How to use bind to set up DNS server

DNS (Domain Name Server) is a server that converts domain names and their corresponding IP addresses.

The Domain Name System, more commonly known as DNS, is the system that translates or converts a domain name into the IP address associated with that domain. DNS is what allows you to find your favorite websites by name rather than typing an IP address into your browser. This guide will show you how to configure a primary DNS system and clients.

Here are the system details used in the examples in this article:

dns01.fedora.local (192.168.1.160) - Primary DNS Server client.fedora.local (192.168.1.136) - Client

DNS server configuration

Install the bind package using sudo:

$ sudo dnf install bind bind-utils -y

The bind package provides the /etc/named.conf configuration file for you to configure the DNS server.

Edit the /etc/named.conf file:

sudo vi /etc/named.conf

Find the following line:

listen-on port 53 { 127.0.0.1; };

Add the IP address of the primary DNS server as follows:

listen-on port 53 { 127.0.0.1; 192.168.1.160; };

Find the following line:

allow-query { localhost; };

Add the local network range. This example system uses IP addresses in the 192.168.1.X range. Specify as follows:

allow-query { localhost; 192.168.1.0/24; };

Specify forward and reverse zones. A zone file is a text file that has DNS information for your system, such as IP addresses and host names. The forward zone file makes it possible to convert host names into IP addresses. The reverse zone file is the opposite. It allows remote systems to convert IP addresses to host names.

Look for the following line at the bottom of the /etc/named.conf file:

include "/etc/named.rfc1912.zones";

From here, you will specify the zone file information just above the line, like this:

zone "dns01.fedora.local" IN {
 type master;
 file "forward.fedora.local";
 allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
 type master;
 file "reverse.fedora.local";
 allow-update { none; };
};

The forward.fedora.local 和reverse.fedora.local files are the names of the zone files to be created. They can be any names.

Save and exit.

Creating a Zone File

Create the forward and reverse zone files you specified in the /etc/named.conf file:

$ sudo vi /var/named/forward.fedora.local

Add the following lines:

$TTL 86400
@ IN SOA dns01.fedora.local. root.fedora.local. (
 2011071001 ;Serial
 3600 ;Refresh
 1800 ;Retry
 604800 ;Expire
 86400 ;Minimum TTL
)
@ IN NS dns01.fedora.local.
@ IN A 192.168.1.160
dns01 IN A 192.168.1.160
client IN A 192.168.1.136

Everything in bold is specific to your environment. Save the file and exit. Next, edit the reverse.fedora.local file:

$ sudo vi /var/named/reverse.fedora.local

Add the following lines:

$TTL 86400
@ IN SOA dns01.fedora.local. root.fedora.local. (
 2011071001 ;Serial
 3600 ;Refresh
 1800 ;Retry
 604800 ;Expire
 86400 ;Minimum TTL
)
@ IN NS dns01.fedora.local.
@ IN PTR fedora.local.
dns01 IN A 192.168.1.160
client IN A 192.168.1.136
160 IN PTR dns01.fedora.local.
136 IN PTR client.fedora.local.

Everything in bold is specific to your environment. Save the file and exit.

You will also need to configure SELinux and add the correct ownership to the configuration files.

sudo chgrp named -R /var/named
sudo chown -v root:named /etc/named.conf
sudo restorecon -rv /var/named
sudo restorecon /etc/named.conf

Configure the firewall:

sudo firewall-cmd --add-service=dns --perm
sudo firewall-cmd --reload

Check the configuration for syntax errors

sudo named-checkconf /etc/named.conf

If there is no output or errors returned, then your configuration is valid.

Check the forward and reverse zone files.

$ sudo named-checkzone forward.fedora.local /var/named/forward.fedora.local
$ sudo named-checkzone reverse.fedora.local /var/named/reverse.fedora.local

You should see an "OK" response:

zone forward.fedora.local/IN: loaded serial 2011071001 OK zone reverse.fedora.local/IN: loaded serial 2011071001 OK

Enable and start the DNS service

$ sudo systemctl enable named
$ sudo systemctl start named

Configure the resolv.conf file

Edit the /etc/resolv.conf file:

$ sudo vi /etc/resolv.conf

Find your current nameserver line. On the example system, I use my modem/router to act as a name server, so it currently looks like this:

nameserver 192.168.1.1

This needs to be changed to the IP address of your primary DNS server:

nameserver 192.168.1.160

Save changes and exit.

Unfortunately one thing to note is this. If the system is rebooted or the network is restarted, NetworkManager will overwrite the /etc/resolv.conf file. This means you will lose all changes you made.

To prevent this from happening, make /etc/resolv.conf immutable:

$ sudo chattr +i /etc/resolv.conf

If you want to reset it, you need to allow it to be overwritten again:

$ sudo chattr -i /etc/resolv.conf

Testing DNS Servers

$ dig fedoramagazine.org
; <<>> DiG 9.11.13-RedHat-9.11.13-2.fc30 <<>> fedoramagazine.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8391
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 6
;; OPT PSEUDOSECTION:
 ; EDNS: version: 0, flags:; udp: 4096
 ; COOKIE: c7350d07f8efaa1286c670ab5e13482d600f82274871195a (good)
 ;; QUESTION SECTION:
 ;fedoramagazine.org. IN A
;; ANSWER SECTION:
 fedoramagazine.org. 50 IN A 35.197.52.145
;; AUTHORITY SECTION:
 fedoramagazine.org. 86150 IN NS ns05.fedoraproject.org.
 fedoramagazine.org. 86150 IN NS ns02.fedoraproject.org.
 fedoramagazine.org. 86150 IN NS ns04.fedoraproject.org.
;; ADDITIONAL SECTION:
 ns02.fedoraproject.org. 86150 IN A 152.19.134.139
 ns04.fedoraproject.org. 86150 IN A 209.132.181.17
 ns05.fedoraproject.org. 86150 IN A 85.236.55.10
 ns02.fedoraproject.org. 86150 IN AAAA 2610:28:3090:3001:dead:beef:cafe:fed5
 ns05.fedoraproject.org. 86150 IN AAAA 2001:4178:2:1269:dead:beef:cafe:fed5
 ;; Query time: 830 msec
 ;; SERVER: 192.168.1.160#53(192.168.1.160)
 ;; WHEN: Mon Jan 06 08:46:05 CST 2020
 ;; MSG SIZE rcvd: 266

There are a few things to check to verify that your DNS server is functioning properly. Obviously, getting results is important, but that in itself does not mean that the DNS server is actually working properly.

The QUERY, ANSWER, and AUTHORITY fields at the top should show non-zero, as in our example:

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 6

And the SERVER field should have the IP address of your DNS server:

;; SERVER: 192.168.1.160#53(192.168.1.160)

If this is your first time running the dig command, notice that it takes 830 milliseconds to complete the query:

;; Query time: 830 msec

If you run it again, the query will be much faster:

$ dig fedoramagazine.org
;; Query time: 0 msec
;; SERVER: 192.168.1.160#53(192.168.1.160)

Client Configuration

Client configuration will be much simpler.

Install the bind program:

$ sudo dnf install bind-utils -y

Edit the /etc/resolv.conf file and configure the primary DNS as the only name server:

$ sudo vi /etc/resolv.conf

It looks like this:

nameserver 192.168.1.160

Save changes and exit. Then, make the /etc/resolv.conf file immutable to prevent it from being overwritten and return to the default settings:

$ sudo chattr +i /etc/resolv.conf

Testing the Client

You should get the same results as with your DNS server:

$ dig fedoramagazine.org
; <<>> DiG 9.11.13-RedHat-9.11.13-2.fc30 <<>> fedoramagazine.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8391
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 6
;; OPT PSEUDOSECTION:
 ; EDNS: version: 0, flags:; udp: 4096
 ; COOKIE: c7350d07f8efaa1286c670ab5e13482d600f82274871195a (good)
 ;; QUESTION SECTION:
 ;fedoramagazine.org. IN A
;; ANSWER SECTION:
 fedoramagazine.org. 50 IN A 35.197.52.145
;; AUTHORITY SECTION:
 fedoramagazine.org. 86150 IN NS ns05.fedoraproject.org.
 fedoramagazine.org. 86150 IN NS ns02.fedoraproject.org.
 fedoramagazine.org. 86150 IN NS ns04.fedoraproject.org.
;; ADDITIONAL SECTION:
 ns02.fedoraproject.org. 86150 IN A 152.19.134.139
 ns04.fedoraproject.org. 86150 IN A 209.132.181.17
 ns05.fedoraproject.org. 86150 IN A 85.236.55.10
 ns02.fedoraproject.org. 86150 IN AAAA 2610:28:3090:3001:dead:beef:cafe:fed5
 ns05.fedoraproject.org. 86150 IN AAAA 2001:4178:2:1269:dead:beef:cafe:fed5
 ;; Query time: 1 msec
 ;; SERVER: 192.168.1.160#53(192.168.1.160)
 ;; WHEN: Mon Jan 06 08:46:05 CST 2020
 ;; MSG SIZE rcvd: 266

Make sure SERVER outputs the IP address of your DNS server.

Your DNS server settings are complete, now all requests from clients will go through your DNS server!

Why build a simple DNS server?

(1) When the external DNS crashes, such as what happened with Stormgate, we can use our own DNS for emergency response

(2) Provide internal IP address resolution for intranet websites, or implement dual-line resolution

(3) When your ISP restricts secondary domain names and advanced management features, you need to build your own DNS server to meet your needs

(4) Avoid DNS hijacking

（5）Integration with other solutions

Summarize

This is the end of this article about using bind to set up DNS server. For more related bind dns server content, please search 123WORDPRESS.COM's previous articles or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future!