All devices connected to the internet contain Unique IP Addresses that assist in communicating with each other. These IP addresses come in numbers like 192.168.0.0 for IPv4 and 2400:cb00:2048:1::c629:d7a2 for IPv6. Humans find it easy to remember names than IP addresses while devices use these IP addresses to communicate. To curb this, this is where DNS comes in. DNS which stands for Domain Name System resolves human-readable names referred to as domain names such as technixleo.com to a machine-readable IP address.
BIND DNS
BIND which stands for Berkeley Internet Name Domain is a type of DNS server that is free and open source. It enables you to publish DNS information on the internet and resolve DNS queries for users. BIND is among the first, oldest, and most commonly deployed solutions that most network engineers are familiar with. BIND has a list of components that include, Name server, Lightweight resolver, and Name Server tools.
Some of the features of BIND DNS include;
- Recursive DNS – Fetch data from DNS servers on behalf of DNS clients.
- Dynamic update – add or delete records on primary servers automatically without any specific kind of message.
- Authoritative DNS – publishes DNS records under the Servers Authoritative control.
- Split DNS – set up different views of the DNS space to internal and external resolvers.
- DNS Notify – allows primary DNS servers to inform secondary servers in case of a change in zone data.
- DNS Security Extensions (DNSSE) – cryptographically sign and verify authoritative data on caching server.
- Transaction SIGnatures (TSIG) – cryptographically sign DNS messages.
BIND is customizable and lets you create your custom tools with Perl or Python. It also has a large support community with a vast knowledge base for troubleshooting. You can also tailor BIND to fit your organization’s requirements.
This guide will show you how to Configure Master BIND DNS on CentOS 9|AlmaLinux 9|RHEL 9 systems.
Install BIND DNS on CentOS 9|AlmaLinux 9|RHEL 9
Update your system packages.
sudo dnf update -yInstall BIND and its utilities.
sudo dnf install bind bind-utilsStart and enable the named service.
sudo systemctl enable --now namedCheck for the status of the service.
$ systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor pre>
Active: active (running) since Wed 2022-06-29 13:48:57 EAT; 19s ago
Process: 6300 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == >
Process: 6302 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (>
Main PID: 6303 (named)
Tasks: 6 (limit: 48809)
Memory: 34.4M
CPU: 66ms
CGroup: /system.slice/named.service
└─6303 /usr/sbin/named -u named -c /etc/named.confConfigure Master BIND DNS on CentOS 9|AlmaLinux 9|RHEL 9
Ensure you can Ping your server by hostname, If not add it to your hosts’ file
sudo vi /etc/hostsAdd your domain name.
192.168.200.40 dns.technxleo.comSave and exit the file.
Create a backup of the original configuration file.
sudo cp /etc/named.conf /etc/named.conf.origOpen the file with your preferred text editor.
sudo vi /etc/named.confNow edit the configuration file with the following edits. Edit the listen-on, listen-on-v6, and directory lines as shown below. You can also add Access Control Lists (ACL) that define host groups that are permitted to access the name server.
acl clients {192.168.200.0/24;};
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";Set the allow-query to your network address to allow IP on the network to access the server.
allow-query { localhost; clients; };
allow-recursion { localhost; clients; };We are going to create a zone file in the directory /etc/named/Zfile.zones. thus we can include it in the configuration file as follows.
include "/etc/named/Zfile.zones";Save and exit the file.
Create Zone Entries
DNS zone is a portion of the DNS namespace that is managed by a specific organization or administrator. All the Zone configurations are stored in a DNS zone file.
Create a new zones file to add the configuration.
sudo vi /etc/named/Zfile.zonesAdd the following to the file. Note the domain names should match yours.
//forward zone
zone "technxleo.com" IN {
type master;
file "technxleo.com.zone";
allow-update { none; };
};
//backward zone
zone "200.168.192.in-addr.arpa" IN {
type master;
file "technxleo.com.rzone";
};Save and exit the file. The file contains configurations for the forward and backward zone entries.
- technxleo.com is the domain name for which the server looks up the IP address.
- type shows the type of the server.
- technxleo.com.zone is the Foward lookup database file.
- 200.168.192.in-addr.arpa is the reverse lookup name – this essentially does the opposite of the forward lookup.
- technxleo.com.rzone is the reverse lookup database file.
Creating Zone Files
We will first create the forward zone database file in the /var/named/ directory.
sudo vi /var/named/technxleo.com.zoneAdd the following entries. The times of units are most of the time specified in seconds. However, they can be appended in abbreviations that specify the units of time. For example, M for Minutes, H for hours, D for Days, and W for weeks.
$TTL 86400
@ IN SOA dns.technxleo.com. admin.technxleo.com (
42 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
;
IN NS dns.technxleo.com.
dns IN A 192.168.200.40
station1 IN A 192.168.200.41
station2 IN A 192.168.200.42Create the backward zone database file in the /var/named/ directory.
sudo vi /var/named/technxleo.com.rzoneAppend the following entries. The times are specified in seconds.
$TTL 86400
@ IN SOA dns.technxleo.com. root.technxleo.com. (
1997022700 ; serial
28800 ; refresh
14400 ; retry
3600000 ; expire
86400 ;minimum
)
IN NS dns.technxleo.com.
;
101 IN PTR station1.technxleo.com.
102 IN PTR station2.technxleo.com.The entries in the configuration file stand for the following.
- TTL stands for time-to-live of the Resource record. It is an integer unit in seconds used by resolvers when they cache resource records.
- @ the at-sign represents the current origin
- SOA stands for the State of Authority. It is a type of record that stores important information about a domain.
- IN stands for Internet
- Serial is the serial number of the zone. It is the version number of the SOA record.
- Refresh is the amount of time (in seconds) the secondary server waits to ask the primary server for the SOA record update.
- Retry is the amount of time a serve waits to ask an unresponsive primary server for data again.
- Expire is the amount of time a secondary server waits to get a response from a primary server before it stops responding to queries from the zone.
- Minimum is the amount of time a nameserver should cache a negative response.
- NS is the nameserver record that indicates which DNS server is authoritative for that domain
- A record stands for an ‘address’ that indicates the IPv4 address of a given domain.
- PTR record id the Pointer record that provides the domain name associated with the given IP address.
Set secure permissions on the zone files
sudo chown root:named /var/named/technxleo.com.zone /var/named/technxleo.com.rzone
sudo chmod 640 /var/named/technxleo.com.zone /var/named/technxleo.com.rzoneRestart the BIND service
sudo systemctl restart namedVerify the validity of the configuration. If it is correct, it should return nothing.
sudo named-checkconf /etc/named.confVerify the forward zone file.
$ sudo named-checkzone technxleo.com /var/named/technxleo.com.zone
zone technxleo.com/IN: loaded serial 42
OKVerify the backward zone file
$ named-checkzone 200.168.192.in-addr.arpa /var/named/technxleo.com.rzone
zone 200.168.192.in-addr.arpa/IN: loaded serial 1997022700
OKGather the DNS configuration using the dig command.
$ dig @localhost dns.technixleo.com
; <<>> DiG 9.16.23-RH <<>> @localhost dns.technixleo.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57892
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 233795accfff5dd80100000062bc582ba5f199525fcdcac3 (good)
;; QUESTION SECTION:
;dns.technixleo.com. IN A
;; AUTHORITY SECTION:
technixleo.com. 3600 IN SOA bart.ns.cloudflare.com. dns.cloudflare.com. 2281833404 10000 2400 604800 3600
;; Query time: 440 msec
;; SERVER: ::1#53(::1)
;; WHEN: Wed Jun 29 16:48:27 EAT 2022
;; MSG SIZE rcvd: 151Other DNS records
DNS records are instructions in the DNS servers that provide information about a domain, including the IP addresses. In this guide, we have used the SOA, A, NS, and PTR records. Other records include;
- AAAA record – contains the IPv6 records of a domain.
- MX record – stands for Mail Excahnge. It directs emails to an email server. They control the delivery of emails.
- CNAME record – stands for Canonical Name. It forwards one domain to another domain without the IP address.
- SRV record – stands for service. It specifies ports for specific services like VoIP.
- TXT record – admin stores text notes in the record.
Conclusion
From this guide, we have Configured Master BIND DNS on CentOS 9|AlmaLinux 9|RHEL 9. BIND’s stability allows it to be used in millions of production DNS Servers for operation. It has good platform support for Linux, macOS, Windows, OpenBSD, and FreeBSD. It is free upfront and has large community support that provides a global knowledge base.
More on RHEL 9:
- Install Docker Compose on CentOS 9 / AlmaLinux 9 / RHEL 9
- Install MongoDB on CentOS 9 / AlmaLinux 9 / RHEL 9
- Configure NFS Server on CentOS 9/AlmaLinux 9/RHEL 9
- Install Podman and Buildah on RHEL 9 / CentOS 9 / AlmaLinux 9
Hi Ann,
wrong:
//forward zone
zone “dns.technxleo.com” IN {
…..
correct:
zone “technxleo.com” IN {
done