Learn how to set up a DNS Authoritative Server in CentOS 7 with this detailed guide. Follow our step-by-step instructions to configure your authoritative DNS server for reliable domain name resolution and management. #centlinux #linux #dnsserver
BIND is most widely used DNS (Domain Name Server) software. Its name originates as an acronym of Berkeley Internet Name Domain. BIND is also called by it service name i.e. named (or Name Daemon). BIND latest version 9 is available now and distributed under Mozilla Public License (MPL). BIND is developed and maintained by Internet Systems Consortium (ISC).
Almost every Internet connection starts with a DNS lookup. Hostname to IP resolution is necessary before sending an email or browsing a website and BIND is the preferred DNS server for Unix/Linux operating systems.
In this article, we are configuring Primary (Master) and Secondary (Slave) DNS Authoritative Servers by using BIND 9 on CentOS 7. This article will let you configure a working DNS server (Master/Slave). To start learning BIND and to build a strong foundation, we recommend you to read DNS and BIND (5th Edition) (PAID LINK) by O’Reilly Media.
We are using two CentOS 7 virtual machines in this article.
Primary (Master) DNS Server:
Secondary (Slave) DNS Server:
Connect with dns-01.example.com using ssh as root user.
BIND 9 is available through CentOS 7 official yum repository. Therefore, we can easily install it using yum command.
# yum install -y bind bind-utils
BIND 9 has been installed on CentOS 7 server.
By default named.service run on localhost. Since, we are configuring a DNS Authoritative Server for our Domain, therefore, we need to configure this service to run on the interface that was connected with our network.
# vi /etc/named.conf
Under options directive set following parameter to allow named.service to run on our network interface.
listen-on port 53 { 127.0.0.1; 192.168.116.4; };
We are also required to enable our named.service to allow client queries. Therefore, find and set following parameter in options directives.
allow-query { localhost; 192.168.116.0/24; };
To keep the named.conf file clean, we are defining our DNS zones in a separate file.
# vi /etc/named.conf.local
and add following directives in this file.
zone "example.com" { type master; file "/var/named/example.com"; }; zone "116.168.192.in-addr.arpa" { type master; file "/var/named/116.168.192.in-addr.arpa"; };
We have defined two DNS zones here, one is a Forward DNS zone and the other is Reverse DNS zone.
Include our named.conf.local file in the default named.conf file, so it will be called at the time of service startup.
# echo 'include "/etc/named.conf.local";' >> /etc/named.conf
Configure forward zone for our Domain.
# vi /var/named/example.com
and add following settings therein.
$TTL 1h @ IN SOA example.com. root.example.com. ( 2019080901 ; Serial YYYYMMDDnn 24h ; Refresh 2h ; Retry 28d ; Expire 2d ) ; Minimum TTL ;Name Servers @ IN NS dns-01 ;Mail Servers @ IN MX 0 mail-01 ;Other Servers dns-01 IN A 192.168.116.4 mail-01 IN A 192.168.116.6 web-01 IN A 192.168.116.3 ;Canonical Names www IN CNAME web-01 mail IN CNAME mail-01
Check forward zone file for any possible error.
# named-checkzone example.com /var/named/example.com zone example.com/IN: loaded serial 2019080901 OK
Configure a reverse zone for our Domain.
# vi /var/named/116.168.192.in-addr.arpa
and add following settings therein.
$TTL 1h @ IN SOA 116.168.192.in-addr.arpa root.example.com. ( 2019080901 ; Serial YYYYMMDDnn 24h ; Refresh 2h ; Retry 28d ; Expire 2d ) ; Minimum TTL ;Name Servers @ IN NS dns-01 ;Other Servers dns-01 IN A 192.168.116.4 ;PTR Records 4 IN PTR dns-01 6 IN PTR mail-01 3 IN PTR web-01
Check reverse zone file for any possible errors.
# named-checkzone example.com /var/named/116.168.192.in-addr.arpa zone example.com/IN: loaded serial 2019080901 OK
Adjust file ownership of zone files.
# chgrp named /var/named/example.com # chgrp named /var/named/116.168.192.in-addr.arpa
Enable and start named.service.
# systemctl enable --now named.service Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
Allow DNS service in Linux firewall.
# firewall-cmd --permanent --add-service=dns success # firewall-cmd --reload success
Add our Primary (Master) DNS Server to client’s resolve.conf.
# nmcli c m ens33 ipv4.dns-search example.com ipv4.dns 192.168.116.4
Restart interface to apply changes.
# nmcli c down ens33 ; nmcli c up ens33 Connection 'ens33' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1) Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
Verify DNS Server settings.
# cat /etc/resolv.conf # Generated by NetworkManager search example.com nameserver 192.168.116.4
Query our Primary (Master) DNS server using dig command.
# dig www.example.com ; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.2 <<>> www.example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2020 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.example.com. IN A ;; ANSWER SECTION: www.example.com. 3600 IN CNAME web-01.example.com. web-01.example.com. 3600 IN A 192.168.116.3 ;; AUTHORITY SECTION: example.com. 3600 IN NS dns-01.example.com. ;; ADDITIONAL SECTION: dns-01.example.com. 3600 IN A 192.168.116.4 ;; Query time: 1 msec ;; SERVER: 192.168.116.4#53(192.168.116.4) ;; WHEN: Fri Aug 09 23:15:51 PKT 2019 ;; MSG SIZE rcvd: 118
Our Primary (Master) DNS Authoritative Server has been configured on CentOS 7.
We have a working Primary (Master) DNS Server. We are now going to add a Secondary (Slave) DNS Server.
Connect with dns-02.example.com using ssh as root user.
Follow the above section “Install BIND on CentOS 7” to install BIND 9 packages on our Secondary DNS Authoritative Server.
Configure named.service settings of our Secondary DNS Server.
# vi /etc/named.conf
Under option directives set following parameters.
listen-on port 53 { 127.0.0.1; 192.168.116.5; }; allow-query { localhost;192.168.116.0/24; };
Just like we did with our Primary DNS Server, we are defining our zones in a separate configuration file.
# vi /etc/named.conf.local
and define following zones therein.
zone "example.com" { type slave; masters { 192.168.116.4; }; file "/var/named/example.com"; }; zone "116.168.192.in-addr.arpa" { type slave; masters { 192.168.116.4; }; file "/var/named/116.168.192.in-addr.arpa"; };
Include our named.conf.local file in the default named.conf file, so it will call our settings on service startup.
# echo 'include "/etc/named.conf.local";' >> /etc/named.conf
Start and enabled named.service.
# systemctl enable --now named.service Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
Allow DNS service in Linux firewall.
# firewall-cmd --permanent --add-service=dns success # firewall-cmd --reload success
Set SELinux boolean, so our Secondary DNS server can accept zone transfers and update local zone files.
# setsebool -P named_write_master_zones on
Now, connect to dns-01.example.com and add settings for our Secondary DNS Authoritative Server.
Configure zone transfers by editing named.conf.local file as follows.
# vi /etc/named.conf.local
Add following directives under both zones.
allow-transfer {192.168.116.5; }; also-notify {192.168.116.5; };
Add our Secondary name server record in our forward and reverse zones.
# vi /var/named/example.com
and add Secondary (Slave) DNS server NS and A records as follows:
$TTL 1h @ IN SOA example.com. root.example.com. ( 2019080901 ; Serial YYYYMMDDnn 24h ; Refresh 2h ; Retry 28d ; Expire 2d ) ; Minimum TTL ;Name Servers @ IN NS dns-01 @ IN NS dns-02 ;Mail Servers @ IN MX 0 mail-01 ;Other Servers dns-01 IN A 192.168.116.4 dns-02 IN A 192.168.116.5 mail-01 IN A 192.168.116.6 web-01 IN A 192.168.116.3 ;Canonical Names www IN CNAME web-01 mail IN CNAME mail-01
Add Secondary name server records in Reverse Zone.
# vi /var/named/116.168.192.in-addr.arpa
and add NS, A and PTR records of our Secondary (Slave) DNS as follows.
$TTL 1h @ IN SOA 116.168.192.in-addr.arpa root.example.com. ( 2019080901 ; Serial YYYYMMDDnn 24h ; Refresh 2h ; Retry 28d ; Expire 2d ) ; Minimum TTL ;Name Servers @ IN NS dns-01 @ IN NS dns-02 ;Other Servers dns-01 IN A 192.168.116.4 dns-02 IN A 192.168.116.5 ;PTR Records 4 IN PTR dns-01 5 IN PTR dns-02 6 IN PTR mail-01 3 IN PTR web-01
Restart named.service to apply changes.
# systemctl restart named.service
Check /etc/named directory at dns-02.example.com.
# ls /var/named 116.168.192.in-addr.arpa dynamic named.ca named.localhost slaves data example.com named.empty named.loopback
The zone files are automatically replicating to secondary DNS Authoritative Server.
Now add this Secondary DNS server to client’s resolve.conf file.
# nmcli c m ens33 +ipv4.dns 192.168.116.5 # nmcli c down ens33 ; nmcli c up ens33 Connection 'ens33' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1) Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
Check resolv.conf contents.
# cat /etc/resolv.conf # Generated by NetworkManager search example.com nameserver 192.168.116.4 nameserver 192.168.116.5
Check Secondary DNS settings by query a hostname.
# dig @192.168.116.5 mail.example.com ; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.2 <<>> @192.168.116.5 mail.example.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21668 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;mail.example.com. IN A ;; ANSWER SECTION: mail.example.com. 3600 IN CNAME mail-01.example.com. mail-01.example.com. 3600 IN A 192.168.116.6 ;; AUTHORITY SECTION: example.com. 3600 IN NS dns-02.example.com. example.com. 3600 IN NS dns-01.example.com. ;; ADDITIONAL SECTION: dns-01.example.com. 3600 IN A 192.168.116.4 dns-02.example.com. 3600 IN A 192.168.116.5 ;; Query time: 2 msec ;; SERVER: 192.168.116.5#53(192.168.116.5) ;; WHEN: Sat Aug 10 13:09:59 PKT 2019 ;; MSG SIZE rcvd: 157
Our Secondary (Slave) DNS Authoritative Server has been configured and working fine.
Recommended Online Training: Learn Bash Shell in Linux for Beginners
Thank you for following this guide on how to set up a DNS Authoritative Server in CentOS 7. If you need further assistance or prefer a professional to handle the setup, I offer expert services on Fiverr. Visit my Fiverr profile to hire me for a reliable and efficient DNS Authoritative Server configuration. Let me help you ensure robust and effective domain name management for your network!
Puppy Linux is a fast, lightweight OS designed for speed and simplicity, perfect for old…
Learn how to change Apache document root in Linux by following this step-by-step guide. Adjust…
Discover how to change Apache port in Linux easily. Follow our simple guide to modify…
Learn how to create a virtual host in Apache Server with this comprehensive guide. Set…
Discover 10 practical tasks for the RHCSA exam with step-by-step solutions. Boost your Linux skills…
Discover the ultimate Fail2ban configuration guide. Learn how to set up, customize, and optimize Fail2ban…
This website uses cookies.
View Comments
Hi Thanks for this nice tutorial. Would you please create a tutorial about Dual Stack (IPv6 & IPv4) DNS Server as well with DNSSec.
//BR
WAHID
Hi,
You request has been noted and will work on it a.s.a.p.
Hello Mansoor,
Thanks for the good recipes. However it would be great if you add comments to configuration files(meaning of the parameters,values,etc)
Thanks in Advance
Thanks for the advice. I really appreciate it and I will follow it on my future articles.
Hi Ahmer Mansoor,
Great documents for new guys, can we install caching DNS also in this?, if yes please advice
Thanks for your feedback. I will consider your advice.
For now, you can try the Unbound Caching Only DNS Server in CentOS 7.
hello is it authoritative or non authoritative will it cache all request or not ?
yes, it is Authoritative and Caching DNS server.