How to Setup a Home Lab DNS Server for your domains

Setting up a home lab DNS server may sound like a daunting task reserved for IT professionals, but fear not! You will gain a deeper understanding of how the internet functions and have complete control over your domains, creating a playground of endless possibilities.

Imagine having the ability to host websites, set up personalized email addresses, and create subdomains to organize your online presence—all from the comfort of your own home. The homelab DNS server is the gateway to this world of digital empowerment, where you become the master of your own digital destiny.

What is a DNS Server?

DNS, or Domain Name System, is an integral part of Internet technology, operating much like a phone book for the Internet. It facilitates the conversion of human-readable domain names (such as www.example.com) into computer-readable numerical IP addresses like 192.168.0.1.

This is achieved through a DNS server, which resolves domain names to their corresponding IP addresses, simplifying internet navigation. Imagine remembering the numerical IP address for every website you visit – a task mitigated by the DNS service. DNS operates hierarchically, utilizing root servers, domain servers, authoritative name servers, and recursive resolvers to address DNS queries and enable smooth online communication efficiently.

What is a DNS zone file?

A zone file is a text file that describes a DNS zone. A DNS zone is a portion of the DNS namespace delegated to a specific administrator or hosting provider. The zone file contains mappings between domain names and IP addresses in the form of records.

There are mainly two types of zone files; forward and reverse. The forward zone file maps domain names to IP addresses, allowing a DNS resolver to find the IP address of a domain or hostname. The reverse zone file, on the other hand, maps IP addresses back to domain names, enabling reverse DNS lookups.

DNS zone files are crucial for the proper functioning of the internet as they help to resolve human-friendly domain names into numerical IP addresses that computers use to identify each other on the network. The zone files follow a specific syntax and structure for effective DNS resolution. This includes several zone file parameters such as the Origin, Time to Live (TTL), Start of Authority (SOA), and different types of DNS records like A (address) records, CNAME (Canonical Name) records, and PTR (pointer) records.

Why you should set up a Homelab DNS Server for your domains

1. Gain a better understanding of DNS

Setting up a home lab DNS server provides an invaluable opportunity to delve into the fascinating world of Domain Name Systems (DNS). Through this hands-on experience, you’ll gain a deeper understanding of how DNS works.

2. Provide DNS service for your Domains

A DNS (Domain Name System) service is a valuable tool for establishing and managing your own Nameserver for your registered Domains. Utilizing a DNS service lets you conveniently maintain and manage your DNS records directly from within your lab environment, providing you with enhanced control and flexibility over your domain management processes.

3. Have more fun

Well, having your own DNS server in your home lab connected to the worldwide Internet is simply fun. Learn how to configure the services, create records, and use them for your own domains. Experiment with different settings and configurations to discover what works best for you. It’s fun and interesting!

Your home lab is part of the internet. 🙂

Step-by-step guide on setting up a Homelab DNS Server

Step 1: Requirements for your home lab DNS server

1. For a home lab environment, I recommend VMware or Proxmox as your hypervisor platform
2. set up a dedicated VM for your DNS server
3. best use a fixed public IPv4 and/or IPv6 address
4. register a domain you want to use for your DNS server
5. think about a hostname for your VM. For example, I use yuminet.ch, and my DNS server is ns1.yuminet.ch. Which means the hostname is NS1. NS is a common name for DNS servers.
6. Ask your internet provider if they are willing to register your DNS server as an authoritative server to the internet.
7. Remember to open some ports for DNS in your home lab firewall. Required port for DNS TCP/UDP. I recommend enabling ping replies.

Step 2: Install and configure ISPconfig/Bind9

I will not cover in detail how to install the DNS Server. There are various ways. However, I recommend using the ISPconfig (open-source) software. ISPconfig provides a handy hosting panel and offers more services than DNS only.

ISPconfig covers several functionalities like a web server, mail server, DNS server, and virtualization. All services are managed through a convenient web interface. I use ISPconfig in my home lab with all its services except virtualization.

As an aside ISPconfige makes installing a secure mail server easy based on Postfix with Dovecot. ISPconfig’s DNS simplifies the management of essential mail system records, ensuring reliability and ease of maintenance..

ISPconfig runs with Debian or Ubuntu. I recommend using Ubuntu 22.04, which is the long-term distro.

In short:

1. Install Ubuntu 22.04 – find here a good instruction guide
2. Install ISPconfig – see this link for detailed installation instructions. ISPconfig developed a fully automated installation script. There is no need to download it first.

If you don’t want to install all services, ISPconfig offers advanced installation options.

The installation process is pretty straightforward and doesn’t take long.

After the installation point your browser to http(s)://server1.example.com:8080/ or http(s)://192.168.0.100:8080/. ISPconfig uses port 8080 by default. However, you can change the port to something else. I have written a separate article on how to change ISPconfig port for the WebGU. I use port 15080.

If you find the ISPconfig installation to be cumbersome, you have the option to install only Bind on a Ubuntu 22.04 server. The web GUI of ISPconfig is incredibly convenient, essentially functioning as a Bind9 with a WebGUI. It allows for direct configuration file editing through the WebGUI.

Step 3: Create your first zone file

The next step is to create your first zone file with ISPconfig. Click the DNS icon, Add DNS Zone.

The DNS Zone Wizard appears.

The tool can manage various clients; therefore, you must set up a client first in the Client section (the second icon from the left at the top bar). Afterward, you can delete the client in the client field.

Domain field: enter your domain name

IP address: enter the public IP address of your server

NS1: is the primary nameserver, for example, the hostname + domain name.

NS2: is a secondary nameserver, it is not necessary, but good in case the primary nameserver is down.

Email: enter an email address

DKIM: is selected and cannot be changed

Optionally you could add DNSSEC

After completing the task, select “Zones,” where you will find many record names to add your zone.

Step 4: Register a reverse Zone file

A reverse zone file is critical to DNS configuration, specifically for reverse DNS lookups. It maps IP addresses back to domain names, providing the opposite information of a forward zone file. This file has a structured pattern: IN PTR <FQDN>. It’s vital due to several reasons.

Firstly, it confirms the authenticity of IP addresses and helps avoid IP spoofing. Secondly, it facilitates debugging in network scenarios by providing the ability to identify the linked domain name of an errant IP address.

Lastly, many email servers use reverse DNS lookups to check the credibility of the origin IP, hence reducing spam. Improper or non-existent reverse DNS can thus lead to email delivery issues. Therefore, maintaining an accurate reverse zone file is crucial for secure, efficient network communication.

So if you are also using your domain for email and let it manage by your own DSN server, a reverse zone file is important to add PTR records. Email servers from Google or Microsoft and many more are checking the PTR record. If you don’t have one, there is a high chance that the email will bounce back or be identified as spam.

In ISPconfig, you add a reverse zone file exactly the same as the normal one. A reverse zone file only contains PTR records.

Step 5: Register your DNS server with the Internet (Glue record)

Glue records are DNS records created at the domain’s registrar to avoid circular references, allowing for DNS name resolution and for the listing of nameservers inside the domain itself. They are necessary when hosting your own authoritative servers or in the case of Dedicated DNS, where a separate domain name is registered for the DNS servers. The nameserver IP addresses must be added to the registrar as glue records before your home lab DNS server becomes an authoritative DNS server.

Some domain registrars allow adding a GLUE record through its control panel. In my case, I had to contact my domain registrar by email and ask to add my domain name and IPV4 and IPV6 as GLUE records.

Testing DNS Server

It’s time to test if our new home lab DNS server responds to public DNS requests. There are many test tools available on the Internet. I use MX Toolbox.

Run a DNS lookup and check if a record with your domain name and IP Address is published. Check (red arrow) which name server responds. You should get a response from your newly created home lab DNS server.

If the test fails, check the zone file and ensure the GLUE record is accurate.

Conclusion

In conclusion, setting up a home lab DNS server is a great way to understand DNS better, provide DNS service for your domains, and have fun experimenting with different settings and configurations.

Installing and configuring ISPconfig/Bind9 lets you easily manage your DNS records and control your online presence. So why not take the leap and become the master of your own digital destiny? Start your journey towards a more empowered online experience today.

I would love to get some feedback from you. Was this article helpful? Please share your opinion with me in the comment section below. Or, if you prefer a more personal touch, feel free to email me directly at info@edywerder.ch. Your thoughts and insights are always appreciated. Additionally, you can connect with me on Reddit at Navigatetech.