2.5. DNS settings


Mail server in this example is named atlantis.example.com. You can also name it mail.example.com if you like.

First, we need to check our hostname

atlantis:~# hostname -f

If hostname did not return FQDN of your server edit /etc/hosts. You hosts file should look something like this, if not, change according to your IP address and server name.       localhost
  YOUR-IP-ADDRESS atlantis.example.com atlantis 

Now check your /etc/hostname file it should contain your fully qualified domain name:


Change the names to match your server name and reboot the server. Run hostname -f again and you should see atlantis.example.com.

Now, we need to check that our DNS servers have an MX record for our example.com domain. If you haven't done so already Install DNS utilities:

apt-get install dnsutils

We are going to use host command to check information about our domain:

atlantis:~# host example.com
  example.com has address YOUR-IP-ADDRESS
  example.com mail is handled by 0 mail.example.com. 

We can see that the mail for our domain is handled by mail.example.com. Which server is supposed to handle mail for your domain is handled by the so called MX records in your domains zone file. Setting up DNS zone files is out of scope for this document.

Now we must make sure that mail.example.com points to the same address as our server (atlantis.example.com).

atlantis:~# nslookup mail.example.com
  Address: YOUR-DNS-ADDRESS#53

  Non-authoritative answer:
  mail.example.com canonical name = atlantis.example.com.
  Name: example.com

It would be also nice if your reverse DNS points to the same name (atlantis.example.com).

atlantis:~# nslookup YOUR-IP-ADDRESS
  Address: YOUR-DNS-SERVER#53

  Non-authoritative answer: 
  YOUR-IP-ADDRES-REVERSE.in-addr.arpa name = atlantis.example.com. 

If they do not match you will probably have to ask your ISP to change this for you.

2.5.1. Caching only nameserver

RBL lists that we are going to setup later as one of our anti-spam measures rely on the DNS service for it's operation. To speed things up a little bit, and avoid hitting remote DNS servers for repeated requests we are going to install BIND9 and use it as our caching DNS server.

apt-get install bind9 dnsutils

Edit the /etc/bind/named.conf.options file, uncomment the forwarders section and set it to use your ISP's DNS servers (you can probably find them in the /etc/resolv.conf).

forwarders {

If you want caching for this server only, under forwarders section add:

listen-on {; }
allow-transfer  { none; }
allow-query     {; };

You also need to comment out the listen-on-v6 { any; }; line.

Edit /etc/resolv.conf and add nameserver at the top of your nameservers list.

Restart BIND9 with /etc/init.d/bind9 restart and you are done. You can check if it's working by using dig to check for a remote domain record and monitor the Query time in the output which should on the second request return an "1 msec", because it should be fetched from the cache.

If you are not using DNSSEC or IPV6 take a look at the Errors section to fix a couple of minor misconfigurations in the default installation.


If you are on a VPS with a very, very limited ammount of RAM available to you you might want to examine the max-cache-size directive beacuse DNS cache is located in RAM.