All devices connected to the internet contain Unique IP Addresses that assist in communicating with each other. These IP addresses come in numbers like 192.168.0.0 for IPv4 and 2400:cb00:2048:1::c629:d7a2 for IPv6. Humans find it easy to remember names than IP addresses while devices use these IP addresses to communicate. To curb this, this is where DNS comes in. DNS which stands for Domain Name System resolves human-readable names referred to as domain names such as technixleo.com to a machine-readable IP address.

BIND DNS

BIND which stands for Berkeley Internet Name Domain is a type of DNS server that is free and open source. It enables you to publish DNS information on the internet and resolve DNS queries for users. BIND is among the first, oldest, and most commonly deployed solutions that most network engineers are familiar with. BIND has a list of components that include, Name server, Lightweight resolver, and Name Server tools.

Some of the features of BIND DNS include;

  • Recursive DNS – Fetch data from DNS servers on behalf of DNS clients.
  • Dynamic update – add or delete records on primary servers automatically without any specific kind of message.
  • Authoritative DNS – publishes DNS records under the Servers Authoritative control.
  • Split DNS – set up different views of the DNS space to internal and external resolvers.
  • DNS Notify – allows primary DNS servers to inform secondary servers in case of a change in zone data.
  • DNS Security Extensions (DNSSE) – cryptographically sign and verify authoritative data on caching server.
  • Transaction SIGnatures (TSIG) – cryptographically sign DNS messages.

BIND is customizable and lets you create your custom tools with Perl or Python. It also has a large support community with a vast knowledge base for troubleshooting. You can also tailor BIND to fit your organization’s requirements.

This guide will show you how to Configure Master BIND DNS on CentOS 9|AlmaLinux 9|RHEL 9 systems.

Install BIND DNS on CentOS 9|AlmaLinux 9|RHEL 9

Update your system packages.

sudo dnf update -y

Install BIND and its utilities.

sudo dnf install bind bind-utils

Start and enable the named service.

sudo systemctl enable --now named

Check for the status of the service.

$ systemctl status named
 named.service - Berkeley Internet Name Domain (DNS)
     Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor pre>
     Active: active (running) since Wed 2022-06-29 13:48:57 EAT; 19s ago
    Process: 6300 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == >
    Process: 6302 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (>
   Main PID: 6303 (named)
      Tasks: 6 (limit: 48809)
     Memory: 34.4M
        CPU: 66ms
     CGroup: /system.slice/named.service
             └─6303 /usr/sbin/named -u named -c /etc/named.conf

Configure Master BIND DNS on CentOS 9|AlmaLinux 9|RHEL 9

Ensure you can Ping your server by hostname, If not add it to your hosts’ file

sudo vi /etc/hosts

Add your domain name.

192.168.200.40   dns.technxleo.com

Save and exit the file.

Create a backup of the original configuration file.

sudo cp /etc/named.conf /etc/named.conf.orig

Open the file with your preferred text editor.

sudo vi /etc/named.conf

Now edit the configuration file with the following edits. Edit the listen-on, listen-on-v6, and directory lines as shown below. You can also add Access Control Lists (ACL) that define host groups that are permitted to access the name server.

acl clients {192.168.200.0/24;};

options {
        listen-on port 53 { any; };

        listen-on-v6 port 53 { any; };

        directory       "/var/named";

Set the allow-query to your network address to allow IP on the network to access the server.

allow-query { localhost; clients; };
allow-recursion { localhost; clients; };

We are going to create a zone file in the directory /etc/named/Zfile.zones. thus we can include it in the configuration file as follows.

include "/etc/named/Zfile.zones";

Save and exit the file.

Create Zone Entries

DNS zone is a portion of the DNS namespace that is managed by a specific organization or administrator. All the Zone configurations are stored in a DNS zone file.

Create a new zones file to add the configuration.

sudo vi /etc/named/Zfile.zones

Add the following to the file. Note the domain names should match yours.

//forward zone
zone "technxleo.com" IN {
        type master;
        file "technxleo.com.zone";
        allow-update { none; };
};

//backward zone
zone "200.168.192.in-addr.arpa" IN {
        type master;
        file "technxleo.com.rzone";

};

Save and exit the file. The file contains configurations for the forward and backward zone entries.

  • technxleo.com is the domain name for which the server looks up the IP address.
  • type shows the type of the server.
  • technxleo.com.zone is the Foward lookup database file.
  • 200.168.192.in-addr.arpa is the reverse lookup name – this essentially does the opposite of the forward lookup.
  • technxleo.com.rzone is the reverse lookup database file.

Creating Zone Files

We will first create the forward zone database file in the /var/named/ directory.

sudo vi /var/named/technxleo.com.zone

Add the following entries. The times of units are most of the time specified in seconds. However, they can be appended in abbreviations that specify the units of time. For example, M for Minutes, H for hours, D for Days, and W for weeks.

$TTL    86400
@	 IN	SOA	dns.technxleo.com.	admin.technxleo.com (
		42         ; serial
		3H         ; refresh
		15M        ; retry
		1W         ; expiry
		1D )       ; minimum
;
	           IN NS	      dns.technxleo.com.

dns               IN A            192.168.200.40
station1        IN A            192.168.200.41
station2        IN A            192.168.200.42

Create the backward zone database file in the /var/named/ directory.

sudo vi /var/named/technxleo.com.rzone

Append the following entries. The times are specified in seconds.

$TTL    86400
@	IN	SOA	dns.technxleo.com.	root.technxleo.com. (
		1997022700    ; serial
		28800             ; refresh
		14400             ; retry
		3600000         ; expire
		86400             ;minimum
)
	  IN	    NS      dns.technxleo.com.
;
101     IN      PTR     station1.technxleo.com.
102     IN      PTR     station2.technxleo.com.

The entries in the configuration file stand for the following.

  • TTL stands for time-to-live of the Resource record. It is an integer unit in seconds used by resolvers when they cache resource records.
  • @ the at-sign represents the current origin
  • SOA stands for the State of Authority. It is a type of record that stores important information about a domain.
  • IN stands for Internet
  • Serial is the serial number of the zone. It is the version number of the SOA record.
  • Refresh is the amount of time (in seconds) the secondary server waits to ask the primary server for the SOA record update.
  • Retry is the amount of time a serve waits to ask an unresponsive primary server for data again.
  • Expire is the amount of time a secondary server waits to get a response from a primary server before it stops responding to queries from the zone.
  • Minimum is the amount of time a nameserver should cache a negative response.
  • NS is the nameserver record that indicates which DNS server is authoritative for that domain
  • A record stands for an ‘address’ that indicates the IPv4 address of a given domain.
  • PTR record id the Pointer record that provides the domain name associated with the given IP address.

Set secure permissions on the zone files

sudo chown root:named /var/named/technxleo.com.zone /var/named/technxleo.com.rzone
sudo chmod 640 /var/named/technxleo.com.zone /var/named/technxleo.com.rzone

Restart the BIND service

sudo systemctl restart named

Verify the validity of the configuration. If it is correct, it should return nothing.

sudo named-checkconf /etc/named.conf

Verify the forward zone file.

$ sudo named-checkzone technxleo.com /var/named/technxleo.com.zone
zone technxleo.com/IN: loaded serial 42
OK

Verify the backward zone file

$ named-checkzone 200.168.192.in-addr.arpa /var/named/technxleo.com.rzone

zone 200.168.192.in-addr.arpa/IN: loaded serial 1997022700
OK

Gather the DNS configuration using the dig command.

$ dig @localhost dns.technixleo.com

; <<>> DiG 9.16.23-RH <<>> @localhost dns.technixleo.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57892
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 233795accfff5dd80100000062bc582ba5f199525fcdcac3 (good)
;; QUESTION SECTION:
;dns.technixleo.com.		IN	A

;; AUTHORITY SECTION:
technixleo.com.		3600	IN	SOA	bart.ns.cloudflare.com. dns.cloudflare.com. 2281833404 10000 2400 604800 3600

;; Query time: 440 msec
;; SERVER: ::1#53(::1)
;; WHEN: Wed Jun 29 16:48:27 EAT 2022
;; MSG SIZE  rcvd: 151

Other DNS records

DNS records are instructions in the DNS servers that provide information about a domain, including the IP addresses. In this guide, we have used the SOA, A, NS, and PTR records. Other records include;

  • AAAA record – contains the IPv6 records of a domain.
  • MX record – stands for Mail Excahnge. It directs emails to an email server. They control the delivery of emails.
  • CNAME record – stands for Canonical Name. It forwards one domain to another domain without the IP address.
  • SRV record – stands for service. It specifies ports for specific services like VoIP.
  • TXT record – admin stores text notes in the record.

Conclusion

From this guide, we have Configured Master BIND DNS on CentOS 9|AlmaLinux 9|RHEL 9. BIND’s stability allows it to be used in millions of production DNS Servers for operation. It has good platform support for Linux, macOS, Windows, OpenBSD, and FreeBSD. It is free upfront and has large community support that provides a global knowledge base.

More on RHEL 9:

2 COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here