I did not know you could use Visual Studio Code to simulataneously access an SSH terminal and access remote folders. You just made my job easier to drop files to my servers. Thank you, Christian.

You're an absolute legend. I've followed two of your videos now and both have been enormous time savers. I'm just getting started with a homelab and setting everything up is extremely daunting and time consuming. You're an incredible resource!

Your are far by the best KZbinr for this kind of content as you don't just explain how to do something, you explain why to do things and how they actually work and not just saying put this here and there and it'll work. Love it!!! Shows you have put a lot of time into understanding the concepts properly.

I now use technitium dns server - it‘s open source, easy to install on every os (docker, too), very feature rich, really secure and completely with graphical user interface.

Fantastic! You explain it in a way that is so easy to understand. When I hade to learn Bind 30 years ago it took forever and was as theoretical as it could be. Thank you again for an excellent tutorial.

Wow, this is awesome. I was always frustrated with the number of changes needed to have proper DNS resolution in a small network without a proper DNS server. Had I only invested a few hours to understand and setup bind9, this would have saved me a ton of time. Thanks Christian.

Hallo Christian, von mir und meiner Familie wünsche ich ein frohes neues, glückliches und erfolgreiches Jahr 2023! Meine Kinder stehen total auf deine IT Beiträge, wir schauen dieses Video gerade zusammen auf dem Beamer. Gruß aus Wiesbaden und vielen Dank für die Mühe : )

Hi Christian ! Nice Bind opening clip. But more interesting will be to make a public/local DNS server and segregating trafic will be a nice continuations. Also a good tutorial, as you do, about MX records with DKIM, DMARK , SPF records ;-)

Nice video to kick-off 2023 and a great explanation how to set up a bind server. It's a long video, and I was only loosely interested, but finished it in one viewing. One of your best video's ever!

I personally use bind9 since very long time but never thought on running on a docker container... what a great idea actually! Great video!

Christian, thanks from the USA! It's nice to listen to someone who actually understands computers, operating systems, and networking. Good job!

You fell from heaven with this video. I planning to local DNS for my devices :) Thank you :)

I'm looking forward to watch ansible coming into play. Actually I'll try to automate the whole Bind deployment. Thanks for this great video.

Thanks! Such great info!

I almost switched my DNS to BIND, but decided to go with Unbound and NSD instead. Still, great video, configuring services like DNS and DHCP for your own network by hand is really a great learning experience

Vielen Dank für die hilfreichen Anweisungen, es ist auch schön, deine persönliche Herangehensweise an technische Themen zu hören.

Hi, thank you for this great video! I'm actually preparing to provide an own DNS server (also planned to use the Ubuntu/bind9 docker image) for my local network. You give many useful tips that will help. So again: thank you and you have a new follower now 😉. Cheers from Germany!

Christian, this was brilliant. Got my homelab DNS running with this. THANK YOU ♥💙💜💚🧡🧡

This have been the most useful source I found for setting up an DNS Server, and granted I still had to troubleshoot somethings but this was so helpful and didn't over complicated things

Hi Christian, interesting video. Just an idea: you could install a second Bind9 server and use the VRRP Protocol to cover the fallout of the first one. I‘ve done that with 2 Piholes on different servers with 1 virtual DNS address. If the first DNS server fails, the second one automatically takes command of the name resolution until the first one recovers 🤷🏼‍♂️. Works flawlessly! LG aus Luxemburg 🇱🇺

Gru you are killing it.

I don't know that bind9 is configured so easy before! Thanks for the video

I'm just getting an error - "open: /etc/bind/named.conf: file not found" and then it exits. I have the file in the folder so I am pretty stumped.

I have been waiting for this for so long! Thank you.

Really lovely walkthrough of your process. Thankyou for sharing. Happy Saturday brother

Perfect hit - i was looking for that currently. Thank you 🎉

such a good video - watched it last night and have it up and running in 20 minutes for my home lab!!!!!

This is exactly what I needed. Thanks Christian!

I followed your tutorial and it worked like a charm. Great tutorial! Thank you.

Happy new year and great start with your awesome video and wealth of info as usual.

Great video! This is something I have been wanting to do for my home network. Thank you for creating this tutorial!

thank you for taking the time to make this video. it helped me

I love this channel, for more tutorials of this style, thank you very much.

Thanks a lot, Christian and a blessed 2023. Do you planned a second part with explaining split horizon and things like TLS w/LE for our local labs (0:52)?

Please do a full home lab tour video with this included :) Everything thats running in your homelab!

One thing you may want to look at for outside requests using an SSL DNS server. I have the outside request routing through STunnel. This will stop anyone from logging your DNS requests

This setup looks neat, think I'll be setting up my own DNS resolver this weekend! 🌟😍

do you have the same thing in docker ? Could not open '//run/named/named.pid'

Thanks!

that's great! next topic could be how to issue a certificate from let's encrypt

Danke, genau was ich gesucht hab. Da Bind9 nur die Config Files braucht kann man das auch Super als Infrastructure as Code direkt aus dem Git hochziehen lassen. Perfekt Terraform für die VM und dann Ansible & Docker um Bind9 zu deployen. So macht Infrastruktur Spaß :)

Thanks for the demo and info, have a great day

Great video Christian! I'm looking at creating implementing my own DNS service in a private subnet in the cloud (rather than at home), which I connect to via a VPN, and I'm considering doing this. I'm sure there are probably some tools offered by the cloud provider (I'd rather not use those, in this particular cAWSe, or maybe by the VPN server (openvpn access server), but bind9 seems like a solid way to do things. I've yet to watch your Cloudfare Tunnel videos, so maybe those have some info re. DNS while connected remotely.. As always, I learned a ton; looking forward to the next video!

DOES NOT WORK for me. I get a "communications error to #53: connection refused" and "no servers could be reached" Port mapping in Yaml file is "53:53/tcp" and "53:53/udp" and DNSStubListener=no in the docker host vm resolved.conf file (docker host vm is Ubuntu server 22.04 LTS on Proxmox bare metal). Port #53 is also open on the docker host vm firewall. How can docker host vm forward #53 to bind9 #53 if DNSStubListener=no? Internal DNS queries are not reaching my bind9 docker container. Please help?

I've been running bind for years now. I use a caching dns config to speed up things. I deploy my services via Ansible which also manages my zones via Ansible templates. Traefik is awesome in that chain to facilitate reverse proxying. Really great recap on all the intricacies!

Great video! Very interesting stuff to learn 😊 thanks for your time to explain it into detail. Also happy newyear 🎉

Bit of advice, never use the :latest tag, look up the latest version tag (eg 2.4.2) and use that one instead. Always use a specific version and update in a controlled manner. You do not want to be in a situation where you've accidentally pulled a new version and your config files no longer work with that version. It will save you a lot of headache when something goes wrong or you have to migrate to a new server. You can backup your configs and docker file, but it does not ensure you that those config files will work on another device as you've not defined a version tag in your docker file, you may pull a completely different version. (I'm bad at explaining, please do look up why you shouldn't use :latest to understand it better)

11:32 and what color Themen you using in VS Code

@christianlempa a few notes: 7:26 Small nit-pick: it's "I. S. C." (Internet Systems Consortium) and not "I. C. S." You mentioned the incorrect acryonym a few times. 18:30 Try using dig (vs nslookup), since you're using BIND. IMHO (and as a former DNS admin for a large ISP), dig is more powerful and streamlined. For EL distros, you'll find it in the "bind-utils" package. Not sure about Mac or Debian-based distros like Ubuntu. 19:30 FYI, the reason why you can use .home, .corp, and .mail (but not .local) TLDs on your private network is because ICANN's board found they were already in prevalent use, and attempting to introduce them publicly would be "high-risk" due to potential name collisions. Originally, these TLDs were not listed in any standard (or RFC) and were technically off-limits (even though people still used them), at least until ICANN Resolution 2018.02.04.12 stated "the delegations of such high-risk strings would be deferred indefinitely." 21:15 Use named-checkconf and named-checkzone. There's probably a config option or extension in VScode to automate this, or you can just add a precommit githook. 31:30 I'm surprised you went with BIND over CoreDNS, since I know you're interested in Kubernetes and especially given your automation aspirations (check the ectd plugin for use outside of k8s).

I use NextDNS as I can use it to protect my kids from nasties on the Web, both on my LAN and when they roam. It's an easy package to install on OpenWRT. I ended up doing split horizon without even knowing what it was by putting my internal services in the hosts file on OpenWRT. It works so I don't want to mess with it but would really like to move away from OpenWRT. This has given me a lot to think about. Thank you for the guide 👍

Hey Chris, have you tried integrating PowerDNS for graphical management of DNS? It would be interesting to see it in a video. I have it set up in my lab with KVM/LXC and it's very useful.

It would be great to be able to like twice, this is a very good project.

Damnn, this bring back memories. I have an class where we configured an linux machine from the ground up, and dns with bind9 was one of the configurations we have to do, sadly at the time I don't give much value to it and only remenbered now

Hi Christan, danke Dir vielmals, hat mir sehr geholfen. VG!

9:30 what SSH Extension you use in VS Code?

I like your videos. I watch them.Thank you! Just one thing about audio, I can improve it just for free. It's no problems for me, I can help.

9:50 what font you are using in VS Code?

Is it possible to create DNS cache to have lets say more commonly used DNs entries saved locally in our cache?

Hi Christian, I have one mir question: in the compilation of DHCP with Sophos XG and bind9, is it possible to get not reserved ip addresses from dhcp, this ip, hostname and domain is registered und bind9, so that this ip and this hostname can be resolved? I try to not reserve ip addresses and I do not want to create manuell bind enties. For me this works right now only with dhcp and unbound and only when both services run on the opnsense.

why are you storing the cache persistently in the docker-compose example? this seems like temporary data that should be removed when the container is deleted

Hey, just a tip. If you want to show console input/output, maybe move the window up a little, because if you watch the video with subtitles, you can't at all see what's going on.

Great video, I use pihole’s local dns features. Works great :)

Love your videos, I've learned a ton from you.

What about internal Docker networking? Say I have a MySQL and RabbitMQ server on a machine in my home lab that any of my other dev machines can connect to. Easy enough when running on localhost, just set the HOST variable to the internal domain to that server - but what about in Docker, if I have a service running on Docker and I want it to connect to the same MySQL/RMQ service, how do I set Docker networking to recognize my custom homelab domain?

Finally a technical guy not going assembly lang

AddOn Question. When using nginx (for example to avoid maintaining all those certifiates on each system individually), all DNS Names would point to the proxy. if I ssh into the target like ssh DNSName, target is the nginx server, not the real server. Are you solving this issue somehow?

It was super tutorial, Thanks for this❤

Nice introduction, thanks! Would like to implement something like this, but would miss the automatic DNS records that pfSense is providing via DHCP leases...

I'm way behind but I'm also going back to bind9. We used it at work a couple of years ago and I laughed at the old half-dead guys running it.. now I'd love to have it that simple and being able to easily manage it automagically with Ansible or Terraform.

Can you show us how the split DNS works? it looks like we only got the information to configure a local DNS

Since you ask I have been running local bind, dhcp and smtp sevices for about 15 years. Originally I used an HP-UX system later moving to Centos and recently to Almalinux. I have owned a number of domains and master 'home.' variants for local use. Originally, when Internet connections were slower, it cut dns chatter on the Internet link by caching. The DHCP allows me to assign consistent IP's to my local devices and distribute DNS, gateway, NTP and other configuration. The DCHP on most ISP routers is pretty lame.

You are rocking that turtleneck!

You can use external-dns on k8s to auto sync dns records for ingress/services

worth mentioning - you need to first assign static IP addresses to all your devices on your DHCP router. Is there anyway that DHCP and DNS can "talk to each other". For example, DHCP tells bind "hey a new server came up with the hostname "homelab" and I am assigning it the IP x.x.x.x . Plz register it in your configs

Great video, I use Adguard as home DNS

Great video Chris ! , yet may be implementing our own Local DIY CDN is a good perspective to avoid using cloudflare for full privacy.

Did you talk about needing to run the bind Docker container on the Host network? Can’t remember but you need the container to listen on the host IP address to be externally accessible.

when I have this DNS solution setup. I am not an expert in these things so I ask. What is the best practice to provide ssl certificates for my private web interfaces that I can get rid of the annoying security message? Thank you

I want to setup a "local" dns to serve "internal" network addresses on my home network, not to be tied to the internet or make my hosts available to external networks. Everything I keep finding requires me to have a "real" domain name with dns servers reachable by the internet. Im only looking to serve internal addresses only for internal use. I have about 70 hosts on my internal network which is way too many to keep track of manually, so I need some internal DNS just for my home network.

Why doesn't the hostnames work alone? I have to type the fqdn. Also, why ami not able to ping via the name? I put in my browser the fqdl and they work.

I am unable to get this to work I shange the DNSStubListener to no and restart but when I try again I get the same error

It is a very comprehensive setup guide. I have a question how to connect and run a spring docker container to a external standalone Oracle database?

I use nsupdate to register addresses in bind9 when my Mikrotik router issues a DHCP offer

Hey Christian! Nice video! I'm using Pfsense which supports wildcard certificates.

Awesome video! I tried that for myself, and experimented a bit with allowing my DHCP updating the DNS configuration whenever it issues a new lease. However despite setting the BIND9_USER=root like in your example, bind9 was not able to create a journal in the config folder. Setting the permissions of that folder to 777 solved the issue. The newly created ".jnl" file that contains the DHCP update is however created using the root user. That's a bit strange, that root is not allowed to create files... have not found the reason for that yet.

Hi Christian, happy new year! A great follow up to this video would be how to generate certs for the internal hosts using letsencrypt.

@Christian, you’re an amazing teacher. You take some pretty complex subjects and make them not only understandable but exciting to try (at least for nerds like me). One question. You are using two different programs. One for terminal commands and one for text files. Both have some sort of auto-complete working on them. Can you share what two programs those are? I’m just curious. Thanks for another great video.

install pihole in a docker beside it and set pihole as the only forwarder. i have this in an ha pair with Kea DHCP and PHPIPAM

Don’t forget to add the docker networks to the internal ACL list, or you may end up like me wondering why portainer does not resolve 😅 BTW I use views to control who sees what. As a side note if you are privacy cautious do not use forwarders. Bind is capable to resolve on its own. You may need to setup a hint zone to speed things up a little.

You could configure your DHCP server to use dynamic dns for automatic updates to bind. Each VLAN could correspond to a different sub-domain. I don't think you need terraform or ansible.

Is there any container that can automatically create DNS based on the container name, like Traefik does for routing?

I have a question that comes to mind We assume that we have 5 records, all of them with the same domain name, and each record has a different IP Why when requesting query The Name Serverin Response brings me all five records, not one or two Is this constant in dns consept( i mean all dns softwares works in this way or not)? Or there something that can control this? I mean two records only go not the five

👌 Mit dir müsste man mal ein Bierchen trinken :D Danke für alle deine interessanten Videos!

I would like to know more about updating the zone files.

I am currently using my firewall which forwards to PiHole which forwards to Unbound. Unbound is a root level DNS resolver. PiHole and Unbound are running in a single Docker Compose deployment.

I'd put a caching server like pihole on the inside and give out that IP to clients. That creates a consistent model for internal and external/3rd party domains: client->cache->[main cache]->authoritative server. This scales better if you go multi-site as you keep your authoritative systems in the data centre and put dumb caches out on sites and you can put your authoritative server somewhere nice like a DMZ, where it can publish out to the internet and do zone transfers to your ISP if required. Of course you can zone transfer to the DC (for things like dhcp dns registrations), but I think its neater centralise first if possible. You probably want to protect your primary DNS server with a DMZ which only allows outbound zone transfers to secondaries and doesn't answer queries itself. If someone hacks your DNS, you're toast.

Hello, I was start with bazar Dell T20 server with Debian based and I also runnig KVM one of the virtual machine for DNS resolution. I have Cisco switch for VLANS. Also I was write my own router based on nftables on hardware of "PCENGINES" there I have working with BIND9 and ISC-DHCP which is forward all and make DDNS requests. This all running on my KVM machine where is I also running PiHole. What I try to replicate Sophos from my work to my own written firewall :-). They just use same technology.

where is the yaml file used in this video?

what terminal extension are you using to show the folders and files

im a bit confused here, did we make a DNS server that just forwards the queries to 3rd party servers or a recursive one that he's mentioning throughout the video, to me it seems like its just a forwarded instead of a recursive DNS server