Learn how to setup a BIND DNS Server on Rocky Linux 8 with our step-by-step guide. Ensure efficient and reliable domain name resolution for your network. #centlinux #linux #dns
Table of Contents
What is BIND DNS Server?
BIND is most widely used DNS (Domain Name Server) software. Its name originates as an acronym of Berkeley Internet Name Domain. BIND is also called by it service name i.e. named (or Name Daemon). BIND latest version 9 is available now and distributed under Mozilla Public License (MPL). BIND is developed and maintained by Internet Systems Consortium (ISC).
Almost every Internet connection starts with a DNS lookup. Hostname to IP resolution is necessary before sending an email or browsing a website and BIND is the preferred DNS server for Unix / Linux operating systems.
Also Read:
Configure Authoritative DNS Server in CentOS 7
Configure Caching Only DNS Server in CentOS 7
BIND DNS Alternatives
There are several alternatives to BIND (Berkeley Internet Name Domain) DNS Server that you can consider, each offering unique features and benefits:
- Unbound: A validating, recursive, and caching DNS resolver that emphasizes security and performance. It’s known for its simplicity and high performance.
- PowerDNS: An open-source DNS server software that includes both an authoritative server and a recursive resolver. PowerDNS is highly scalable and supports various backends like SQL databases, making it suitable for large-scale deployments.
- Knot DNS: A high-performance authoritative DNS server. Knot DNS is optimized for scalability and performance, suitable for high-load environments.
- djbdns: A collection of DNS applications created by Daniel J. Bernstein. It’s designed with security in mind and is known for its simplicity and speed. However, it lacks some of the features found in more modern DNS servers.
- NSD (Name Server Daemon): An authoritative-only DNS server that is designed for high performance, reliability, and simplicity. It’s a good choice if you need a server focused solely on authoritative responses.
- MaraDNS: A lightweight, security-focused DNS server. MaraDNS is straightforward to set up and is suitable for small to medium-sized deployments.
- CoreDNS: A flexible and extensible DNS server that integrates seamlessly with Kubernetes. CoreDNS is often used in containerized environments and supports plugins for additional functionality.
Each of these alternatives offers distinct advantages, so the best choice will depend on your specific requirements, such as performance, scalability, ease of configuration, and specific use cases (like integration with other systems or security features).
100 Pcs Nylon Universal Cable Tie Buckle – New Multifunctional Nylon Zip Ties With Pin & Button Design Plastic Cable Ties Tool Fasteners Car Body UV Resistant Zipties for Car Daily Repair Bumper Clips
11% OffEnvironment Specification
We are using two minimal Rocky Linux 8 virtual machines with following specification.
- CPU – 3.4 Ghz (2 cores)
- Memory – 2 GB
- Storage – 20 GB
- Operating System – Rocky Linux 8.6 (Green Obsidian)
- Hostname – nameserver-01.centlinux.com, nameserver-02.centlinux.com
- IP Address – 192.168.116.128 /24, 192.168.116.129 /24
For setting up your BIND DNS server on Rocky Linux 8, having a reliable and flexible environment is key. Many Linux enthusiasts and professionals prefer using a dedicated Mini PC or a VPS (Virtual Private Server) for their home lab setups. A Mini PC offers a compact, energy-efficient, and always-on platform perfect for experimenting with Linux server configurations right from your home.
[Power Your Projects with the Best Mini PC – Shop Now!]
Alternatively, a VPS from providers like Rose Hosting delivers scalable remote access with robust network capabilities, ideal for testing DNS setups in real-world conditions without incurring hardware costs or space requirements.
[Discover the Power of Rose Hosting VPS – Limited Time Offer!]
Leveraging either option can significantly enhance your learning experience and provide a stable environment for continuous server management practice.
Disclaimer: Some of the links in this post are affiliate links, meaning at no additional cost to you, we may earn a commission if you click through and make a purchase. This helps support the blog and allows us to continue providing valuable Linux tutorials and recommendations.
Prepare Rocky Linux 8 Servers
Connect with your Linux servers as root user with the help of a SSH client.
Rebuild cache of installed yum repositories.
dnf makecacheExecute following command to update your Linux server.
dnf update -yIf the above command updates your Linux Kernel then, you should reboot your operating system with the new kernel.
rebootVerify the version of Linux operating system that is being used in this installation guide.
cat /etc/os-releaseOutput:
NAME="Rocky Linux"
VERSION="8.6 (Green Obsidian)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.6"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Rocky Linux 8.6 (Green Obsidian)"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:rocky:rocky:8:GA"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
ROCKY_SUPPORT_PRODUCT="Rocky Linux"
ROCKY_SUPPORT_PRODUCT_VERSION="8"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8"
Install BIND software packages by executing following command at Linux bash prompt.
dnf install -y bind bind-utilsAllow the DNS service in Linux Firewall.
firewall-cmd --permanent --add-service=dns
firewall-cmd --reloadBefore moving forward, ensure that you have performed above steps on Both Master and Slave Private DNS servers.
Setup BIND DNS Server – Master
By using a SSH client, connect with nameserver-01.centlinux.com as root user.
Open BIND configuration file in vim text editor.
vi /etc/named.confLocate and set following directives in this file.
listen-on port 53 { 127.0.0.1; 192.168.116.128; };
allow-query { localhost; 192.168.116.0/24; };Add following directive at the end to this file, to include named.conf.local file in BIND configurations.
include "/etc/named.conf.local";Create configuration file named.conf.local by using vi command.
vi /etc/named.conf.localAdd following directives in this file.
zone "centlinux.com" {
type master;
allow-transfer {192.168.116.129; };
also-notify {192.168.116.129; };
file "/var/named/centlinux.com";
};
zone "116.168.192.in-addr.arpa" {
type master;
allow-transfer {192.168.116.129; };
also-notify {192.168.116.129; };
file "/var/named/116.168.192.in-addr.arpa";
};Now create BIND zone configuration file /var/named/centlinux.com by using vi command.
vi /var/named/centlinux.comAdd following directives in this file.
$TTL 1h
@ IN SOA centlinux.com. root.centlinux.com. (
2022070401 ; Serial YYYYMMDDnn
24h ; Refresh
2h ; Retry
28d ; Expire
2d ) ; Minimum TTL
;Name Servers
@ IN NS nameserver-01
@ IN NS nameserver-02
;Mail Servers
@ IN MX 0 mailserver-01
;Other Servers
nameserver-01 IN A 192.168.116.128
nameserver-02 IN A 192.168.116.129
mailserver-01 IN A 192.168.116.5
webserver-01 IN A 192.168.116.10
;Canonical Names
www IN CNAME webserver-01
mail IN CNAME mailserver-01Check above zone configuration file by executing following command.
named-checkzone example.com /var/named/centlinux.comOutput:
zone example.com/IN: loaded serial 2022070401
OK
Create the reverse lookup zone by using vi command.
vi /var/named/116.168.192.in-addr.arpaAdd following directives therein.
$TTL 1h
@ IN SOA 116.168.192.in-addr.arpa root.centlinux.com. (
2022070401 ; Serial YYYYMMDDnn
24h ; Refresh
2h ; Retry
28d ; Expire
2d ) ; Minimum TTL
;Name Servers
@ IN NS nameserver-01
@ IN NS nameserver-02
;Other Servers
nameserver-01 IN A 192.168.116.128
nameserver-02 IN A 192.168.116.129
;PTR Records
128 IN PTR nameserver-01
129 IN PTR nameserver-02
5 IN PTR mailserver-01
10 IN PTR webserver-01Check the zone configuration file by executing following command.
named-checkzone example.com /var/named/116.168.192.in-addr.arpaOutput:
zone example.com/IN: loaded serial 2022070401
OK
Adjust the group ownership of DNS zone configuration file as follows.
chgrp named /var/named/centlinux.com
chgrp named /var/named/116.168.192.in-addr.arpa
2-in-1 Nasal Hair Cutter, 2025 Professional Nose Hair Trimmer with 360° Rotation & Ear Picker, Dual-Blade Manual Nasal Grooming Tool with Soft Cleaning Brush for Men and Women (Blue, 3 PCS)
$5.59 (as of October 28, 2025 22:23 GMT +00:00 – More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)Setup BIND DNS Server – Slave
By using a SSH client, connect with nameserver-02.centlinux.com as root user.
Open BIND configuration file in vim text editor.
vi /etc/named.confLocate and set following directives in this file.
listen-on port 53 { 127.0.0.1; 192.168.116.129; };
allow-query { localhost; 192.168.116.0/24; };Add following directive at the end to this file, to include named.conf.local file in BIND configurations.
include "/etc/named.conf.local";Create configuration file named.conf.local by using vi command.
vi /etc/named.conf.localAdd following directives therein.
zone "centlinux.com" {
type slave;
masters { 192.168.116.128; };
file "/var/named/centlinux.com";
};
zone "116.168.192.in-addr.arpa" {
type slave;
masters { 192.168.116.128; };
file "/var/named/116.168.192.in-addr.arpa";
};There is no need to create BIND zone configuration files as you created in Master DNS server.
Because the Slave DNS server will automatically synchronize these files from Master DNS server.
For this purpose, you only have to set a SELinux boolean, so your Secondary (Slave) DNS server can accept zone transfers and update local zone files.
setsebool -P named_write_master_zones onStarting DNS Services
Perform following steps on both DNS servers to configure and start your Private Naming services.
Enable and start BIND DNS service.
systemctl enable --now named.serviceExecute nmcli command on your Linux servers to set Primary and Secondary DNS servers.
nmcli c m ens160 ipv4.dns-search centlinux.com ipv4.dns 192.168.116.128,192.168.116.129Restart network interface to apply changes.
nmcli c down ens160 ; nmcli c up ens160Verify the DNS server settings by looking into /etc/resolv.conf file.
cat /etc/resolv.confOutput:
# Generated by NetworkManager
search centlinux.com
nameserver 192.168.116.128
nameserver 192.168.116.129
nameserver 192.168.116.2
Perform a NS lookup by using dig command to check your BIND Private DNS server.
dig www.centlinux.comOutput:
; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> www.centlinux.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38962
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 2108cd2a025d0e7eed402aa062c5a337697d84f4ea85f1fa (good)
;; QUESTION SECTION:
;www.centlinux.com. IN A
;; ANSWER SECTION:
www.centlinux.com. 3600 IN CNAME webserver-01.centlinux.com.
webserver-01.centlinux.com. 3600 IN A 192.168.116.10
;; AUTHORITY SECTION:
centlinux.com. 3600 IN NS nameserver-01.centlinux.com.
centlinux.com. 3600 IN NS nameserver-02.centlinux.com.
;; ADDITIONAL SECTION:
nameserver-01.centlinux.com. 3600 IN A 192.168.116.128
nameserver-02.centlinux.com. 3600 IN A 192.168.116.129
;; Query time: 0 msec
;; SERVER: 192.168.116.128#53(192.168.116.128)
;; WHEN: Wed Jul 06 19:59:03 PKT 2022
;; MSG SIZE rcvd: 205
You can see that the NS lookup is successfully satisfied by your Naming servers.
What’s Next: How to enable DNSSEC for BIND DNS Server
ArtRage for Android
$2.99 (as of October 28, 2025 20:19 GMT +00:00 – More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)Frequently Asked Questions (FAQs)
1. What is the difference between authoritative and recursive DNS in BIND?
An authoritative DNS server hosts and serves DNS records for specific domains, while a recursive DNS server queries other servers to resolve domains for clients. BIND can do both.
2. How do I configure a basic forward DNS zone in BIND?
Edit /etc/bind/named.conf.local and add:
zone "example.com" {
type master;
file "/etc/bind/zones/centlinux.com.db";
}; Then create the zone file with DNS records (A, MX, etc.).
3. What’s the purpose of the named-checkconf and named-checkzone tools?
named-checkconfvalidates yournamed.conffor syntax errors.named-checkzonechecks zone files (e.g.,named-checkzone example.com /path/to/zone.db).
4. How do I enable DNS caching in BIND?
Configure a recursive resolver by editing named.conf.options:
options {
recursion yes;
allow-recursion { trusted-IPs; };
}; Restart BIND afterward.
5. How do I check if BIND is working?
Use dig or nslookup:
dig example.com @localhost
nslookup example.com 127.0.0.1 Check logs (/var/log/syslog) for errors.
Final Thoughts
Setting up a BIND DNS server on Rocky Linux 8 is a critical step in managing domain name resolution for your network. By following this guide, you’ve successfully installed and configured BIND, created zone files, and set up forward and reverse lookups, ensuring seamless DNS functionality. A properly configured BIND server helps improve network efficiency, manage domain resources effectively, and provide consistent name resolution.
Remember to secure your BIND server by implementing best practices, such as restricting access with firewalls, enabling DNSSEC for added security, and regularly monitoring your logs for any unusual activity. With your BIND DNS server operational, you can now provide reliable and scalable DNS services to support your network’s needs.
Searching for a skilled Linux admin? From server management to security, I ensure seamless operations for your Linux systems. Find out more on my Freelancer profile!
Recommended Courses
If you’re new to IT and want to build a solid foundation, “Introduction to Computer Networks for Non-Techies” by Alton Hardin is the perfect place to start. This beginner-friendly course explains networking concepts in simple, non-technical language, helping you understand how the internet, Wi-Fi, IP addresses, and servers actually work. Whether you’re exploring a career in tech or just want to improve your digital skills, this course gives you practical knowledge without overwhelming jargon. You can enroll through my affiliate link below and start learning today.
Disclaimer: This post contains affiliate links. If you make a purchase through these links, I may earn a small commission at no additional cost to you.
Leave a Reply
Please log in to post a comment.