Setup Caching-Only DNS Server Using “Bind” in CentOS 6.5

There are several type of DNS servers such as master, slave, forwarding and cache, among them Caching-Only DNS is the one, which is easier to setup. DNS use UDP protocol so it will reduce the query time because UDP protocol does not have an acknowledgement.

Install Caching-Only DNS in CentOS

Setup Caching-Only DNS in CentOS

Read Also: Setup Master-Slave DNS Server in CentOS 6.5

The caching-only DNS server is also known as a resolver. It will query DNS records and get all DNS information from other servers and stores the each query request in its cache for later use. While we are querying same request for the second time, it will serve from its cache, this way it reduces query time.

If you’re looking to setup DNS Caching-Only Server in CentOS/RHEL 7, follow this guide here:

Setting Up Caching-Only DNS Name Server in CentOS/RHEL 7

My Testing Environment
IP Address	:	192.168.0.200
Host-name	:	dns.tecmintlocal.com
OS		:	Centos 6.5 Final
Ports Used	:	53
Config File	:	/etc/named.conf
script file	:	/etc/init.d/named

Step 1: Installing Caching-Only DNS

1. The Caching-Only DNS, can be installed by using package ‘bind‘. Let’s do a small search for the package name if we don’t remember the fill package name using below command.

# yum search bind
Search Bind Package

Search Bind Package

2. In the above result, you see the packages that displayed. From that we need to choose the ‘bind‘ and ‘bind-utils‘ packages, let’s install them using following ‘yum‘ command.

# yum install bind bind-utils -y
Install Caching Only DNS

Install DNS Utils

Step 2: Configure Caching-Only DNS

3. Once, DNS packages are installed, move forward to configure DNS. Open and edit ‘named.conf‘ file using vim editor.

# vim /etc/named.conf

4. Next, make changes as suggested below or you can use your settings as per your requirements. Following are the changes, that we need to do for a caching-only DNS server. Here, by default the localhost will be there, we need to add the ‘any‘ to accept query from any range of network.

listen-on port 53 { 127.0.0.1; any; };
allow-query     { localhost; any; };
allow-query-cache       { localhost; any; };
Configure Caching Only DNS

Configure Caching Only DNS

  1. listen-on port 53 – This say that Cache server want to use the port 53 for query.
  2. allow-query – This Specifies which ip address may query the server, here I have defined for localhost, from anywhere anyone can send query.
  3. allow-query-cache – This will add the query request to the bind.
  4. recursion – This will query the answer and give back to us, during query it may send query to other DNS server over the internet and pull back the query.

5. After editing the file, we have to confirm whether the ‘named.conf‘ files ownership was not changed from root:named, because the DNS runs under a system user named.

# ls -l /etc/named.conf
# ls -l /etc/named.rfc1912.zones

6. If the server enabled with selinux, after editing ‘named.conf‘ file, we need to check for the selinux context, every named config files need to be in “system_u:object_r:named_conf_t:s0” context as shown in the image below.

# ls -lZ /etc/named.conf
# ls -lZ /etc/named.rfc1912.zones

Okay, here we need to test DNS configuration now for some syntax error, before starting the bind service, if any error found some can be traced from /var/messages too.

# named-checkconf /etc/named.conf

After the syntax check results seems perfect, restart the service to take effect for above changes and make the service to run persistent while reboot the server and confirm the same.

# /etc/init.d/named restart
# chkconfig named on
# chkconfig --list named
Configure and Start DNS

Configure and Start DNS

7. Next, open the port 53 on the firewall to allow the access.

# iptables -I INPUT -p udp --dport 53 -j ACCEPT
Iptables Open DNS Port

Iptables Open DNS Port

Step 4: Chroot Caching-Only DNS

8. If you want to run the DNS caching-server under chroot environment, you need to install the chroot package only, no need of further configuration, as it by default hard-link to chroot.

# yum install bind-chroot -y

Once chroot package has been installed, you can restart the named service to take new changes.

# /etc/init.d/named restart

9. Once you restart named service, it automatically create a hard-link from the /etc/named config files to /var/named/chroot/etc/ directory. To confirm, just use the cat command under /var/named/chroot.

# sudo cat /var/named/chroot/etc/named.conf
Chroot Caching Only DNS

Chroot Caching Only DNS

In the above configuration, you will see the same /etc/named.conf configuration, as it will be replaced while installing bind-chroot package.

Step 5: Client Side DNS Setup

10. Add the DNS caching servers IP 192.168.0.200 as resolver to the client machines.

In Debian based machines it will be under /etc/resolv.conf and in RPM based machines it will be under setup command or we can edit manually under /etc/sysconfig/network-scripts/ifcfg-eth0 file.

11. Finally it’s time to check our cache server using some tools. We can test using dig & nslookup commands in Linux systems, and in windows you can use the nslookup command.

Let’s query ‘facebook.com‘ for first time, so that it will cache its query.

# dig facebook.com

Check DNS using Dig

Check DNS using Dig


Now, issue again same query, you will get replied from our cache server till it expires.

# dig facebook.com
Check DNS Cache

Check DNS Cache

Use ‘nslookup‘ command to confirm the same.

# nslookup facebook.com
Check DNS Query Cache

Check DNS Query Cache

To read more about dig and nslookup command examples and usage, use the following links.

  1. 8 nslookup commands and usage
  2. 10 dig commands and usage

Here we have seen how successfully we have setup a DNS caching-only server using bind package and also secured it using chroot package.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

Babin Lonston

I'm Working as a System Administrator for last 10 year's with 4 years experience with Linux Distributions, fall in love with text based operating systems.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

8 Responses

  1. prabhat says:

    Nice doc. After step 2, i see step 4.
    please correct it.

  2. vinci says:

    Why is the zone “.” root hints and the rest of the lines commented out? Isn’t the dns cache server supposed to search recursively, meaning to start with the root hints and then go downwards until it finds the domain? If you comment out the root hints zone, how is it supposed to do that? It would need a forwarders directive.

  3. Nero says:

    thanks for the great info on setting the caching only dns server up with bind! I was trying to set up with both unbound on one server and bind on another and this was just what I needed. Unbound seems to not be used as much yet, maybe because it is newer than bind? In case anyone else is after unbound information I recommend checking this information which helped me a LOT:

    https://www.rootusers.com/how-to-configure-a-caching-only-dns-name-server/

    https://www.digitalocean.com/community/tutorials/how-to-set-up-the-unbound-caching-dns-resolver-on-freebsd-10-1

    Good luck!

  4. jhalbrecht says:

    Would/should this configuration be locked down tighter perhaps with an acl that would disallow access to the nameserver from unauthorized/unwanted clients that might attempt to exploit for a DOS attack on another site?

    Your config:
    allow-query { localhost; any; };
    allow-query-cache { localhost; any; };

    Suggestion:
    allow-query { friends; };

    acl friends {
    192.168.0/24;
    localhost;
    localnets;
    };

  5. Giang says:

    how greate! Thank u so much.

  6. You can use Webmin to manage in GUI, Using Webmin we can manage full server not only DNS.

  7. Vinodh says:

    Nice article, thanks for sharing, is there any option to manage DNS in GUI instead of TUI… any open source tools which could be integrated with this and for the Master/Slave DNS setup??

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.