How to install DNS server on RHEL 8 / CentOS 8 Linux

This guide will show how to install and configure a DNS Server in RHEL 8 / CentOS 8 in caching mode only or as single DNS Server, no master-slave configuration. A reverse and forward zone example is provided.

In this tutorial you will learn:

  • How to install a DNS server in RHEL 8 / CentOS 8
  • How to configure a server as caching only DNS Server
  • How to configure a server as single DNS Server

client resolving a query through the DNS server

Client resolving a query through the DNS server.

Software Requirements and Conventions Used

Software Requirements and Linux Command Line
Category Networking
System RHEL 8 / CentOS 8
Software bind
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user


Before starting it is assumed that:

  • You or your organization has already created an account in Red Hat
  • RHEL 8 / CentOS 8 has been already downloaded and installed
  • The system has been already registered through the Subscription
  • You have already setup a local or remote repository

DNS Server installation

  1. Bind installation
    We are going to install package BIND, the most famous Open Source DNS Server, through the dnf tool to which now yum is based.
    The command to run is:

    #  dnf -y install bind*

    Which should install all these packages:

    List of bind packages

    List of bind packages

Common DNS Server Configuration

  1. Configuring the Firewall
    We need enable the DNS service:

    # firewall-cmd --permanent --zone=public --add-service=dns

    and reload the configuration:

    # firewall-cmd --reload
  2. Backing up main configuration files
    It is always a good habit to make an initial backup copy of the main bind config files; also before any change.

    #  cp /etc/named.conf /etc/
    #  cp /etc/named.rfc1912.zones /etc/
  3. Checking the network configuration
    A DNS Server must have a static IP address, let’s verify is the case:

    $  cat /etc/sysconfig/network-scripts/ifcfg-enp0s3|egrep -i "boot|ipaddr|mask|gateway"

    Which, for instance, yields the below results:


    Of course your network configuration might be different, yet again the IP address must be static.

  4. Choosing the domain name
    To set a Fully Qualified Domain Name or FQDN

    #  hostnamectl set-host name

    You can of course choose another name, here I have invented a domain name which doesn’t appear to have been registered to any organization.

  5. Resolver configuration
    We are going to configure the resolv.conf file. The first lines must be:


    This is both in the server and in any client querying our DNS; of course you need to add a second name server to resolve internet sites or any other domain.

  6. Disabling the Network Manager DNS auto-configuration
    We don’t want the Network Manager to change the resolv.conf file. To do that we simply add the
    line: dns=none in the file /etc/NetworkManager/NetworkManager.conf, and we reload the service:

    #  systemctl reload NetworkManager
  7. Enabling the bind service at startup
    We need to make sure the DNS service is started with the system so:

    #  systemctl enable named

DNS Server types

It is possible to configure a DNS server to work in one of the below modes, only one at time:

  • Root Server
  • Single Server
  • Secondary Server
  • Caching-only Server
  • Forwarding Server

In this article we will only describe how to setup a Caching-only Server and a Single Server.

A caching-only DNS server does not host any zone and is not authoritative for a particular domain; when the server is initially started, it has no cached information and the information is obtained over time as client requests are

A primary or single DNS server is authoritative for a domain, but we have no high availability and therefore if it is down or unreachable no DNS query for the domain will work, unless cached or duplicated in the static file /etc/hosts.

What we have configured so far is common whichever “configuration mode” we will choose.
  1. Caching only DNS Server
    We make sure the following lines are changed/configured in the named.conf file:

    listen-on port 53 {;; };
    #listen-on-v6 port 53 { ::1; };
    allow-query {;; };
    recursion yes;
    allow-recursion {;; };

    For simplicity here the server will not listen on an IPv6 address ( the relative line is therefore commented ). To check if the configuration is OK we can run the command:

    #  named-checkconf

    if everything is fine no output is returned. Finally we need to have the service reload its configuration:

    #  systemctl reload named
  2. Single DNS server
    In case we choose this type it will be our authoritative DNS server in charge for any name resolution in the domain we have chosen. Here also we are going to edit /etc/named.conf:

    listen-on port 53 { localhost;; };
    #listen-on-v6 port 53 { ::1; };
    allow-query {;; };
    recursion no;

    In this guide, for simplicity, we are not setting the bind service to listen on an IPv6 address.

    The option recursion no makes sure the DNS will not do all the job to provide an answer to a particular query, but will delegate to the root servers if necessary and to other authoritative servers the task for those unknown names or IP. In other words: an authoritative server must not be recursive.

    Afterwards we have to specify our zone files; here we will configure a forward zone (to resolve to an IP from a name) and a reverse zone (to resolve to a name given an IP address) each in its specific file, by appending the following lines to the file named.rfc1912.zones file:

    zone "" IN {
                   type master;
                   file "";
                   allow-update { none; };
    zone "" IN {
                   type master;
                   file "";
                   allow-update { none; };

    The option allow-update refers to DNS dynamic updates, that means an application in a host can add a DNS record; for security reasons this is disabled by default and therefore only the system administrator can add records and manually.

    Now we need to create the files and Usually the zone files are inside the
    directory /var/named as we can infer from the directory option in the named.conf configuration file.

    Our file will contain:

    $TTL     1D
    @        IN  SOA (
                          2019022400 ; serial
                          3h         ; refresh
                          15         ; retry
                          1w         ; expire
                          3h         ; minimum
             IN  NS
    dns-srv  IN  A

    And the file:

    $TTL     1D
    @        IN  SOA (
                          2019022400 ; serial
                          3h         ; refresh
                          15         ; retry
                          1w         ; expire
                          3h         ; minimum
             IN  NS
    63       IN  PTR

    In the mentioned config files SOA (Start Of Authority) defines the global parameters for the zone (domain); only one Resource Record can be specified (the line with SOA keyword with our fully qualified domain name). The Time To Leave ($TTL) is by default 1 day (or 86400 seconds) and should be temporarily shortened if changing any entry in this config file as it tells the DNS server for how long to cache any information retrieved. Most important is to remember to end any Fully Qualified Domain Name in these configuration files with a dot.

    Here is the e-mail address and 2019022400 a serial field which in practice is there to track any change in the zone file and conventionally is in the form YYYYmmddss, where ss is a two-digit number.

    In the reverse file you might have noticed everything looks the same except the last line. There we specify with PTR a reverse lookup which will resolve to; it is just needed to type the last digit 63 which identifies the host (as netmask is

    Now we make sure to have the correct permissions:

    #  chgrp named /var/named/
    #  chgrp named /var/named/

    To check that the zone files are correctly configured you can issue the commands:

    #  named-checkzone /var/named/
    #  named-checkzone /var/named/

    And to verify the overall configuration:

    #  named-checkconf -v

    If everything’s fine we can reload the service:

    #  systemctl reload named

Client configuration

  1. Configuring the Firewall
    We need to configure the firewall as explained above with the server. For simplicity I’m assuming the client is also a RHEL 7 or 8.
  2. Resolver configuration
    The first nameserver must be our server DNS, also here make sure the Network Manager doesn`t alter the resolv.conf file.
  3. Setting the Hostname
    For consistency any client in the domain would have a FQDN hostname assigned.

Finally we verify our DNS configuration is working, from a client, by trying to ping the DNS server by name.

client resolving a query through the DNS server

Client resolving a query through the DNS server.


Setting up a DNS Server is a task that any serious administrator should have done at least once and in RHEL 8 the way to do it is not difficult.