Learn how to set up a DNS Authoritative Server in CentOS 7 with this detailed guide. Follow our step-by-step instructions to configure your authoritative DNS server for reliable domain name resolution and management. #centlinux #linux #dnsserver
Table of Contents
What is BIND Server?
BIND is most widely used DNS (Domain Name Server) software. Its name originates as an acronym of Berkeley Internet Name Domain. BIND is also called by it service name i.e. named (or Name Daemon). BIND latest version 9 is available now and distributed under Mozilla Public License (MPL). BIND is developed and maintained by Internet Systems Consortium (ISC).
Almost every Internet connection starts with a DNS lookup. Hostname to IP resolution is necessary before sending an email or browsing a website and BIND is the preferred DNS server for Unix/Linux operating systems.
Key Features
- Authoritative DNS Server: Manages domain names and responds to queries with the DNS records it holds.
- Caching DNS Resolver: Stores DNS query results to speed up future requests.
- DNSSEC Support: Provides security for DNS data with cryptographic validation.
- Zone Transfers: Synchronizes DNS data between primary and secondary servers.
- Configurable: Offers extensive configuration options through text files.
Common Uses
- Domain Name Management: Handles DNS queries for domain names.
- Internal DNS Services: Used for internal network DNS resolution.
- Public DNS Services: Provides DNS services to external clients.
Environment Specifications
In this article, we are configuring Primary (Master) and Secondary (Slave) DNS Authoritative Servers by using BIND 9 on CentOS 7. This article will let you configure a working DNS server (Master/Slave).
We are using two CentOS 7 virtual machines in this article.
Primary (Master) DNS Server:
- CPU – 3.4 Ghz (1 Core)
- Memory – 1 GB
- Storage – 20 GB
- Hostname – dns-01.example.com
- IP Address – 192.168.116.4 /24
- Operating System – CentOS 7.6
Secondary (Slave) DNS Server:
- CPU – 3.4 Ghz (1 Core)
- Memory – 1 GB
- Storage – 20 GB
- Hostname – dns-02.example.com
- IP Address – 192.168.116.5 /24
- Operating System – CentOS 7.6
It is important to ensure your hardware is robust enough to handle DNS queries efficiently. A recommended setup includes a reliable processor and sufficient memory to maintain high availability and quick response times.
For an ideal server environment, consider investing in the ASUS ROG Strix G16 (2025) Gaming Laptop, which offers powerful CPU performance and expandability for server tasks, and the WD Red NAS Hard Drive, known for its durability and reliability in continuous operation environments. These products are best sellers on Amazon and suit the needs of IT professionals managing DNS servers.
Disclaimer: As an affiliate, this post may earn a commission from qualifying purchases through these links, supporting ongoing helpful content creation.
Install BIND on CentOS 7
Connect with dns-01.example.com using ssh as root user.
BIND 9 is available through CentOS 7 official yum repository. Therefore, we can easily install it using yum command.
yum install -y bind bind-utilsBIND 9 has been installed on CentOS 7 server.
Configure Primary (Master) DNS Server
By default named.service run on localhost. Since, we are configuring a DNS Authoritative Server for our Domain, therefore, we need to configure this service to run on the interface that was connected with our network.
vi /etc/named.confUnder options directive set following parameter to allow named.service to run on our network interface.
listen-on port 53 { 127.0.0.1; 192.168.116.4; };We are also required to enable our named.service to allow client queries. Therefore, find and set following parameter in options directives.
allow-query { localhost; 192.168.116.0/24; };To keep the named.conf file clean, we are defining our DNS zones in a separate file.
vi /etc/named.conf.localand add following directives in this file.
zone "example.com" {
type master;
file "/var/named/example.com";
};
zone "116.168.192.in-addr.arpa" {
type master;
file "/var/named/116.168.192.in-addr.arpa";
};We have defined two DNS zones here, one is a Forward DNS zone and the other is Reverse DNS zone.
Include our named.conf.local file in the default named.conf file, so it will be called at the time of service startup.
echo 'include "/etc/named.conf.local";' >> /etc/named.confConfigure forward zone for our Domain.
vi /var/named/example.comand add following settings therein.
$TTL 1h
@ IN SOA example.com. root.example.com. (
2019080901 ; Serial YYYYMMDDnn
24h ; Refresh
2h ; Retry
28d ; Expire
2d ) ; Minimum TTL
;Name Servers
@ IN NS dns-01
;Mail Servers
@ IN MX 0 mail-01
;Other Servers
dns-01 IN A 192.168.116.4
mail-01 IN A 192.168.116.6
web-01 IN A 192.168.116.3
;Canonical Names
www IN CNAME web-01
mail IN CNAME mail-01Check forward zone file for any possible error.
named-checkzone example.com /var/named/example.comOutput:
zone example.com/IN: loaded serial 2019080901
OK
Configure a reverse zone for our Domain.
vi /var/named/116.168.192.in-addr.arpaand add following settings therein.
$TTL 1h
@ IN SOA 116.168.192.in-addr.arpa root.example.com. (
2019080901 ; Serial YYYYMMDDnn
24h ; Refresh
2h ; Retry
28d ; Expire
2d ) ; Minimum TTL
;Name Servers
@ IN NS dns-01
;Other Servers
dns-01 IN A 192.168.116.4
;PTR Records
4 IN PTR dns-01
6 IN PTR mail-01
3 IN PTR web-01Check reverse zone file for any possible errors.
named-checkzone example.com /var/named/116.168.192.in-addr.arpaOutput:
zone example.com/IN: loaded serial 2019080901
OK
Adjust file ownership of zone files.
chgrp named /var/named/example.com
chgrp named /var/named/116.168.192.in-addr.arpaEnable and start named.service.
systemctl enable --now named.serviceAllow DNS service in Linux firewall.
firewall-cmd --permanent --add-service=dns
firewall-cmd --reloadAdd our Primary (Master) DNS Server to client’s resolve.conf.
nmcli c m ens33 ipv4.dns-search example.com ipv4.dns 192.168.116.4Restart interface to apply changes.
nmcli c down ens33 ; nmcli c up ens33Verify DNS Server settings.
cat /etc/resolv.confOutput:
# Generated by NetworkManager
search example.com
nameserver 192.168.116.4
Query our Primary (Master) DNS server using dig command.
dig www.example.comOutput:
; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.2 <<>> www.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2020
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.example.com. IN A
;; ANSWER SECTION:
www.example.com. 3600 IN CNAME web-01.example.com.
web-01.example.com. 3600 IN A 192.168.116.3
;; AUTHORITY SECTION:
example.com. 3600 IN NS dns-01.example.com.
;; ADDITIONAL SECTION:
dns-01.example.com. 3600 IN A 192.168.116.4
;; Query time: 1 msec
;; SERVER: 192.168.116.4#53(192.168.116.4)
;; WHEN: Fri Aug 09 23:15:51 PKT 2019
;; MSG SIZE rcvd: 118
Our Primary (Master) DNS Authoritative Server has been configured on CentOS 7.
Configure Secondary (Slave) DNS Server
We have a working Primary (Master) DNS Server. We are now going to add a Secondary (Slave) DNS Server.
Connect with dns-02.example.com using ssh as root user.
Follow the above section “Install BIND on CentOS 7” to install BIND 9 packages on our Secondary DNS Authoritative Server.
Configure named.service settings of our Secondary DNS Server.
vi /etc/named.confUnder option directives set following parameters.
listen-on port 53 { 127.0.0.1; 192.168.116.5; };
allow-query { localhost;192.168.116.0/24; };Just like we did with our Primary DNS Server, we are defining our zones in a separate configuration file.
vi /etc/named.conf.localand define following zones therein.
zone "example.com" {
type slave;
masters { 192.168.116.4; };
file "/var/named/example.com";
};
zone "116.168.192.in-addr.arpa" {
type slave;
masters { 192.168.116.4; };
file "/var/named/116.168.192.in-addr.arpa";
};Include our named.conf.local file in the default named.conf file, so it will call our settings on service startup.
echo 'include "/etc/named.conf.local";' >> /etc/named.confStart and enabled named.service.
systemctl enable --now named.serviceAllow DNS service in Linux firewall.
firewall-cmd --permanent --add-service=dns
firewall-cmd --reloadSet SELinux boolean, so our Secondary DNS server can accept zone transfers and update local zone files.
setsebool -P named_write_master_zones onNow, connect to dns-01.example.com and add settings for our Secondary DNS Authoritative Server.
Configure zone transfers by editing named.conf.local file as follows.
vi /etc/named.conf.localAdd following directives under both zones.
allow-transfer {192.168.116.5; };
also-notify {192.168.116.5; };Add our Secondary name server record in our forward and reverse zones.
vi /var/named/example.comand add Secondary (Slave) DNS server NS and A records as follows:
$TTL 1h
@ IN SOA example.com. root.example.com. (
2019080901 ; Serial YYYYMMDDnn
24h ; Refresh
2h ; Retry
28d ; Expire
2d ) ; Minimum TTL
;Name Servers
@ IN NS dns-01
@ IN NS dns-02
;Mail Servers
@ IN MX 0 mail-01
;Other Servers
dns-01 IN A 192.168.116.4
dns-02 IN A 192.168.116.5
mail-01 IN A 192.168.116.6
web-01 IN A 192.168.116.3
;Canonical Names
www IN CNAME web-01
mail IN CNAME mail-01Add Secondary name server records in Reverse Zone.
vi /var/named/116.168.192.in-addr.arpaand add NS, A and PTR records of our Secondary (Slave) DNS as follows.
$TTL 1h
@ IN SOA 116.168.192.in-addr.arpa root.example.com. (
2019080901 ; Serial YYYYMMDDnn
24h ; Refresh
2h ; Retry
28d ; Expire
2d ) ; Minimum TTL
;Name Servers
@ IN NS dns-01
@ IN NS dns-02
;Other Servers
dns-01 IN A 192.168.116.4
dns-02 IN A 192.168.116.5
;PTR Records
4 IN PTR dns-01
5 IN PTR dns-02
6 IN PTR mail-01
3 IN PTR web-01Restart named.service to apply changes.
systemctl restart named.serviceCheck /etc/named directory at dns-02.example.com.
ls /var/namedOutput:
116.168.192.in-addr.arpa dynamic named.ca named.localhost slaves
data example.com named.empty named.loopback
The zone files are automatically replicating to secondary DNS Authoritative Server.
Now add this Secondary DNS server to client’s resolve.conf file.
nmcli c m ens33 +ipv4.dns 192.168.116.5
nmcli c down ens33 ; nmcli c up ens33Check resolv.conf contents.
cat /etc/resolv.confOutput:
# Generated by NetworkManager
search example.com
nameserver 192.168.116.4
nameserver 192.168.116.5
Check Secondary DNS settings by query a hostname.
dig @192.168.116.5 mail.example.comOutput:
; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.2 <<>> @192.168.116.5 mail.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21668
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mail.example.com. IN A
;; ANSWER SECTION:
mail.example.com. 3600 IN CNAME mail-01.example.com.
mail-01.example.com. 3600 IN A 192.168.116.6
;; AUTHORITY SECTION:
example.com. 3600 IN NS dns-02.example.com.
example.com. 3600 IN NS dns-01.example.com.
;; ADDITIONAL SECTION:
dns-01.example.com. 3600 IN A 192.168.116.4
dns-02.example.com. 3600 IN A 192.168.116.5
;; Query time: 2 msec
;; SERVER: 192.168.116.5#53(192.168.116.5)
;; WHEN: Sat Aug 10 13:09:59 PKT 2019
;; MSG SIZE rcvd: 157
Our Secondary (Slave) DNS Authoritative Server has been configured and working fine.
Final Thoughts
Setting up a DNS authoritative server on CentOS 7 is a critical step toward managing your own domain name resolutions with full control and reliability. In this guide, we covered installing BIND, configuring zone files, setting proper permissions, and verifying that your server responds accurately to DNS queries.
With your authoritative server now in place, you can manage domain records efficiently and provide faster, more secure DNS responses for your users. Regular maintenance, monitoring, and security hardening are essential to keeping your DNS infrastructure robust and trustworthy.
Your Linux servers deserve expert care! I provide reliable management and optimization services tailored to your needs. Discover how I can help!
Recommended Courses
Boost your Linux skills with the “Linux Command Line Basics” by Ahmed Alkabary—a perfect course for beginners who want to master the command line efficiently. Whether you’re aiming for a career in system administration, DevOps, or just want to manage your Linux systems like a pro, this course covers everything from essential commands to practical exercises.
Start learning at your own pace and transform the way you interact with Linux today. [Enroll here] to get started instantly!
Disclaimer: This post contains affiliate links. If you purchase through these links, I may earn a small commission at no extra cost to you. Your support helps me continue sharing helpful tech content.
Leave a Reply
Please log in to post a comment.