Boost Your Network Speed: How to Set Up a Caching-Only DNS Server with BIND9 on Ubuntu 20.04
Tired of sluggish web browsing and slow name resolution on your network? Every time you visit a website, your computer performs a DNS lookup to translate a human-friendly domain name (like www.google.com) into a machine-readable IP address. When multiple devices on your network repeatedly request the same domains, they are all sending identical queries out to the internet, creating unnecessary latency and consuming bandwidth.
A caching-only DNS server is a simple yet powerful solution to this problem. By setting one up on your local network, you create a central repository for DNS query results. The first time a domain is requested, your local server fetches the answer from the internet and then stores, or caches, that result. Subsequent requests for the same domain are answered almost instantly from the local cache, dramatically improving network performance and responsiveness.
This guide will walk you through the process of configuring a secure, high-performance caching-only DNS server using BIND9—the most widely used DNS software—on an Ubuntu 20.04 server.
Why BIND9 for a Caching Server?
While there are other options, BIND (Berkeley Internet Name Domain) is an industry-standard, robust, and highly configurable DNS server. For a caching-only role, its setup is straightforward and provides significant benefits:
- Increased Speed: Local query responses can be delivered in milliseconds, making web browsing feel much snappier.
- Reduced Bandwidth: It minimizes redundant external DNS traffic, which is especially useful for metered connections.
- Enhanced Reliability: If your ISP’s DNS servers are slow or temporarily unavailable, your local cache can still resolve frequently accessed domains.
Step 1: Installing BIND9
First, you need to install the BIND9 package on your Ubuntu 20.04 server. It’s always a good practice to update your package list before installing new software.
Open your terminal and run the following commands:
sudo apt update
sudo apt install bind9 bind9utils bind9-doc -y
This command installs BIND9 itself, along with useful utilities like dig for testing and the official documentation.
Once the installation is complete, the BIND9 service, known as named, should start automatically. You can verify its status with:
sudo systemctl status named
You should see an “active (running)” status.
Step 2: Configuring BIND9 for Caching and Security
By default, BIND9 is configured as a more complex authoritative server. We need to modify its configuration to operate strictly as a caching-only server that only responds to queries from our local network.
The primary configuration file we need to edit is /etc/bind/named.conf.options. Open it with your preferred text editor, such as nano:
sudo nano /etc/bind/named.conf.options
Inside this file, you will make a few critical changes. Find the options { ... }; block and modify it to look like the example below.
Important: Replace 192.168.1.0/24 with your actual local network’s IP address range and 192.168.1.100 with your Ubuntu server’s static IP address.
acl "trusted_clients" {
localhost;
192.168.1.0/24; // <-- Change to your local network range
};
options {
directory "/var/cache/bind";
// Enable recursion for trusted clients
recursion yes;
// Specify which clients are allowed to make queries
allow-query { trusted_clients; };
// Listen on the localhost and local network interface
listen-on { localhost; 192.168.1.100; }; // <-- Change to your server's IP
// Optional but highly recommended: Add forwarders
forwarders {
8.8.8.8; // Google's Public DNS
1.1.1.1; // Cloudflare's Public DNS
};
// Prefer forwarders over root lookups
forward only;
dnssec-validation auto;
listen-on-v6 { any; };
};
Let’s break down these crucial directives:
acl "trusted_clients": An Access Control List (ACL) is a security best practice. We define a group calledtrusted_clientsthat includes our server (localhost) and our entire local network (192.168.1.0/24).recursion yes;: This enables the caching functionality, allowing the server to perform lookups on behalf of clients.allow-query { trusted_clients; };: This is a critical security measure. It instructs BIND9 to only accept and process DNS queries from the clients defined in ourtrusted_clientsACL. Without this, your server would be an “open resolver,” which can be abused in DDoS attacks.listen-on { ... };: This specifies which IP addresses the BIND9 service should listen on for incoming queries. We includelocalhostand the server’s own local IP address.forwarders { ... };: This tells your BIND9 server where to send DNS queries that are not already in its cache. Using reliable public DNS resolvers like Google (8.8.8.8) or Cloudflare (1.1.1.1) is often faster than having BIND query the root DNS servers directly.forward only;: This ensures that BIND only uses the servers listed in theforwardersblock.
After making these changes, save the file and exit the editor.
Step 3: Validating and Restarting the BIND9 Service
Before applying the new configuration, it’s essential to check for any syntax errors. BIND includes a handy tool for this:
sudo named-checkconf
If this command returns no output, your configuration file is syntactically correct. If it reports an error, go back and double-check your edits in named.conf.options.
Once the configuration is validated, restart the BIND9 service to apply the changes:
sudo systemctl restart named
Step 4: Testing Your Caching DNS Server
Now for the fun part: seeing the performance improvement in action. We’ll use the dig command to test our server. The first time we query a domain, the server has to fetch it from the internet. The second time, it should be served instantly from the cache.
Run the first query against a domain, pointing dig directly to your new DNS server (@localhost):
dig @localhost www.ubuntu.com
Look for the Query time: line near the bottom of the output. It will likely be a value between 20 and 200 milliseconds, depending on your internet connection.
Now, run the exact same command again:
dig @localhost www.ubuntu.com
This time, check the Query time: again. You should see a dramatically lower value, often 0 or 1 msec. This confirms that the response was served from your server’s local cache, not from the internet.
Congratulations! You have successfully configured a secure and efficient caching-only DNS server. You can now configure the devices on your network (or your router’s DHCP settings) to use the IP address of your BIND9 server for all DNS lookups to enjoy a faster, more responsive internet experience.
Source: https://kifarunix.com/setup-caching-only-dns-server-using-bind9-on-ubuntu-20-04/
