Setting Up Bind As a Private DNS Server on RHEL 8

The Domain Name System (DNS) is a method used to translate human-readable domain names (or Fully Qualified Domain Names (FQDN)) to machine-readable IP addresses, to locate a computer in a network such as the Internet.

In computer and network systems, this is necessary because, although the FQDNs are easy for humans to remember and use, computers (clients) access resources or services on other computers (servers) based on IP addresses.

In this regard, a DNS server (also known as a name server) maintains a directory of FQDNs and translates them to IP addresses; it can also return an IP address when a hostname/FQDN is provided. There are different types of DNS servers including authoritative name server, caching name server and many others.

In this article, we will walk you through the steps to install and configure a private/internal, authoritative DNS server on RHEL 8 using BIND open source software.

Requirements:

  1. RHEL 8 with Minimal Installation
  2. RHEL 8 with RedHat Subscription Enabled
  3. RHEL 8 with Static IP Address

My Testing Environment:

Domain: tecmint.lan
DNS Server IP and hostname: 192.168.56.100, dns-primary.tecmint.lan
DNS Client IP and hostname: 192.168.56.104, tecmint.tecmint.lan

Step 1: Installing Bind DNS on RHEL 8

1. To install bind and its utilities on your server, run the following cdnf command.

# dnf install bind bind-utils
Install Bind on RHEL 8

Install Bind on RHEL 8

2. Next, start the DNS service for now, then enable it to auto-start at system boot and check if it is up and running using the systemctl commands.

# systemctl start named
# systemctl enable named
# systemctl status named
Start Bind Server on RHEL 8

Start Bind Server on RHEL 8

Step 2: Configuring BIND DNS on RHEL 8

3. To configure Bind DNS server, first you need to take a backup of the original configuration file /etc/named.conf using following cp command.

# cp /etc/named.conf /etc/named.conf.orig

4. Now open /etc/named.conf configuration file for editing using your favorite command line text editor as follows.

# vi /etc/named.conf 

Under the options configuration section, comment out the following lines.

options {
        #listen-on port 53 { 127.0.0.1; };
        #listen-on-v6 port 53 { ::1; };
        directory       "/var/named";

5. Next, look for the allow-query parameter and set its value to your network, which means that only hosts on your local network can query the DNS server.

allow-query  {localhost; 192.168.56.0/24}

Step 3: Creating the Forward and Reverse DNS Zones

A Forward Zone is where the hostname (or FQDN) to IP address relations are stored; it returns an IP address using the hostname. Note that normal DNS queries are forward lookup queries. On the other hand, a Reverse Zone returns the FQDN of a host based on its IP address.

6. To define the forward and reverse zones, add the following lines at the end of the /etc/named.conf file.

//forward zone 
zone "tecmint.lan" IN { 
     type master; 
     file "tecmint.lan.db"; 
     allow-update { none; }; 
    allow-query {any; }
}; 
//backward zone 
zone "56.168.192.in-addr.arpa" IN { 
     type master; 
     file "tecmint.lan.rev"; 
     allow-update { none; }; 
    allow-query { any; }
};

Let’s briefly explain the options in the above zone configurations:

  • type: Defines the role of this server for the zone. The value “master” means it’s an authoritative server where the master copy of the zone data is maintained.
  • file: specifies the zone’s database file.
  • allow-update: specifies the hosts which allowed to submit Dynamic DNS updates for master zones. None in this case.

Step 4: Creating Forward DNS Zone File

7. First, create a Forward zone file under the /var/named directory.

# vi /var/named/tecmint.lan.db

Add the following configuration in it.

$TTL 86400
@ IN SOA dns-primary.tecmint.lan. admin.tecmint.lan. (
    2019061800 ;Serial
    3600 ;Refresh
    1800 ;Retry
    604800 ;Expire
    86400 ;Minimum TTL
)

;Name Server Information
@ IN NS dns-primary.tecmint.lan.

;IP for Name Server
dns-primary IN A 192.168.56.100

;A Record for IP address to Hostname 
www IN A 192.168.56.5
mail IN A 192.168.56.10
docs  IN A 192.168.56.20
Forward DNS Zone File

Forward DNS Zone File

Let’s briefly explain the above zone definition and the parameters.

  • TTL: specifies the time-to-live of the RR and $TTL directive gives a default TTL for every RR without a specific TTL set.
  • @: It is an alias for the domain name (e.g tecmint.lan) defined in the main configuration file.
  • IN: means the Internet.
  • SOA: specifies the Start of Authority: who the authoritative name server is (dns-primary.tecmint.lan), the administrator’s contact info (admin.tecmint.lan, the @ sign is replaced by a period) and other related information.
  • NS: means name server.
  • Serial: this value is used by the DNS server to verify that the contents of a particular zone file are up-to-date.
  • Refresh: specifies how often a slave DNS server should perform a zone transfer from the master.
  • Retry: specifies how often a slave should retry a failed zone transfer.
  • Expire: determines how long a slave server should wait before answering client query when a master is unreachable.
  • Minimum: sets the minimum TTL for the zone.
  • A: A host address.

Step 5: Creating Reverse DNS Zone File

8. Similary, create a Reverse zone file under the /var/named directory.

# vi /var/named/tecmint.lan.rev

Then add the following lines in it. Here, the PTR is the opposite of A record used to map an IP address to a hostname.

$TTL 86400
@ IN SOA dns-primary.tecmint.lan. admin.tecmint.lan. (
    2019061800 ;Serial
    3600 ;Refresh
    1800 ;Retry
    604800 ;Expire
    86400 ;Minimum TTL
)
;Name Server Information
@ IN NS dns-primary.tecmint.lan.

;Reverse lookup for Name Server
100 IN PTR dns-primary.tecmint.lan.

;PTR Record IP address to HostName
5 IN PTR www.tecmint.lan.
10 IN PTR mail.tecmint.lan.
20 IN PTR docs.tecmint.lan.
Reverse DNS Zone File

Reverse DNS Zone File

9. Set the correct ownership permissions on the zone files as follows.

# chown :named /var/named/tecmint.lan.db
# chown :named /var/named/tecmint.lan.rev

10. Finally, check the DNS configuration and the zone files has the correct syntax after making the above changes, using the named-checkconf utility (no out means no error):

# named-checkconf
# named-checkzone tecmint.lan /var/named/tecmint.lan.db
# named-checkzone 192.168.56.100 /var/named/tecmint.lan.rev
Check DNS Configuration for Errors

Check DNS Configuration for Errors

11. Once you have performed all the necessary configuration, you need to restart the DNS service for the recent changes to take effect.

# systemctl restart named

12. Next, before any clients can access the DNS service configurations on the server, you need to add the DNS service in the system firewall config and reload the firewall settings using the firewall-cmd utility, as follows:

# firewall-cmd --permanent --zone=public --add-service=dns 
# firewall-cmd --reload

Step 6: Testing DNS Service From a Client

13. In this section, we will show how to test the DNS service from a client side. Log into the client machine, configure it to use the above DNS server. On a Linux system, open the file /etc/resolve.conf using your favorite text editor.

# vi /etc/resolve.conf 

Add the following entry in it, which tells the resolver to use the specified nameserver.

nameserver  192.168.56.100

Save the file and close it. Note that you also have to specify the DNS server in the network interface configuration file.

14. Add the DNS servers IP 192.168.56.100 as resolver to the client machine network interface configuration file /etc/sysconfig/network-scripts/ifcfg-enp0s3 as shown in the following figure.

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp0s3
UUID=aba298ca-fa65-48cd-add9-6c3f1f28cee2
DEVICE=enp0s3
ONBOOT=no
DNS=192.168.56.100

15. Then use the nslookup utility to query the IP using the hostname and vise versa, of the www, mail and docs servers in your network as shown.

# nslookup 192.168.56.5
# nslookup www.tecmint.lan
# nslookup 192.168.56.10
# nslookup mail.tecmint.lan
# nslookup 192.168.56.20
# nslookup docs.tecmint.lan
# nslookup 192.168.56.100
# nslookup dns-primary.tecmint.lan
Check DNS Server Queries

Check DNS Server Queries

Summary

In this article, we have shown how to install and configure a private, authoritative DNS server on RHEL 8 using BIND software. We hope everything worked fine for you, otherwise, send us your queries or any other comments via the feedback form below.

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Aaron Kili

Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.