

$TTL    604800
@       IN      SOA (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL

;DNS Server Record
@       IN      NS
ns      IN      A

;Application DNS Records  IN  MX 10
www             IN  A
mail            IN  A
ftp             IN  CNAME


Save and close the file.Next, configure the reverse lookup zone file:

sudo vi /etc/bind/

Add the following lines:

$TTL    604800
@       IN      SOA (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL

;DNS Server Records
@       IN      NS
ns      IN      A
151     IN      PTR

;Application PTR Records
190     IN      PTR
191     IN      PTR

Save the configuration and exit the file.


Now, to implement above modifications, restart the Bind DNS service.

sudo systemctl restart named

To verify the forward zone file for syntax errors, run the named-checkzone command:

sudo named-checkzone

If there are no errors, the resulting screen should look like this:


Also, check the reverse lookup zone file for any syntax errors:

sudo named-checkzone


Great, output above confirms that zone files are configured correction with respect to syntax.

Note : In firewall is enabled on your bind server then execute the below ufw command to allow bind port (53).

sudo ufw allow 53
Rule added
Rule added (v6)

4) Test Bind DNS Server Installation

We have installed and set up the Bind DNS server so far. You must now test it to see if it is up and running. To test the DNS server, you can decide to use the dig or nslookup command-line tools.

Before start testing, make sure your system points to the DNS server “” for resolution. For the most of the Linux distributions, we add nameserver details in /etc/resolv.conf file. In my case, I am testing it on RHEL 9 system.

dig -t ns

This command should provide DNS related information regarding your configured domain.


To do the reverse lookup query, run the dig command against the IP address of the DNS server, as indicated below:

dig -x


Similarly using nslookup command, we can verify DNS records as shown below:


That’s it! The above outputs indicate that the Bind DNS Server is operational.


This post has just walked through how to set up Bind DNS Server on Debian 12. You can now set up the Bind DNS Server in your environment to resolve local DNS server queries. Feel free to post your queries and feedback in below comments section.

Also Read: How to Install Docker Desktop on Debian 12

Leave a Comment

2 × one =