Setup your compute instance, choose Ubuntu standard 20.04 which is also in the free tier:
Switch to root:
sudo su -Install Bind:
apt install bind9Confirm Bind9 service is running:
systemctl status namedInstall netstat, and confirm Bind9 service is listening:
apt install net-tools
netstat -lnp | moreAllow port 53 tcp/udp through the local firewall:
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 53 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p udp --dport 53 -j ACCEPTSave the firewall rules:
sudo netfilter-persistent saveNext you will need to edit the named.conf.options
sudo nano /etc/bind/named.conf.optionsBelow is example configuration
acl "trusted" {
localhost; # localhost
192.0.2.0/24; # Network
192.168.1.10; # Single IP
};
options {
listen-on port 53 {
any;
};
// listen-on-v6 port 53 {
// any;
// };
directory "/var/cache/bind";
statistics-file "/var/cache/bind/named.stats";
zone-statistics yes;
version "Not Currently Available";
empty-zones-enable no;
notify no;
dnssec-validation yes;
auth-nxdomain no; # conform to RFC1035
allow-recursion { trusted; }; # enables recursive queries
allow-query { trusted; }; # only allows access list to perform dns queries
allow-transfer { none; }; # disable zone transfers by default
};
After you customize and save the above, check your config:
sudo named-checkconfIf everything looks good then restart bind
sudo service bind9 restartYou will now setup two Ingress rules one for TCP and one for UDP.
For the example I left the source CIDR 0.0.0.0/0 but you should limit to just your own network.
That’s it now you have your own private DNS server in the cloud, which performs lookups directly without using any public DNS servers.
Amazing! Thaks a lot for this helpful information.