Setup your compute instance, choose Ubuntu standard 20.04 which is also in the free tier:
Switch to root:
sudo su -
Install Bind:
apt install bind9
Confirm Bind9 service is running:
systemctl status named
Install netstat, and confirm Bind9 service is listening:
apt install net-tools
netstat -lnp | more
Allow port 53 tcp/udp through the local firewall:
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 53 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p udp --dport 53 -j ACCEPT
Save the firewall rules:
sudo netfilter-persistent save
Next you will need to edit the named.conf.options
sudo nano /etc/bind/named.conf.options
Below is example configuration
acl "trusted" {
localhost; # localhost
192.0.2.0/24; # Network
192.168.1.10; # Single IP
};
options {
listen-on port 53 {
any;
};
// listen-on-v6 port 53 {
// any;
// };
directory "/var/cache/bind";
statistics-file "/var/cache/bind/named.stats";
zone-statistics yes;
version "Not Currently Available";
empty-zones-enable no;
notify no;
dnssec-validation yes;
auth-nxdomain no; # conform to RFC1035
allow-recursion { trusted; }; # enables recursive queries
allow-query { trusted; }; # only allows access list to perform dns queries
allow-transfer { none; }; # disable zone transfers by default
};
After you customize and save the above, check your config:
sudo named-checkconf
If everything looks good then restart bind
sudo service bind9 restart
You will now setup two Ingress rules one for TCP and one for UDP.
For the example I left the source CIDR 0.0.0.0/0 but you should limit to just your own network.
That’s it now you have your own private DNS server in the cloud, which performs lookups directly without using any public DNS servers.
Amazing! Thaks a lot for this helpful information.