Menu Close
Settings Close

Language and Page Formatting Options

Red Hat Training

A Red Hat training course is available for RHEL 8

Chapter 4. Configuring and managing a BIND DNS server

DNS (Domain Name System) is a distributed database system that associates hostnames with their respective IP addresses. BIND (Berkeley Internet Name Domain) consists of a set of DNS-related programs. It contains a name server called named. The /etc/named.conf is the main configuration file in the BIND configuration. This section focuses on installing, configuring, and managing BIND on the DNS server.

4.1. Installing BIND

The installation of the bind-utils package ensures the BIND utilities are available on the system.

Procedure

  1. Install BIND:

    # yum install bind bind-utils
  2. Enable and start the named service:

    # systemctl enable --now named

Verification steps

  • Verify the status of the named service:

    # systemctl status named

4.2. Configuring BIND as a caching name server

The following procedure demonstrates configuring BIND as a caching name server.

Prerequisites

  • The bind package is installed.

Procedure

  1. Ensure to take backup of the original configuration file.

    # cp /etc/named.conf /etc/named.conf.orig
  2. Edit the /etc/named.conf file with the following changes:

    • In the options section, uncomment the listen-on, listen-on-v6, and directory parameters:

      acl clients {192.0.2.0/24;};
      
      options {
              listen-on port 53 { any; };
      
              listen-on-v6 port 53 { any; };
      
              directory       "/var/named";
    • Set the allow-query parameter to your network address. Only the hosts on your local network can query the DNS server:

          allow-query     { localhost; clients; };
          allow-recursion { localhost; clients; };
          recursion yes;
          allow-update { none; };
          allow-transfer { localhost; };
      };
      
      logging {
              channel default_debug {
                      file "data/named.run";
                      severity dynamic;
              };
      };
    • Use the package shipped file as:

      include "/etc/named.rfc1912.zones";
    • Create an extra include for any custom zone configuration:

      include "/etc/named/example.zones";
  3. Create the /etc/named/example.zones file and add the following zone configuration:

    //forward zone
    zone "example.com" IN {
            type master;
            file "example.com.zone";
    
    };
    
    //backward zone
    zone "2.0.192.in-addr.arpa" IN {
            type master;
            file "example.com.rzone";
    
    };
    • type: It defines the zone’s role of the server.
    • master: It is an authoritative server and maintains the master copy of the zone data.
    • file: It specifies the zone’s database file.
  4. Go to DNS data directory /var/named/:

    # cd /var/named/
    # ls
    
    data    dynamic  named.ca  named.empty    named.localhost    named.loopback  slaves
  5. Create the /var/named/example.com.zone file with your forward zone parameters:

    $TTL    86400
    @	IN	SOA	example.com.	root (
    		42         ; serial
    		3H         ; refresh
    		15M        ; retry
    		1W         ; expiry
    		1D )       ; minimum
    
    	IN	NS	ns.example.com.
    
    ns              IN A            192.0.2.1
    station1        IN A            192.0.2.101
    station2        IN A            192.0.2.102
    station3        IN A            192.0.2.103
  6. Create the /var/named/example.com.rzone file with your reverse zone parameters:

    $TTL    86400
    @	IN	SOA	example.com.	root.example.com. (
    		1997022700 ; serial
    		28800      ; refresh
    		14400      ; retry
    		3600000    ; expire
    		86400 )    ; minimum
    
    	IN	NS	ns.example.com.
    
    101     IN      PTR     station1.example.com.
    102     IN      PTR     station2.example.com.
    103     IN      PTR     station3.example.com.
  7. Set secure permissions on the zone files:

    # chown root:named /var/named/example.com.zone /var/named/example.com.rzone
    # chmod 640 /var/named/example.com.zone /var/named/example.com.rzone
  8. Restart BIND:

    # systemctl restart named

Verification steps

  • Verify the forward zone file:

    # named-checkzone example.com /var/named/example.com.zone
    
    zone example.com/IN: loaded serial xxxxxxx
    OK
  • Verify the reverse zone file:

    # named-checkzone 2.0.192.in-addr.arpa /var/named/example.com.rzone
    
    zone 2.0.192.in-addr.arpa/IN: loaded serial xxxxxxx
    OK
  • Verify the configuration:

    # named-checkconf /etc/named.conf

    If the configuration is correct, the command does not return any output.