How to setup DNS Authoritative Server in CentOS 7

Learn how to set up a DNS Authoritative Server in CentOS 7 with this detailed guide. Follow our step-by-step instructions to configure your authoritative DNS server for reliable domain name resolution and management. #centlinux #linux #dnsserver

What is BIND Server?

BIND is most widely used DNS (Domain Name Server) software. Its name originates as an acronym of Berkeley Internet Name Domain. BIND is also called by it service name i.e. named (or Name Daemon). BIND latest version 9 is available now and distributed under Mozilla Public License (MPL). BIND is developed and maintained by Internet Systems Consortium (ISC).

Almost every Internet connection starts with a DNS lookup. Hostname to IP resolution is necessary before sending an email or browsing a website and BIND is the preferred DNS server for Unix/Linux operating systems.

Key Features

• Authoritative DNS Server: Manages domain names and responds to queries with the DNS records it holds.
• Caching DNS Resolver: Stores DNS query results to speed up future requests.
• DNSSEC Support: Provides security for DNS data with cryptographic validation.
• Zone Transfers: Synchronizes DNS data between primary and secondary servers.
• Configurable: Offers extensive configuration options through text files.

Common Uses

• Domain Name Management: Handles DNS queries for domain names.
• Internal DNS Services: Used for internal network DNS resolution.
• Public DNS Services: Provides DNS services to external clients.

Environment Specifications

In this article, we are configuring Primary (Master) and Secondary (Slave) DNS Authoritative Servers by using BIND 9 on CentOS 7. This article will let you configure a working DNS server (Master/Slave). To start learning BIND and to build a strong foundation, we recommend you to read DNS and BIND (5th Edition) (PAID LINK) by O’Reilly Media.

We are using two CentOS 7 virtual machines in this article.

Primary (Master) DNS Server:

• CPU – 3.4 Ghz (1 Core)
• Memory – 1 GB
• Storage – 20 GB
• Hostname – dns-01.example.com
• IP Address – 192.168.116.4 /24
• Operating System – CentOS 7.6

Secondary (Slave) DNS Server:

• CPU – 3.4 Ghz (1 Core)
• Memory – 1 GB
• Storage – 20 GB
• Hostname – dns-02.example.com
• IP Address – 192.168.116.5 /24
• Operating System – CentOS 7.6

Install BIND on CentOS 7

Connect with dns-01.example.com using ssh as root user.

BIND 9 is available through CentOS 7 official yum repository. Therefore, we can easily install it using yum command.

# yum install -y bind bind-utils

BIND 9 has been installed on CentOS 7 server.

Configure Primary (Master) DNS Server

By default named.service run on localhost. Since, we are configuring a DNS Authoritative Server for our Domain, therefore, we need to configure this service to run on the interface that was connected with our network.

# vi /etc/named.conf

Under options directive set following parameter to allow named.service to run on our network interface.

listen-on port 53 { 127.0.0.1; 192.168.116.4; };

We are also required to enable our named.service to allow client queries. Therefore, find and set following parameter in options directives.

allow-query     { localhost; 192.168.116.0/24; };

To keep the named.conf file clean, we are defining our DNS zones in a separate file.

# vi /etc/named.conf.local

and add following directives in this file.

zone "example.com" {
   type master;
   file "/var/named/example.com";
};

zone "116.168.192.in-addr.arpa" {
   type master;
   file "/var/named/116.168.192.in-addr.arpa";
};

We have defined two DNS zones here, one is a Forward DNS zone and the other is Reverse DNS zone.

Include our named.conf.local file in the default named.conf file, so it will be called at the time of service startup.

# echo 'include "/etc/named.conf.local";' >> /etc/named.conf

Configure forward zone for our Domain.

# vi /var/named/example.com

and add following settings therein.

$TTL 1h
@       IN      SOA     example.com.    root.example.com. (
        2019080901      ; Serial YYYYMMDDnn
        24h             ; Refresh
        2h              ; Retry
        28d             ; Expire
        2d )            ; Minimum TTL

;Name Servers
@       IN      NS              dns-01

;Mail Servers
@       IN      MX      0       mail-01

;Other Servers
dns-01  IN      A               192.168.116.4
mail-01 IN      A               192.168.116.6
web-01  IN      A               192.168.116.3

;Canonical Names
www     IN      CNAME           web-01
mail    IN      CNAME           mail-01

Check forward zone file for any possible error.

# named-checkzone example.com /var/named/example.com
zone example.com/IN: loaded serial 2019080901
OK

Configure a reverse zone for our Domain.

# vi /var/named/116.168.192.in-addr.arpa

and add following settings therein.

$TTL 1h
@       IN      SOA     116.168.192.in-addr.arpa    root.example.com. (
        2019080901      ; Serial YYYYMMDDnn
        24h             ; Refresh
        2h              ; Retry
        28d             ; Expire
        2d )            ; Minimum TTL

;Name Servers
@       IN      NS              dns-01

;Other Servers
dns-01  IN      A       192.168.116.4

;PTR Records
4               IN      PTR             dns-01
6               IN      PTR             mail-01
3               IN      PTR             web-01

Check reverse zone file for any possible errors.

# named-checkzone example.com /var/named/116.168.192.in-addr.arpa
zone example.com/IN: loaded serial 2019080901
OK

Adjust file ownership of zone files.

# chgrp named /var/named/example.com
# chgrp named /var/named/116.168.192.in-addr.arpa

Enable and start named.service.

# systemctl enable --now named.service
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.

Allow DNS service in Linux firewall.

# firewall-cmd --permanent --add-service=dns
success
# firewall-cmd --reload
success

Add our Primary (Master) DNS Server to client’s resolve.conf.

# nmcli c m ens33 ipv4.dns-search example.com ipv4.dns 192.168.116.4

Restart interface to apply changes.

# nmcli c down ens33 ; nmcli c up ens33
Connection 'ens33' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)

Verify DNS Server settings.

# cat /etc/resolv.conf
# Generated by NetworkManager
search example.com
nameserver 192.168.116.4

Query our Primary (Master) DNS server using dig command.

# dig www.example.com

; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.2 <<>> www.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2020
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.example.com.               IN      A

;; ANSWER SECTION:
www.example.com.        3600    IN      CNAME   web-01.example.com.
web-01.example.com.     3600    IN      A       192.168.116.3

;; AUTHORITY SECTION:
example.com.            3600    IN      NS      dns-01.example.com.

;; ADDITIONAL SECTION:
dns-01.example.com.     3600    IN      A       192.168.116.4

;; Query time: 1 msec
;; SERVER: 192.168.116.4#53(192.168.116.4)
;; WHEN: Fri Aug 09 23:15:51 PKT 2019
;; MSG SIZE  rcvd: 118

Our Primary (Master) DNS Authoritative Server has been configured on CentOS 7.

Configure Secondary (Slave) DNS Server

We have a working Primary (Master) DNS Server. We are now going to add a Secondary (Slave) DNS Server.

Connect with dns-02.example.com using ssh as root user.

Follow the above section “Install BIND on CentOS 7” to install BIND 9 packages on our Secondary DNS Authoritative Server.

Configure named.service settings of our Secondary DNS Server.

# vi /etc/named.conf

Under option directives set following parameters.

listen-on port 53 { 127.0.0.1; 192.168.116.5; };
allow-query     { localhost;192.168.116.0/24; };

Just like we did with our Primary DNS Server, we are defining our zones in a separate configuration file.

# vi /etc/named.conf.local

and define following zones therein.

zone "example.com" {
   type slave;
   masters { 192.168.116.4; };
   file "/var/named/example.com";
};

zone "116.168.192.in-addr.arpa" {
   type slave;
   masters { 192.168.116.4; };
   file "/var/named/116.168.192.in-addr.arpa";
};

Include our named.conf.local file in the default named.conf file, so it will call our settings on service startup.

# echo 'include "/etc/named.conf.local";' >> /etc/named.conf

Start and enabled named.service.

# systemctl enable --now named.service
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.

Allow DNS service in Linux firewall.

# firewall-cmd --permanent --add-service=dns
success
# firewall-cmd --reload
success

Set SELinux boolean, so our Secondary DNS server can accept zone transfers and update local zone files.

# setsebool -P named_write_master_zones on

Now, connect to dns-01.example.com and add settings for our Secondary DNS Authoritative Server.

Configure zone transfers by editing named.conf.local file as follows.

# vi /etc/named.conf.local

Add following directives under both zones.

allow-transfer {192.168.116.5; };
also-notify {192.168.116.5; };

Add our Secondary name server record in our forward and reverse zones.

# vi /var/named/example.com

and add Secondary (Slave) DNS server NS and A records as follows:

$TTL 1h
@       IN      SOA     example.com.    root.example.com. (
        2019080901      ; Serial YYYYMMDDnn
        24h             ; Refresh
        2h              ; Retry
        28d             ; Expire
        2d )            ; Minimum TTL

;Name Servers
@       IN      NS              dns-01
@       IN      NS              dns-02

;Mail Servers
@       IN      MX      0       mail-01

;Other Servers
dns-01  IN      A               192.168.116.4
dns-02  IN      A               192.168.116.5
mail-01 IN      A               192.168.116.6
web-01  IN      A               192.168.116.3

;Canonical Names
www     IN      CNAME           web-01
mail    IN      CNAME           mail-01

Add Secondary name server records in Reverse Zone.

# vi /var/named/116.168.192.in-addr.arpa

and add  NS, A and PTR records of our Secondary (Slave) DNS as follows.

$TTL 1h
@       IN      SOA     116.168.192.in-addr.arpa    root.example.com. (
        2019080901      ; Serial YYYYMMDDnn
        24h             ; Refresh
        2h              ; Retry
        28d             ; Expire
        2d )            ; Minimum TTL

;Name Servers
@       IN      NS              dns-01
@       IN      NS              dns-02

;Other Servers
dns-01  IN      A       192.168.116.4
dns-02  IN      A       192.168.116.5

;PTR Records
4               IN      PTR             dns-01
5               IN      PTR             dns-02
6               IN      PTR             mail-01
3               IN      PTR             web-01

Restart named.service to apply changes.

# systemctl restart named.service

Check /etc/named directory at dns-02.example.com.

# ls /var/named
116.168.192.in-addr.arpa  dynamic      named.ca     named.localhost  slaves
data                      example.com  named.empty  named.loopback

The zone files are automatically replicating to secondary DNS Authoritative Server.

Now add this Secondary DNS server to client’s resolve.conf file.

# nmcli c m ens33 +ipv4.dns 192.168.116.5
# nmcli c down ens33 ; nmcli c up ens33
Connection 'ens33' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)

Check resolv.conf contents.

# cat /etc/resolv.conf
# Generated by NetworkManager
search example.com
nameserver 192.168.116.4
nameserver 192.168.116.5

Check Secondary DNS settings by query a hostname.

# dig @192.168.116.5 mail.example.com

; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.2 <<>> @192.168.116.5 mail.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21668
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mail.example.com.              IN      A

;; ANSWER SECTION:
mail.example.com.       3600    IN      CNAME   mail-01.example.com.
mail-01.example.com.    3600    IN      A       192.168.116.6

;; AUTHORITY SECTION:
example.com.            3600    IN      NS      dns-02.example.com.
example.com.            3600    IN      NS      dns-01.example.com.

;; ADDITIONAL SECTION:
dns-01.example.com.     3600    IN      A       192.168.116.4
dns-02.example.com.     3600    IN      A       192.168.116.5

;; Query time: 2 msec
;; SERVER: 192.168.116.5#53(192.168.116.5)
;; WHEN: Sat Aug 10 13:09:59 PKT 2019
;; MSG SIZE  rcvd: 157

Our Secondary (Slave) DNS Authoritative Server has been configured and working fine.

Recommended Online Training: Learn Bash Shell in Linux for Beginners

Final Thoughts

Thank you for following this guide on how to set up a DNS Authoritative Server in CentOS 7. If you need further assistance or prefer a professional to handle the setup, I offer expert services on Fiverr. Visit my Fiverr profile to hire me for a reliable and efficient DNS Authoritative Server configuration. Let me help you ensure robust and effective domain name management for your network!