How to setup BIND DNS Server on Rocky Linux 8

Learn how to setup a BIND DNS Server on Rocky Linux 8 with our step-by-step guide. Ensure efficient and reliable domain name resolution for your network. #centlinux #linux #dns

What is BIND DNS Server?

BIND is most widely used DNS (Domain Name Server) software. Its name originates as an acronym of Berkeley Internet Name Domain. BIND is also called by it service name i.e. named (or Name Daemon). BIND latest version 9 is available now and distributed under Mozilla Public License (MPL). BIND is developed and maintained by Internet Systems Consortium (ISC).

Almost every Internet connection starts with a DNS lookup. Hostname to IP resolution is necessary before sending an email or browsing a website and BIND is the preferred DNS server for Unix / Linux operating systems.

Also Read: 

Configure Authoritative DNS Server in CentOS 7
Configure Caching Only DNS Server in CentOS 7

BIND DNS Alternatives

There are several alternatives to BIND (Berkeley Internet Name Domain) DNS Server that you can consider, each offering unique features and benefits:

1. Unbound: A validating, recursive, and caching DNS resolver that emphasizes security and performance. It’s known for its simplicity and high performance.
2. PowerDNS: An open-source DNS server software that includes both an authoritative server and a recursive resolver. PowerDNS is highly scalable and supports various backends like SQL databases, making it suitable for large-scale deployments.
3. Knot DNS: A high-performance authoritative DNS server. Knot DNS is optimized for scalability and performance, suitable for high-load environments.
4. djbdns: A collection of DNS applications created by Daniel J. Bernstein. It’s designed with security in mind and is known for its simplicity and speed. However, it lacks some of the features found in more modern DNS servers.
5. NSD (Name Server Daemon): An authoritative-only DNS server that is designed for high performance, reliability, and simplicity. It’s a good choice if you need a server focused solely on authoritative responses.
6. MaraDNS: A lightweight, security-focused DNS server. MaraDNS is straightforward to set up and is suitable for small to medium-sized deployments.
7. CoreDNS: A flexible and extensible DNS server that integrates seamlessly with Kubernetes. CoreDNS is often used in containerized environments and supports plugins for additional functionality.

Each of these alternatives offers distinct advantages, so the best choice will depend on your specific requirements, such as performance, scalability, ease of configuration, and specific use cases (like integration with other systems or security features).

Recommended Book: DNS and BIND (5th Edition) (PAID LINK) by Cricket Liu & Paul Albitz
Recommended Online Training: Mastering BIND DNS

Environment Specification

We are using two minimal Rocky Linux 8 virtual machines with following specification.

• CPU – 3.4 Ghz (2 cores)
• Memory – 2 GB
• Storage – 20 GB
• Operating System – Rocky Linux 8.6 (Green Obsidian)
• Hostname – nameserver-01.centlinux.com, nameserver-02.centlinux.com
• IP Address – 192.168.116.128 /24, 192.168.116.129 /24

Prepare Rocky Linux 8 Servers

Connect with your Linux server as root user with the help of a SSH client.

Rebuild cache of installed yum repositories.

# dnf makecache
Rocky Linux 8 - AppStream                       1.5 kB/s | 4.8 kB     00:03
Rocky Linux 8 - AppStream                       670 kB/s | 8.8 MB     00:13
Rocky Linux 8 - BaseOS                          1.1 kB/s | 4.3 kB     00:04
Rocky Linux 8 - BaseOS                          486 kB/s | 3.6 MB     00:07
Rocky Linux 8 - Extras                          864  B/s | 3.5 kB     00:04
Rocky Linux 8 - Extras                          3.5 kB/s |  11 kB     00:03
Metadata cache created.

Execute following command to update your Linux server.

# dnf update -y

If the above command updates your Linux Kernel then, you should reboot your operating system with the new kernel.

# reboot

Verify the version of Linux operating system that is being used in this installation guide.

# cat /etc/os-release
NAME="Rocky Linux"
VERSION="8.6 (Green Obsidian)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.6"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Rocky Linux 8.6 (Green Obsidian)"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:rocky:rocky:8:GA"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
ROCKY_SUPPORT_PRODUCT="Rocky Linux"
ROCKY_SUPPORT_PRODUCT_VERSION="8"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8"

Install BIND software packages by executing following command at Linux bash prompt.

# dnf install -y bind bind-utils

Allow the DNS service in Linux Firewall.

# firewall-cmd --permanent --add-service=dns
success
# firewall-cmd --reload
success

Before moving forward, ensure that you have performed above steps on Both Master and Slave Private DNS servers.

Setup BIND DNS Server – Master

By using a SSH client, connect with nameserver-01.centlinux.com as root user.

Open BIND configuration file in vim text editor.

# vi /etc/named.conf

Locate and set following directives in this file.

listen-on port 53 { 127.0.0.1; 192.168.116.128; };
allow-query     { localhost; 192.168.116.0/24; };

Add following directive at the end to this file, to include named.conf.local file in BIND configurations.

include "/etc/named.conf.local";

Create configuration file named.conf.local by using vi command.

# vi /etc/named.conf.local

Add following directives in this file.

zone "centlinux.com" {
   type master;
   allow-transfer {192.168.116.129; };
   also-notify {192.168.116.129; };
   file "/var/named/centlinux.com";
};

zone "116.168.192.in-addr.arpa" {
   type master;
   allow-transfer {192.168.116.129; };
   also-notify {192.168.116.129; };
   file "/var/named/116.168.192.in-addr.arpa";
};

Now create BIND zone configuration file /var/named/centlinux.com by using vi command.

# vi /var/named/centlinux.com

Add following directives in this file.

$TTL 1h
@       IN      SOA     centlinux.com.    root.centlinux.com. (
        2022070401      ; Serial YYYYMMDDnn
        24h             ; Refresh
        2h              ; Retry
        28d             ; Expire
        2d )            ; Minimum TTL

;Name Servers
@       IN      NS              nameserver-01
@       IN      NS              nameserver-02

;Mail Servers
@       IN      MX      0       mailserver-01

;Other Servers
nameserver-01  IN      A               192.168.116.128
nameserver-02  IN      A               192.168.116.129
mailserver-01  IN      A               192.168.116.5
webserver-01   IN      A               192.168.116.10

;Canonical Names
www     IN      CNAME           webserver-01
mail    IN      CNAME           mailserver-01

Check above zone configuration file by executing following command.

# named-checkzone example.com /var/named/centlinux.com
zone example.com/IN: loaded serial 2022070401
OK

Create the reverse lookup zone by using vi command.

# vi /var/named/116.168.192.in-addr.arpa

Add following directives therein.

$TTL 1h
@       IN      SOA     116.168.192.in-addr.arpa    root.centlinux.com. (
        2022070401      ; Serial YYYYMMDDnn
        24h             ; Refresh
        2h              ; Retry
        28d             ; Expire
        2d )            ; Minimum TTL

;Name Servers
@       IN      NS              nameserver-01
@       IN      NS              nameserver-02

;Other Servers
nameserver-01  IN      A       192.168.116.128
nameserver-02  IN      A       192.168.116.129

;PTR Records
128              IN      PTR             nameserver-01
129              IN      PTR             nameserver-02
5                IN      PTR             mailserver-01
10               IN      PTR             webserver-01

Check the zone configuration file by executing following command.

# named-checkzone example.com /var/named/116.168.192.in-addr.arpa
zone example.com/IN: loaded serial 2022070401
OK

Adjust the group ownership of DNS zone configuration file as follows.

# chgrp named /var/named/centlinux.com
# chgrp named /var/named/116.168.192.in-addr.arpa

Setup BIND DNS Server – Slave

By using a SSH client, connect with nameserver-02.centlinux.com as root user.

Open BIND configuration file in vim text editor.

# vi /etc/named.conf

Locate and set following directives in this file.

listen-on port 53 { 127.0.0.1; 192.168.116.129; };
allow-query     { localhost; 192.168.116.0/24; };

Add following directive at the end to this file, to include named.conf.local file in BIND configurations.

include "/etc/named.conf.local";

Create configuration file named.conf.local by using vi command.

# vi /etc/named.conf.local

Add following directives therein.

zone "centlinux.com" {
   type slave;
   masters { 192.168.116.128; };
   file "/var/named/centlinux.com";
};

zone "116.168.192.in-addr.arpa" {
   type slave;
   masters { 192.168.116.128; };
   file "/var/named/116.168.192.in-addr.arpa";
};

There is no need to create BIND zone configuration files as you created in Master DNS server.

Because the Slave DNS server will automatically synchronize these files from Master DNS server.

For this purpose, you only have to set a SELinux boolean, so your Secondary (Slave) DNS server can accept zone transfers and update local zone files.

# setsebool -P named_write_master_zones on

Starting DNS Services

Perform following steps on both DNS servers to configure and start your Private Naming services.

Enable and start BIND DNS service.

# systemctl enable --now named.service
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.

Execute nmcli command on your Linux servers to set Primary and Secondary DNS servers.

# nmcli c m ens160 ipv4.dns-search centlinux.com ipv4.dns 192.168.116.128,192.168.116.129

Restart network interface to apply changes.

# nmcli c down ens160 ; nmcli c up ens160
Connection 'ens160' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)

Verify the DNS server settings by looking into /etc/resolv.conf file.

# cat /etc/resolv.conf
# Generated by NetworkManager
search centlinux.com
nameserver 192.168.116.128
nameserver 192.168.116.129
nameserver 192.168.116.2

Perform a NS lookup by using dig command to check your BIND Private DNS server.

# dig www.centlinux.com

; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> www.centlinux.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38962
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 2108cd2a025d0e7eed402aa062c5a337697d84f4ea85f1fa (good)
;; QUESTION SECTION:
;www.centlinux.com.             IN      A

;; ANSWER SECTION:
www.centlinux.com.      3600    IN      CNAME   webserver-01.centlinux.com.
webserver-01.centlinux.com. 3600 IN     A       192.168.116.10

;; AUTHORITY SECTION:
centlinux.com.          3600    IN      NS      nameserver-01.centlinux.com.
centlinux.com.          3600    IN      NS      nameserver-02.centlinux.com.

;; ADDITIONAL SECTION:
nameserver-01.centlinux.com. 3600 IN    A       192.168.116.128
nameserver-02.centlinux.com. 3600 IN    A       192.168.116.129

;; Query time: 0 msec
;; SERVER: 192.168.116.128#53(192.168.116.128)
;; WHEN: Wed Jul 06 19:59:03 PKT 2022
;; MSG SIZE  rcvd: 205

You can see that the NS lookup is successfully satisfied by your Naming servers.

What’s Next: How to enable DNSSEC for BIND DNS Server

Final Thoughts

Thank you for following our guide on setting up a BIND DNS Server on Rocky Linux 8. We hope this tutorial has made the process clear and straightforward. If you need further assistance or personalized support, please visit my Fiverr profile.