How to Setup DNS Server (Bind) on CentOS 8 / RHEL8

Developed in the 80’s by students at Berkeley University, BIND (Berkeley Internet Name Domain) is an open source DNS server that provides DNS services on Linux distributions. So, what is a DNS server ? A DNS server is a service that helps to resolve a fully qualified domain name (FQDN) into an IP address and additionally, perform a reverse translation- translation of an IP address to a user-friendly domain name.

Why is name resolution important? Well, computers locate services on servers using IP addresses. However, IP addresses are not as user-friendly as domain names and it would be a big headache trying to remember each IP address that is associated with every domain name. A DNS server steps in and helps to resolve these domain names to computer IP addresses.

This guide walks you through the process of setting up a DNS bind server on CentOS 8 / RHEL 8.

Lab setup:

  • Server :            CentOS 8 (minimal server)
  • IP address :    192.168.43.35
  • Hots Name :   dns-primary.linuxtechi.local
  • Domain :         linuxtechi.local

Let’s now hit the ground running with the configuration of the DNS bind server.

Step 1: Install bind DNS on CentOS 8 / RHEL 8

We begin with the installation of the bind and bind-utils package. These packages constitutes dns server and its utilities responsible for querying name servers or DNS servers.

Execute the command:

# dnf install bind bind-utils

Install-bind-centos8

Once successfully installed, start the DNS server using the command below:

# systemctl start named

Next, enable it so that it can kick in even after a reboot

# systemctl enable named

Just to be sure that the service is running as expected, check its status

# systemctl status named

Start-Enable-Bind-CentOS8-RHEL8

Great, the DNS server is running just perfectly. Now let’s jump into configuring the Bind DNS server

Step 2:  Configure bind DNS server

Usually, best practice recommends making a backup of a configuration file before making any changes. This is so that should anything go wrong, we can always revert to the original unedited file. And it’s no different here.

Let’s take a backup of the config file  /etc/named.conf

# cp /etc/named.conf  /etc/named.bak

Now go ahead and open the file using your preferred text editor. In this case, we’re using vim editor.

# vim /etc/named.conf

Under the ‘Options’  section, ensure you comment out the lines indicated below to enable the Bind DNS server to listen to all IPs.

// listen-on port 53 { 127.0.0.1; }; 
// listen-on-v6 port 53 { ::1; };

Additionally, locate the allow-query parameter and adjust it according to your network subnet.

allow-query { localhost; 192.168.43.0/24; };

Edit-named-conf-centos8

This setting allows only the hosts in the defined network to access the DNS server and not just any other host.

A forward lookup DNS zone is one that stores the host name ip address relationship. When queried, it gives the IP address of the host system using the host name. In contrast, the reverse DNS zone returns the Fully Qualified Domain Name (FQDN) of the server in relation to it’s IP address.

To define the reverse and forward lookup zones, copy and paste the following configuration at the end of /etc/named.conf

//forward zone
zone "linuxtechi.local" IN {
     type master;
     file "linuxtechi.local.db";
     allow-update { none; };
     allow-query { any; };
};

//backward zone
zone "43.168.192.in-addr.arpa" IN {
     type master;
     file "linuxtechi.local.rev";
     allow-update { none; };
     allow-query { any; };
};

forward-reverse-zone-file-bind-centos8

  • type: Stipulates the role of the server for a particular zone. the attribute ‘master’ implies that this is an authoritative server.
  • file: Points to the forward / reverse zone file of the domain.
  • allow-update: This attribute defined the host systems which are permitted to forward Dynamic DNS updates. In this case, we don’t have any.

After saving, exit the /etc/named.conf configuration file.

Step 3: Create a forward DNS zone file for the domain

Create a forward DNS zone file for domain linuxtechi.local as shown below and add the following content

[root@dns-primary ~]# vim /var/named/linuxtechi.local.db
$TTL 86400
@ IN SOA dns-primary.linuxtechi.local. admin.linuxtechi.local. (
                                                2020011800 ;Serial
                                                3600 ;Refresh
                                                1800 ;Retry
                                                604800 ;Expire
                                                86400 ;Minimum TTL
)

;Name Server Information
@ IN NS dns-primary.linuxtechi.local.

;IP Address for Name Server
dns-primary IN A 192.168.43.35

;Mail Server MX (Mail exchanger) Record
linuxtechi.local. IN MX 10 mail.linuxtechi.local.

;A Record for the following Host name
www  IN   A   192.168.43.50
mail IN   A   192.168.43.60

;CNAME Record
ftp  IN   CNAME www.linuxtechi.local.

DNS-Records-Forward-Zone-Bind-CentOS8

Let’s define some of the parameters indicated in the configuration file:

  • TTL: This is short for Time-To-Live. TTL is the duration of time (or hops) that a packet exists in a network before finally being discarded by the router.
  • IN: This implies the Internet.
  • SOA: This is short for the Start of Authority. Basically, it defines the authoritative name server, in this case, dns-primary.linuxtechi.local and contact information – admin.linuxtechi.local
  • NS: This is short for Name Server.
  • A: This is an A record. It points to a domain/subdomain name to the IP Address
  • Serial: This is the attribute used by the DNS server to ensure that contents of a specific zone file are updated.
  • Refresh: Defines the number of times that a slave DNS server should transfer a zone from the master.
  • Retry: Defines the number of times that a slave should retry a non-responsive zone transfer.
  • Expire: Specifies the duration a slave server should wait before responding to a client query when the Master is unavailable.
  • Minimum: This is responsible for setting the minimum TTL for a zone.
  • MX: This is the Mail exchanger record. It specifies the mail server receiving and sending emails
  • CNAME: This is the Canonical Name. It maps an alias domain name to another domain name.
  • PTR: Short for Pointer, this attributes resolves an IP address to a domain name, opposite to a domain name.

Step 4: Create a reverse DNS zone file for the domain

Similarly, we need to create a file for reverse DNS lookups. Paste the following content in the file:

[root@dns-primary ~]# vim /var/named/linuxtechi.local.rev
$TTL 86400
@ IN SOA dns-primary.linuxtechi.local. admin.linuxtechi.local. (
                                            2020011800 ;Serial
                                            3600 ;Refresh
                                            1800 ;Retry
                                            604800 ;Expire
                                            86400 ;Minimum TTL
)
;Name Server Information
@ IN NS dns-primary.linuxtechi.local.
dns-primary     IN      A       192.168.43.35

;Reverse lookup for Name Server
35 IN PTR dns-primary.linuxtechi.local.

;PTR Record IP address to Hostname
50      IN      PTR     www.linuxtechi.local.
60      IN      PTR     mail.linuxtechi.local.

Reverse-Zone-Records-Bind-CentOS-8

Next, assign the necessary file permissions to the two configuration files.

# chown named:named /var/named/linuxtechi.local.db
# chown named:named /var/named/linuxtechi.local.rev

To confirm that the DNS zone lookup files are free from any syntactical errors, run the commands shown:

# named-checkconf
# named-checkzone linuxtechi.local /var/named/linuxtechi.local.db
# named-checkzone 192.168.43.35 /var/named/linuxtechi.local.rev

If there are no errors, you should get the output shown:

Check-Zone-conf-Bind-CentOS8

For the changes to be reflected in the system, restart the Bind DNS server

# systemctl restart named

For client systems to access the system we need to add the DNS service on the firewall and thereafter reload the firewall.

# firewall-cmd  --add-service=dns --zone=public  --permanent
# firewall-cmd --reload

Firewall-rule-bind-centos8

Step 5: Test the Bind DNS server from a client system

Having finalized the configuration on the DNS server, let’s head out to a client machine and perform a few tests.

On a client machine ( CentOS 8 / RHEL 8), open the /etc/resolv.conf file and edit the following parameter:

nameserver 192.168.43.35

As always, save & close the configuration file.

Lastly, you need to append the Bind DNS server’s IP address to the /etc/sysconfig/network-scripts/ifcfg-enp0s3 file as shown.

add-dns-server-ip-centos8-interface

Save and close the config file and then restart the network manager service to make above change into the effect,

# systemctl restart NetworkManager

Using the nslookup command test the Bind DNS server as shown:

# nslookup dns-primary.linuxtechi.local
# nslookup mail.linuxtechi.local
# nslookup www.linuxtechi.local
# nslookup ftp.linuxtechi.local

nslookup-commands-examples-bind-centos8

# nslookup 192.168.43.35

nslookup-centos8

The output from the nslookup command confirms that the forward DNS lookup is working as expected.

Moreover, you can also use the dig command as shown

# dig dns-primary.linuxtechi.local

dig-command-output-centos8

To perform a reverse DNS lookup, use the dig command as shown:

# dig -x 192.168.43.35

reverse-dns-lookup-dig-command-centos8

Perfect! The reverse DNS lookup is also working as we would expect.

And that wraps up this tutorial. In this guide, we walked you through the installation of a DNS server using Bind on CentOS 8. Give it a try and do not hesitate to send your feedback.

Also Read : How to Setup NFS Server on CentOS 8 / RHEL 8

Share Now!

15 thoughts on “How to Setup DNS Server (Bind) on CentOS 8 / RHEL8”

  1. Thank you for the tutorial. Much appreciated!

    Question, we have 3 old bind servers with webmin running on Debian. We would like to setup new CentOS 8 blind servers and sync over the zones. What steps would you recommend?

    Reply
  2. Thanks, that helped.
    I just had to be aware to edit the named.conf file in /etc/ and the zone files in /var/named/, previously I put the zone files in /etc/named/ and wondered why the service would not start…

    Reply
  3. There are a lot of nonsensical tutorials out there. I have to say this one is the most concise yet accurate site I’ve found. I achieved working DNS without too much issue, but did look for pointers along the way.
    I really wish I would have come across this site right away.

    Reply
  4. Hi,
    I followed each step and configured the DNS-BIND but while doing nslookup from client I am getting below NXDOMAIN error

    [root@nc0521node02 ~]# nslookup test.nokia.local
    Server: 10.10.183.19
    Address: 10.10.183.19#53

    ** server can’t find test.nokia.local: NXDOMAIN

    Can anyone please help to resolve this

    Reply
    • Make sure the IP address of the machine that you setup bind on is 10.19.182.19,
      Make sure the firewall of the machine that you setup bind on has port 53 open,
      double check the entry in your nokia.local.db config file is test IN A 10.10.182.X
      Confirm that you restarted named after making the edits to the config files

      Try doing the the following test on the machine that is running bind and see if you get a correct response
      [root@bindMachine ~]# nslookup
      > server localhost
      > test.nokia.local

      Reply
    • Sorry formatting on the previous post was terrible…. hopefully this one will be better

      Make sure the IP address of the machine that you setup bind on is 10.19.182.19, Make sure the firewall of the machine that you setup bind on has port 53 open, double check the entry in your nokia.local.db config file is test IN A 10.10.182.X Confirm that you restarted named after making the edits to the config files

      Try doing the the following test on the machine that is running bind and see if you get a correct response

      [root@bindMachine ~]# nslookup

      > server localhost

      > test.nokia.local

      Reply
  5. In step 4 each of the PTR records need to end in a trailing .(dot) otherwise the nslookup for the www or mail will respond with the wrong fqdn along the lines of

    # nslookup 192.168.43.50
    50.43.168.192.in-addr.arpa name = ‘www.linuxtechi.local.43.168.192.in-addr.arpa.’

    Reply
  6. if the web and mail server would be in the same pc of the dns would they have the same ip?
    www IN A 192.168.43.50 –>.35
    mail IN A 192.168.43.6 –>.35

    how would the reverse file be?

    I have that doubt

    Reply
  7. but question is how other hosts in network will use this DNS server for name resolution
    setting up just DN S is of no use till we use for name resolution for servers in networks
    how can we do that

    Reply
    • Hi Arun,

      To use the DNS server on client machines, you have to add DNS server IP address (for linux machine you can add it in resolv.conf & on windows machine edit network settings for active NIC and add DNS server ip there)

      Reply
  8. I have been working for come next month for 3 years trying to setup a home server to handle our own websites . So on a spur of the moment type deal i dumped centos 7 and installed centos 8 about 6 times due to errors of the AppStream but finally got it. After words i went on the hunt for help on setting up centos 8 server and came across your tutitorial and it is simply the best that i found in the 3 years i have been working on this project. most everyone else leaves out details that are vital and you have to go on a hunt to try and to find the missing pieces and then you loose track of where you where. thank you for including everything i needed to set my server up. you are greatly appreciated by me for doing such a wonderful job on sharing the right information to help someone like me. again i can’t thank you enough.

    Reply

Leave a Comment