Hamsa K
Editor
9 min read | 6 months ago

How to Install DNS Server in Centos 8

Setup DNS Server (BIND) in centos 8

DNS server is a service that helps to resolve a fully qualified domain name into an IP address and additionally, perform a reverse translation that means translation of an IP address to domain name.

There are some important dns records we will use in this configuration. 

Brief explanation given below about few DNS records.

  • A: this is Address record and It points to a domain/subdomain name to the ip address.
  • SOA (Start of Authority): this record contains information about DNS zones & other DNS records.
  • CN (canonical name): this specifies the alias of one domain name to another domain name.
  • MX (mail): this is the mail server record which is responsible for accepting of mail.
  • TTL: this is a setting for each DNS record that specifies how long a resolver is supposed to cache DNS query before the query expires
    and a new one needs to be done.
  • Serial: this value is used by the DNS server to verify that the contents of a particular zone file are up-to-date
  • PTR: pointer record wich resolves an IP address to a domain name.

My server configuration:

Server : Centos 8 (minimal)
IP: 192.168.0.21
HostName: primary.lampblogs.local
Domain : lampblogs.local

Step 1: Install dns

[root@primary ~]# yum install bind*

once bind packages are installed, then start  and enable the service with following commands.

[root@primary ~]# systemctl start named
[root@primary ~]# systemctl enable named
[root@primary ~]# systemctl status named

Step 2: configure dns server

lets open named.conf file like below

[root@primary ~]# vi /etc/named.conf

Lets comment below lines

//      listen-on port 53 { 127.0.0.1; };
//      listen-on-v6 port 53 { ::1; };

Go below and search for allow-query to add your network. Here i am adding my network 192.168.0.0/24

allow-query     { localhost;192.168.0.0/24; };

Step 3: creating zones

A Forward Zone is where the hostname (or FQDN) to IP address relations are stored; it returns an IP address using the hostname. Note that normal DNS queries are forward lookup queries. On the other hand, a Reverse Zone returns the fully qualified domain name of a host based on its IP address.

Here we are defining forward and reverse lookup zones in named.conf file

[root@primary ~]# vi /etc/named.conf

Add below lines at end of the file to create forward and reverse lookupzones

zone "lampblogs.local" IN {
type master;
file "lampblogs.forward";
allow-update { none; };
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "lampblogs.reverse";
allow-update { none; };
};

Step 4: create forward lookup zone

open forward lookup zone file

[root@primary ~]# vi /var/named/lampblogs.forward

Add below lines to aboeve file and save it

$TTL 86400
@ IN SOA primary.lampblogs.local. root.lampblogs.local. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS primary.lampblogs.local.
primary IN A 192.168.0.21
www IN A 192.168.0.15

Step 5: create Reverse lookup zone

open reverse lookup zone file 

[root@primary ~]# vi /var/named/lampblogs.reverse

Add below content to above file and save it

$TTL 86400
@ IN SOA primary.lampblogs.local. root.lampblogs.local. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS primary.lampblogs.local.
@ IN PTR lampblogs.local.
primary IN A 192.168.0.21
21 IN PTR  primary.lampblogs.local.
15 IN  PTR  www.lampblogs.local.

Step 6: verify dns configuration

To check all dns configuration files we use named-checkconf file.

[root@primary ~]# named-checkconf /etc/named.conf

If we didn't get any error then our configuration is good.

Now check forward and reverse lookup zone files with below commands

[root@primary ~]# named-checkzone lampblogs.local /var/named/lampblogs.forward
zone lampblogs.local/IN: loaded serial 2011071001
OK
[root@primary ~]# named-checkzone lampblogs.local /var/named/lampblogs.reverse
zone lampblogs.local/IN: loaded serial 2011071001
OK

Step 7: start dns service

Now we will start dns service with following commands

[root@primary ~]# systemctl start named
[root@primary ~]# systemctl enable named

sample output:

[root@primary ~]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2020-02-14 14:59:46 IST; 28min ago
  Process: 1564 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 1562 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files>
 Main PID: 1566 (named)
    Tasks: 4 (limit: 11527)
   Memory: 59.0M
   CGroup: /system.slice/named.service
           └─1566 /usr/sbin/named -u named -c /etc/named.conf
Feb 14 14:59:46 primary.lampblogs.local named[1566]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Feb 14 14:59:46 primary.lampblogs.local named[1566]: zone 0.168.192.in-addr.arpa/IN: loaded serial 2011071001
Feb 14 14:59:46 primary.lampblogs.local named[1566]: zone localhost/IN: loaded serial 0
Feb 14 14:59:46 primary.lampblogs.local named[1566]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Feb 14 14:59:46 primary.lampblogs.local named[1566]: zone localhost.localdomain/IN: loaded serial 0
Feb 14 14:59:46 primary.lampblogs.local named[1566]: all zones loaded
Feb 14 14:59:46 primary.lampblogs.local named[1566]: running

Step 8: Allow dns in firewall

If firewall is running on your system then allow dns service like below

[root@primary ~]# firewall-cmd --permanent --add-port=53/udp
[root@primary ~]# firewall-cmd --reload

Step 9: Verify dns server

To test the dns, go to cllient machine and change dns ip in /etc/resolv.conf as 192.168.0.21 and save the file.

nameserver 192.168.0.21

and restart netowk service like below

systemctl restart NetworkManager

Use the following command to verify the forward lookup

dig www.lampblogs.local

sample output

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el8 <<>> www.lampblogs.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23097
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 30cb8899b9ae88f3df96ee055e455a97d48bb599c2d7529d (good)
;; QUESTION SECTION:
;www.lampblogs.local.           IN      A
;; ANSWER SECTION:
www.lampblogs.local.    86400   IN      A       192.168.0.15
;; AUTHORITY SECTION:
lampblogs.local.        86400   IN      NS      primary.lampblogs.local.
;; ADDITIONAL SECTION:
primary.lampblogs.local. 86400  IN      A       192.168.0.21
;; Query time: 0 msec
;; SERVER: 192.168.0.21#53(192.168.0.21)
;; WHEN: Thu Feb 13 19:47:59 IST 2020
;; MSG SIZE  rcvd: 130

That’s it. You have successfully installed DNS on centos8 as master (Primary) server.

 



Warning! This site uses cookies
By continuing to browse the site, you are agreeing to our use of cookies. Read our terms and privacy policy