Learn how to set up a DNS Authoritative Server in CentOS 7 with this detailed guide. Follow our step-by-step instructions to configure your authoritative DNS server for reliable domain name resolution and management. #centlinux #linux #dnsserver
Table of Contents
What is BIND Server?
BIND is most widely used DNS (Domain Name Server) software. Its name originates as an acronym of Berkeley Internet Name Domain. BIND is also called by it service name i.e. named (or Name Daemon). BIND latest version 9 is available now and distributed under Mozilla Public License (MPL). BIND is developed and maintained by Internet Systems Consortium (ISC).
Almost every Internet connection starts with a DNS lookup. Hostname to IP resolution is necessary before sending an email or browsing a website and BIND is the preferred DNS server for Unix/Linux operating systems.
Key Features
- Authoritative DNS Server: Manages domain names and responds to queries with the DNS records it holds.
- Caching DNS Resolver: Stores DNS query results to speed up future requests.
- DNSSEC Support: Provides security for DNS data with cryptographic validation.
- Zone Transfers: Synchronizes DNS data between primary and secondary servers.
- Configurable: Offers extensive configuration options through text files.
Common Uses
- Domain Name Management: Handles DNS queries for domain names.
- Internal DNS Services: Used for internal network DNS resolution.
- Public DNS Services: Provides DNS services to external clients.
Environment Specifications
In this article, we are configuring Primary (Master) and Secondary (Slave) DNS Authoritative Servers by using BIND 9 on CentOS 7. This article will let you configure a working DNS server (Master/Slave). To start learning BIND and to build a strong foundation, we recommend you to read DNS and BIND (5th Edition) (PAID LINK) by O’Reilly Media.
We are using two CentOS 7 virtual machines in this article.
Primary (Master) DNS Server:
- CPU – 3.4 Ghz (1 Core)
- Memory – 1 GB
- Storage – 20 GB
- Hostname – dns-01.example.com
- IP Address – 192.168.116.4 /24
- Operating System – CentOS 7.6
Secondary (Slave) DNS Server:
- CPU – 3.4 Ghz (1 Core)
- Memory – 1 GB
- Storage – 20 GB
- Hostname – dns-02.example.com
- IP Address – 192.168.116.5 /24
- Operating System – CentOS 7.6
Install BIND on CentOS 7
Connect with dns-01.example.com using ssh as root user.
BIND 9 is available through CentOS 7 official yum repository. Therefore, we can easily install it using yum command.
# yum install -y bind bind-utils
BIND 9 has been installed on CentOS 7 server.
Configure Primary (Master) DNS Server
By default named.service run on localhost. Since, we are configuring a DNS Authoritative Server for our Domain, therefore, we need to configure this service to run on the interface that was connected with our network.
# vi /etc/named.conf
Under options directive set following parameter to allow named.service to run on our network interface.
listen-on port 53 { 127.0.0.1; 192.168.116.4; };
We are also required to enable our named.service to allow client queries. Therefore, find and set following parameter in options directives.
allow-query { localhost; 192.168.116.0/24; };
To keep the named.conf file clean, we are defining our DNS zones in a separate file.
# vi /etc/named.conf.local
and add following directives in this file.
zone "example.com" { type master; file "/var/named/example.com"; }; zone "116.168.192.in-addr.arpa" { type master; file "/var/named/116.168.192.in-addr.arpa"; };
We have defined two DNS zones here, one is a Forward DNS zone and the other is Reverse DNS zone.
Include our named.conf.local file in the default named.conf file, so it will be called at the time of service startup.
# echo 'include "/etc/named.conf.local";' >> /etc/named.conf
Configure forward zone for our Domain.
# vi /var/named/example.com
and add following settings therein.
$TTL 1h @ IN SOA example.com. root.example.com. ( 2019080901 ; Serial YYYYMMDDnn 24h ; Refresh 2h ; Retry 28d ; Expire 2d ) ; Minimum TTL ;Name Servers @ IN NS dns-01 ;Mail Servers @ IN MX 0 mail-01 ;Other Servers dns-01 IN A 192.168.116.4 mail-01 IN A 192.168.116.6 web-01 IN A 192.168.116.3 ;Canonical Names www IN CNAME web-01 mail IN CNAME mail-01
Check forward zone file for any possible error.
# named-checkzone example.com /var/named/example.com zone example.com/IN: loaded serial 2019080901 OK
Configure a reverse zone for our Domain.
# vi /var/named/116.168.192.in-addr.arpa
and add following settings therein.
$TTL 1h @ IN SOA 116.168.192.in-addr.arpa root.example.com. ( 2019080901 ; Serial YYYYMMDDnn 24h ; Refresh 2h ; Retry 28d ; Expire 2d ) ; Minimum TTL ;Name Servers @ IN NS dns-01 ;Other Servers dns-01 IN A 192.168.116.4 ;PTR Records 4 IN PTR dns-01 6 IN PTR mail-01 3 IN PTR web-01
Check reverse zone file for any possible errors.
# named-checkzone example.com /var/named/116.168.192.in-addr.arpa zone example.com/IN: loaded serial 2019080901 OK
Adjust file ownership of zone files.
# chgrp named /var/named/example.com # chgrp named /var/named/116.168.192.in-addr.arpa
Enable and start named.service.
# systemctl enable --now named.service Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
Allow DNS service in Linux firewall.
# firewall-cmd --permanent --add-service=dns success # firewall-cmd --reload success
Add our Primary (Master) DNS Server to client’s resolve.conf.
# nmcli c m ens33 ipv4.dns-search example.com ipv4.dns 192.168.116.4
Restart interface to apply changes.
# nmcli c down ens33 ; nmcli c up ens33 Connection 'ens33' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1) Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
Verify DNS Server settings.
# cat /etc/resolv.conf # Generated by NetworkManager search example.com nameserver 192.168.116.4
Query our Primary (Master) DNS server using dig command.
# dig www.example.com ; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.2 <<>> www.example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2020 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.example.com. IN A ;; ANSWER SECTION: www.example.com. 3600 IN CNAME web-01.example.com. web-01.example.com. 3600 IN A 192.168.116.3 ;; AUTHORITY SECTION: example.com. 3600 IN NS dns-01.example.com. ;; ADDITIONAL SECTION: dns-01.example.com. 3600 IN A 192.168.116.4 ;; Query time: 1 msec ;; SERVER: 192.168.116.4#53(192.168.116.4) ;; WHEN: Fri Aug 09 23:15:51 PKT 2019 ;; MSG SIZE rcvd: 118
Our Primary (Master) DNS Authoritative Server has been configured on CentOS 7.
Configure Secondary (Slave) DNS Server
We have a working Primary (Master) DNS Server. We are now going to add a Secondary (Slave) DNS Server.
Connect with dns-02.example.com using ssh as root user.
Follow the above section “Install BIND on CentOS 7” to install BIND 9 packages on our Secondary DNS Authoritative Server.
Configure named.service settings of our Secondary DNS Server.
# vi /etc/named.conf
Under option directives set following parameters.
listen-on port 53 { 127.0.0.1; 192.168.116.5; }; allow-query { localhost;192.168.116.0/24; };
Just like we did with our Primary DNS Server, we are defining our zones in a separate configuration file.
# vi /etc/named.conf.local
and define following zones therein.
zone "example.com" { type slave; masters { 192.168.116.4; }; file "/var/named/example.com"; }; zone "116.168.192.in-addr.arpa" { type slave; masters { 192.168.116.4; }; file "/var/named/116.168.192.in-addr.arpa"; };
Include our named.conf.local file in the default named.conf file, so it will call our settings on service startup.
# echo 'include "/etc/named.conf.local";' >> /etc/named.conf
Start and enabled named.service.
# systemctl enable --now named.service Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
Allow DNS service in Linux firewall.
# firewall-cmd --permanent --add-service=dns success # firewall-cmd --reload success
Set SELinux boolean, so our Secondary DNS server can accept zone transfers and update local zone files.
# setsebool -P named_write_master_zones on
Now, connect to dns-01.example.com and add settings for our Secondary DNS Authoritative Server.
Configure zone transfers by editing named.conf.local file as follows.
# vi /etc/named.conf.local
Add following directives under both zones.
allow-transfer {192.168.116.5; }; also-notify {192.168.116.5; };
Add our Secondary name server record in our forward and reverse zones.
# vi /var/named/example.com
and add Secondary (Slave) DNS server NS and A records as follows:
$TTL 1h @ IN SOA example.com. root.example.com. ( 2019080901 ; Serial YYYYMMDDnn 24h ; Refresh 2h ; Retry 28d ; Expire 2d ) ; Minimum TTL ;Name Servers @ IN NS dns-01 @ IN NS dns-02 ;Mail Servers @ IN MX 0 mail-01 ;Other Servers dns-01 IN A 192.168.116.4 dns-02 IN A 192.168.116.5 mail-01 IN A 192.168.116.6 web-01 IN A 192.168.116.3 ;Canonical Names www IN CNAME web-01 mail IN CNAME mail-01
Add Secondary name server records in Reverse Zone.
# vi /var/named/116.168.192.in-addr.arpa
and add NS, A and PTR records of our Secondary (Slave) DNS as follows.
$TTL 1h @ IN SOA 116.168.192.in-addr.arpa root.example.com. ( 2019080901 ; Serial YYYYMMDDnn 24h ; Refresh 2h ; Retry 28d ; Expire 2d ) ; Minimum TTL ;Name Servers @ IN NS dns-01 @ IN NS dns-02 ;Other Servers dns-01 IN A 192.168.116.4 dns-02 IN A 192.168.116.5 ;PTR Records 4 IN PTR dns-01 5 IN PTR dns-02 6 IN PTR mail-01 3 IN PTR web-01
Restart named.service to apply changes.
# systemctl restart named.service
Check /etc/named directory at dns-02.example.com.
# ls /var/named 116.168.192.in-addr.arpa dynamic named.ca named.localhost slaves data example.com named.empty named.loopback
The zone files are automatically replicating to secondary DNS Authoritative Server.
Now add this Secondary DNS server to client’s resolve.conf file.
# nmcli c m ens33 +ipv4.dns 192.168.116.5 # nmcli c down ens33 ; nmcli c up ens33 Connection 'ens33' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1) Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
Check resolv.conf contents.
# cat /etc/resolv.conf # Generated by NetworkManager search example.com nameserver 192.168.116.4 nameserver 192.168.116.5
Check Secondary DNS settings by query a hostname.
# dig @192.168.116.5 mail.example.com ; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.2 <<>> @192.168.116.5 mail.example.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21668 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;mail.example.com. IN A ;; ANSWER SECTION: mail.example.com. 3600 IN CNAME mail-01.example.com. mail-01.example.com. 3600 IN A 192.168.116.6 ;; AUTHORITY SECTION: example.com. 3600 IN NS dns-02.example.com. example.com. 3600 IN NS dns-01.example.com. ;; ADDITIONAL SECTION: dns-01.example.com. 3600 IN A 192.168.116.4 dns-02.example.com. 3600 IN A 192.168.116.5 ;; Query time: 2 msec ;; SERVER: 192.168.116.5#53(192.168.116.5) ;; WHEN: Sat Aug 10 13:09:59 PKT 2019 ;; MSG SIZE rcvd: 157
Our Secondary (Slave) DNS Authoritative Server has been configured and working fine.
Recommended Online Training: Learn Bash Shell in Linux for Beginners
Final Thoughts
Thank you for following this guide on how to set up a DNS Authoritative Server in CentOS 7. If you need further assistance or prefer a professional to handle the setup, I offer expert services on Fiverr. Visit my Fiverr profile to hire me for a reliable and efficient DNS Authoritative Server configuration. Let me help you ensure robust and effective domain name management for your network!
Hi Thanks for this nice tutorial. Would you please create a tutorial about Dual Stack (IPv6 & IPv4) DNS Server as well with DNSSec.
//BR
WAHID
Hi,
You request has been noted and will work on it a.s.a.p.
Hello Mansoor,
Thanks for the good recipes. However it would be great if you add comments to configuration files(meaning of the parameters,values,etc)
Thanks in Advance
Thanks for the advice. I really appreciate it and I will follow it on my future articles.
Hi Ahmer Mansoor,
Great documents for new guys, can we install caching DNS also in this?, if yes please advice
Thanks for your feedback. I will consider your advice.
For now, you can try the Unbound Caching Only DNS Server in CentOS 7.
hello is it authoritative or non authoritative will it cache all request or not ?
yes, it is Authoritative and Caching DNS server.