Overview
iKVM
Secure Login
Network Cards
Hard drives
SSHFS
Basic DNS
Website DNS
Certbot SSL
Apache and PHP
Maria DB
Mail Server Basics
Mail Server SSL
Mail Server Filters
Checklist
Backup
iKVM
Secure Login
Network Cards
Hard drives
SSHFS
Basic DNS
Website DNS
Certbot SSL
Apache and PHP
Maria DB
Mail Server Basics
Mail Server SSL
Mail Server Filters
Checklist
Backup
Last updated: August 2025
Website DNS
Note: This article series covers configuring Debian 12 for hosting multiple domains and web sites on a single dedicated server. As such, some strategies may be inappropriate for your environment. Sockets for example are appropriate for communication between services hosted on the same machine but not suited to a set up with distributed services (where you'd use ports). Please consult the overview for more information.
Operating System: Debian 12
Bind9: version BIND 9.18.33-1~deb12u2-Debian (Extended Support Version)
Ok, so now we've got your primary server domain and internet name servers set up, let's add the routing for a new web site that you want to host.
Essentially, we need to purchase a new domain, create a forward lookup zone file in your bind settings and set the name servers in your domain name account to the name servers you just set up and wait for that change to propagate.
First of all, nip into your domain name account and purchase the name you'd like to host.
Then, you need to login to your server and tell it about your new domain and then create a forward lookup zone file for that domain. I'll be adding benosborne.com in the examples below but obviously use your domain name.
Edit named.conf.local and tell your server about your new domain name and where it can find the zone file:
sudo nano /etc/bind/named.conf.local
...
zone "benosborne.com" {
type master;
file "/etc/bind/zones/benosborne.com.db";
};
...
Then create a forward lookup zone for your domain (which you specified the location of above!):
sudo nano /etc/bind/zones/benosborne.com.db
; BIND data file for benosborne.com ; $TTL 14400 @ IN SOA benosborne.com. admin.benosborne.com. ( 2025082101 ; Serial 900 ; Refresh 600 ; Retry 86400 ; Expire 3600) ; Minimum TTL ; benosborne.com. IN NS ns1.blnkserver.com. benosborne.com. IN NS ns2.blnkserver.com. benosborne.com. IN MX 10 blnkserver.com. benosborne.com. IN A 74.201.177.83 www IN A 74.201.177.83 mail IN A 74.201.177.83 benosborne.com. IN TXT "v=spf1 mx ~all"At the beginning of the file the SOA specifies the domain name this record is responsible for (followed by . to indicate that's the end of the name) and admin.benosborne.com which is the main contact email address for this domain but with the @ symbol replaced with a .
After the SOA stanza, I specify the name servers for this domain (NS records). Then the mail exchanger (MX) record which indicates which server will receive email for this domain. Then the A records, benosborne.com, www.benosborne.com and mail.benosborne.com and a text (TXT) record, called an spf record (Sender Policy Framework) which a receiving mail server will check when it receives an email to make sure your server is allowed to do the sending.
If you want to add an A record (sub-domain) to your zone, you can just copy the pattern for an existing A record and modify it to reflect your sub-domain. eg. to define the sub-domain 'articles.benosborne.com' it would just be:
articles IN A 74.201.177.83Make sure you also increment the serial value (in the SOA section) by one or your change might not be picked up.
If you wanted to host that domain as a web site on your server you'd also need a web server record defining that sub-domain (see the Apache and PHP article!).
It's worth noting that there are several ways that a receiving mail server may check to make sure that a message isn't spam (spf, DKIM, DMARC, spam blacklisting...) but most providers will accept a message if you have reverse DNS set up and an spf record in place, so I'll always tick those boxes.
Have a little read about that initial SOA stanza by the way. Those numbers mostly concern management of your DNS zone in a multi-server environment so I haven't really gone in to them here because we're only discussing a single server environment.
The only value I would mention is 'serial' which alludes to how new this version of the zone file is. It used to be that you'd start at 1 and increment by 1 each time you changed the file. These days it's common practice to use the YYYYMMDD## format. That's the date in reverse order followed by the number of the record on that day. Either will work but I prefer the latter because it adds meaning to the value.
Once you've finished editing your file (you can just find / replace benosborne.com with your domain name and change your name servers if you're feeling lazy!) then save it.
Make sure you reload your bind9 server to pick up the changes:
sudo systemctl reload bind9.service
Head back to your domain name account where we're going to add your name servers to that new domain.
It's usually pretty straight forward. If you're using namecheap, here's a guide to doing it:
https://www.namecheap.com/support/knowledgebase/article.aspx/767/10/how-to-change-dns-for-a-domain/
Once you've done that you can monitor the propagation using dnschecker.org.
When the changes have finished propagating you can ping your domain name to make sure it works. First, clear your cache - On Ubuntu that's:
Older Ubuntu
sudo systemd-resolve --flush-caches
Newer Ubuntu
sudo resolvectl flush-caches
Then ping your domain name, you might like to try the www subdomain because you can be sure that result is being returned from your server:
eg.
ping www.benosborne.com
PING www.benosborne.com (74.201.177.83) 56(84) bytes of data. 64 bytes from www.benosborne.com (74.201.177.83): icmp_seq=1 ttl=51 time=140 ms 64 bytes from www.benosborne.com (74.201.177.83): icmp_seq=2 ttl=51 time=139 ms 64 bytes from www.benosborne.com (74.201.177.83): icmp_seq=3 ttl=51 time=139 ms 64 bytes from www.benosborne.com (74.201.177.83): icmp_seq=4 ttl=51 time=140 ms --- www.benosborne.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3003ms rtt min/avg/max/mdev = 138.585/139.496/140.494/0.754 msThat's your website DNS set up! We'll need to configure our web services and a mail server if we want to react to any incoming traffic though, that's what we'll be doing next!
nslookup
One very useful tool for diagnosing DNS problems on Linux is nslookup.There are numerous patterns for getting different kinds of results but the one I recommend for verifying your settings is interactive mode which you start by just entering 'nslookup' with no parameters:
nslookup
You'll be presented with a > prompt. If you now specify a server, nslookup will execute queries on that server so now you can see what your DNS server is returning:
server < your_IP_address >
eg.
server 74.201.177.83
Then simply enter the record you're interested in:
eg.
www.benosborne.com
Server: 74.201.177.83 Address: 74.201.177.83#53 Name: www.benosborne.com Address: 74.201.177.83Or test your reverse DNS by entering one of the IP addresses you set up and see if it's returning your primary server domain name:
eg.
74.201.177.85
85.177.201.74.in-addr.arpa name = blnkserver.com.When you're finished with nslookup just type 'exit' to quit.
2025