This guide will show how to install and configure a DNS Server in RHEL-8 in caching mode only or as single DNS Server, no master-slave configuration. A reverse and forward zone example is provided.

In this tutorial you will learn:
  • How to install a DNS server in RHEL 8
  • How to configure a server as caching only DNS Server
  • How to configure a server as single DNS Server
client resolving a query through the DNS server
Client resolving a query through the DNS server.

Software Requirements and Conventions Used

Software Requirements and Linux Command Line Conventions
Category Networking
System RHEL 8.0 (Ootpa)
Software bind
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # - requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ - requires given linux commands to be executed as a regular non-privileged user

Prerequisites

Before starting it is assumed that:

  • You or your organization has already created an account in Red Hat
  • RHEL 8 has been already downloaded and installed
  • The system has been already registered through the Subscription Manager
  • You have already setup a local or remote repository

DNS Server installation

  1. Bind installation
    We are going to install BIND, the most famous Open Source DNS Server, through the dnf tool to which now yum is based.
    The command to run is:
    #  dnf -y install bind*
    Which should install all these packages:
    List of bind packages
    List of bind packages

  2. SUBSCRIBE TO NEWSLETTER
    Subscribe to Linux Career NEWSLETTER and receive latest Linux news, jobs, career advice and tutorials.


Common DNS Server Configuration

  1. Configuring the Firewall
    We need enable the DNS service:
    # firewall-cmd --permanent --zone=public --add-service=dns
    and reload the configuration:
    # firewall-cmd --reload
  2. Backing up main configuration files
    It is always a good habit to make an initial backup copy of the main bind config files; also before any change.
    #  cp /etc/named.conf /etc/named.conf.org
    #  cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.org
    
    
  3. Checking the network configuration
    A DNS Server must have a static IP address, let's verify is the case:
    $  cat /etc/sysconfig/network-scripts/ifcfg-enp0s3|egrep -i "boot|ipaddr|mask|gateway"
    Which, for instance, yields the below results:
    BOOTPROTO=static
    ONBOOT=yes
    IPADDR=10.0.0.63
    NETMASK=255.255.255.0
    GATEWAY=10.0.0.1
    

    Of course your network configuration might be different, yet again the IP address must be static.

  4. Choosing the domain name
    To set a Fully Qualified Domain Name or FQDN
    #  hostnamectl set-host name dns-srv.vulcansys-local.com

    You can of course choose another name, here I have invented a domain name which doesn't appear to have been registered to any organization.

  5. Resolver configuration
    We are going to configure the resolv.conf file. The first lines must be:
    search vulcansys-local.com
    nameserver 10.0.0.63
    

    This is both in the server and in any client querying our DNS; of course you need to add a second name server to resolve internet sites or any other domain.

  6. Disabling the Network Manager DNS auto-configuration
    We don't want the Network Manager to change the resolv.conf file. To do that we simply add the line: dns=none in the file /etc/NetworkManager/NetworkManager.conf, and we reload the service:
    #  systemctl reload NetworkManager
  7. Enabling the bind service at startup
    We need to make sure the DNS service is started with the system so:
    #  systemctl enable named


DNS Server types

It is possible to configure a DNS server to work in one of the below modes, only one at time:
  • Root Server
  • Single Server
  • Secondary Server
  • Caching-only Server
  • Forwarding Server
In this article we will only describe how to setup a Caching-only Server and a Single Server.
A caching-only DNS server does not host any zone and is not authoritative for a particular domain; when the server is initially started, it has no cached information and the information is obtained over time as client requests are satisfied.

A primary or single DNS server is authoritative for a domain, but we have no high availability and therefore if it is down or unreachable no DNS query for the domain will work, unless cached or duplicated in the static file /etc/hosts.
NOTE
What we have configured so far is common whichever "configuration mode" we will choose.
  1. Caching only DNS Server
    We make sure the following lines are changed/configured in the named.conf file:
    listen-on port 53 { 127.0.0.1; 10.0.0.63; };
    #listen-on-v6 port 53 { ::1; };
    allow-query { 127.0.0.1; 10.0.0.0/24; };
    recursion yes;
    allow-recursion { 127.0.0.1; 10.0.0.0/24; };
    

    For simplicity here the server will not listen on an IPv6 address ( the relative line is therefore commented ). To check if the configuration is OK we can run the command:

    #  named-checkconf
    if everything is fine no output is returned. Finally we need to have the service reload its configuration:
    #  systemctl reload named
  2. Single DNS server
    In case we choose this type it will be our authoritative DNS server in charge for any name resolution in the domain we have chosen.
    Here also we are going to edit /etc/named.conf:
    listen-on port 53 { localhost; 10.0.0.63; };
    #listen-on-v6 port 53 { ::1; };
    allow-query { 127.0.0.1; 10.0.0.0/24; };
    recursion no;
    In this guide, for simplicity, we are not setting the bind service to listen on an IPv6 address.

    The option recursion no makes sure the DNS will not do all the job to provide an answer to a particular query, but will delegate to the root servers if necessary and to other authoritative servers the task for those unknown names or IP. In other words: an authoritative server must not be recursive.

    Afterwards we have to specify our zone files; here we will configure a forward zone (to resolve to an IP from a name) and a reverse zone (to resolve to a name given an IP address) each in its specific file, by appending the following lines to the file named.rfc1912.zones file:
    zone "vulcansys-local.com" IN {
                   type master;
                   file "forward.zone";
                   allow-update { none; };
    };
    
    zone "63.0.0.10.in-addr.arpa" IN {
                   type master;
                   file "reverse.zone";
                   allow-update { none; };
    };

    The option allow-update refers to DNS dynamic updates, that means an application in a host can add a DNS record; for security reasons this is disabled by default and therefore only the system administrator can add records and manually.

    Now we need to create the files forward.zone and reverse.zone. Usually the zone files are inside the directory /var/named as we can infer from the directory option in the named.conf configuration file.

    Our forward.zone file will contain:
    $TTL     1D
    @        IN  SOA dns-srv.vulcansys-local.com. root.vulcansys-local.com. (
                          2019022400 ; serial
                          3h         ; refresh
                          15         ; retry
                          1w         ; expire
                          3h         ; minimum
                                                                                )
    
             IN  NS dns-srv.vulcansys-local.com.
    dns-srv  IN  A  10.0.0.63
    
    
    And the reverse.zone file:
    $TTL     1D
    @        IN  SOA dns-srv.vulcansys-local.com. root.vulcansys-local.com. (
                          2019022400 ; serial
                          3h         ; refresh
                          15         ; retry
                          1w         ; expire
                          3h         ; minimum
                                                                                )
    
             IN  NS dns-srv.vulcansys-local.com.
    63       IN  PTR  dns-srv.vulcansys-local.com
    In the mentioned config files SOA (Start Of Authority) defines the global parameters for the zone (domain); only one Resource Record can be specified (the line with SOA keyword with our fully qualified domain name). The Time To Leave ($TTL) is by default 1 day (or 86400 seconds) and should be temporarily shortened if changing any entry in this config file as it tells the DNS server for how long to cache any information retrieved. Most important is to remember to end any Fully Qualified Domain Name in these configuration files with a dot.

    Here root.vulcansys-local.com is the e-mail address and 2019022400 a serial field which in practice is there to track any change in the zone file and conventionally is in the form YYYYmmddss, where ss is a two-digit number.


    In the reverse file you might have noticed everything looks the same except the last line.
    There we specify with PTR a reverse lookup which will resolve to 10.0.0.63; it is just needed to type the last digit 63 which identifies the host (as netmask is 255.255.255.0).

    Now we make sure to have the correct permissions:
    #  chgrp named /var/named/reverse.zone
    #  chgrp named /var/named/forward.zone
    
    
    To check that the zone files are correctly configured you can issue the commands:
    #  named-checkzone vulcansys-local.com /var/named/forward.zone
    #  named-checkzone 10.0.0.63 /var/named/reverse.zone
    
    And to verify the overall configuration:
    #  named-checkconf -v
    If everything's fine we can reload the service:
    #  systemctl reload named

Client configuration

  1. Configuring the Firewall
    We need to configure the firewall as explained above with the server. For simplicity I'm assuming the client is also a RHEL 7 or 8.
  2. Resolver configuration
    The first nameserver must be our server DNS, also here make sure the Network Manager doesn`t alter the resolv.conf file.

  3. Setting the Hostname
    For consistency any client in the domain would have a FQDN hostname assigned.

  4. SUBSCRIBE TO NEWSLETTER
    Subscribe to Linux Career NEWSLETTER and receive latest Linux news, jobs, career advice and tutorials.


Finally we verify our DNS configuration is working, from a client, by trying to ping the DNS server by name.

client resolving a query through the DNS server
Client resolving a query through the DNS server.

Conclusion

Setting up a DNS Server is a task that any serious administrator should have done at least once and in RHEL 8 the way to do it is not difficult.

ARE YOU LOOKING FOR A LINUX JOB?
Submit your RESUME, create a JOB ALERT or subscribe to RSS feed on LinuxCareers.com.
LINUX CAREER NEWSLETTER
Subscribe to NEWSLETTER and receive latest news, jobs, career advice and tutorials.
DO YOU NEED ADDITIONAL HELP?
Get extra help by visiting our LINUX FORUM or simply use comments below.

You may also be interested in:



Comments and Discussions