Install and Configure Caching-Only DNS Server in RHEL/CentOS 7 – Part 10

DNS servers comes in several types such as master, slave, forwarding and cache, to name a few examples, with cache-only DNS being the one that is easier to setup. Since DNS uses the UDP protocol, it improves the query time because it does not require an acknowledgement.

Setup Cache-Only DNS in RHEL and CentOS 7
RHCE Series: Setup Cache-Only DNS in RHEL and CentOS 7 – Part 11

The cache-only DNS server is also known as resolver, which will query DNS records and fetch all the DNS details from other servers, and keep each query request in its cache for later use so that when we perform the same request in the future, it will serve from its cache, thus reducing the response time even more.

If you’re looking to setup DNS Caching-Only Server in CentOS/RHEL 6, follow this guide here:

Setting Up Caching-Only DNS Name Server in CentOS/RHEL 6

My Testing Environment

DNS server		: (Red Hat Enterprise Linux 7.1)
Server IP Address	:
Client			: (CentOS 7.1)
Client IP Address	:

Step 1: Installing Cache-Only DNS Server in RHEL/CentOS 7

1. The Cache-Only DNS server, can be installed via the bind package. If you don’t remember the package name, you can do a quick search for the package name using the command below.

# yum search bind
Search DNS Bind Package
Search DNS Bind Package

2. In the above result, you will see several packages. From those, we need to choose and install only bind and bind-utils packages using following yum command.

# yum install bind bind-utils -y
Install DNS Bind in RHEL/CentOS 7
Install DNS Bind in RHEL/CentOS 7

Step 2: Configure Cache-Only DNS in RHEL/CentOS 7

3. Once DNS packages are installed we can go ahead and configure DNS. Open and edit /etc/named.conf using your preferred text editor. Make the changes suggested below (or you can use your settings as per your requirements).

listen-on port 53 {; any; };
allow-query     { localhost; any; };
allow-query-cache       { localhost; any; };
Configure Cache-Only DNS in CentOS and RHEL 7
Configure Cache-Only DNS in CentOS and RHEL 7

These directives instruct the DNS server to listen on UDP port 53, and to allow queries and caches responses from localhost and any other machine that reaches the server.

4. It is important to note that the ownership of this file must be set to root:named and also if SELinux is enabled, after editing the configuration file we need to make sure that its context is set to named_conf_t as shown in Fig. 4 (same thing for the auxiliary file /etc/named.rfc1912.zones):

# ls -lZ /etc/named.conf
# ls -lZ /etc/named.rfc1912.zones

Otherwise, configure the SELinux context before proceeding:

# semanage fcontext -a -t named_conf_t /etc/named.conf
# semanage fcontext -a -t named_conf_t /etc/named.rfc1912.zones

5. Additionally, we need to test the DNS configuration now for some syntax error before starting the bind service:

# named-checkconf /etc/named.conf

6. After the syntax verification results seems perfect, restart the named service to take new changes into effect and also make the service to auto start across system boots, and then check its status:

# systemctl restart named
# systemctl enable named
# systemctl status named
Configure and Start DNS Named Service
Configure and Start DNS Named Service

7. Next, open the port 53 on the firewall.

# firewall-cmd --add-port=53/udp
# firewall-cmd --add-port=53/udp --permanent
Open DNS Port 53 on Firewall
Open DNS Port 53 on Firewall

Step 3: Chroot Cache-Only DNS Server in RHEL and CentOS 7

8. If you wish to deploy the Cache-only DNS server within chroot environment, you need to have the package chroot installed on the system and no further configuration is needed as it by default hard-link to chroot.

# yum install bind-chroot -y

Once chroot package has been installed, you can restart named to take the new changes into effect:

# systemctl restart named

9. Next, create a symbolic link (also named /etc/named.conf) inside /var/named/chroot/etc/:

# ln -s /etc/named.conf /var/named/chroot/etc/named.conf

Step 4: Configure DNS on Client Machine

10. Add the DNS Cache servers IP as resolver to the client machine. Edit /etc/sysconfig/network-scripts/ifcfg-enp0s3 as shown in the following figure:

Configure DNS on Client Machine
Configure DNS on Client Machine

And /etc/resolv.conf as follows:


11. Finally it’s time to check our cache server. To do this, you can use dig utility or nslookup command.

Choose any website and query it twice (we will use as an example). Note that with dig the second time the query is completed much faster because it is being served from the cache.

# dig
Check Cache only DNS Queries
Check Cache only DNS Queries

You can also use nslookup to verify that the DNS server is working as expected.

# nslookup
Checking DNS Query with nslookup
Checking DNS Query with nslookup


In this article we have explained how to set up a DNS Cache-only server in Red Hat Enterprise Linux 7 and CentOS 7, and tested it in a client machine. Feel free to let us know if you have any questions or suggestions using the form below.

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

Gabriel Cánepa
Gabriel Cánepa is a GNU/Linux sysadmin and web developer from Villa Mercedes, San Luis, Argentina. He works for a worldwide leading consumer product company and takes great pleasure in using FOSS tools to increase productivity in all areas of his daily work.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.


Leave a Reply
  1. Hi,

    After configuring DNS cache server as follows above, when I test from windows nslookup it shows as (default server : Unknown).
    rest of things are working fine.

    why it is ?

  2. Hello,

    I have a little problems in bind9.

    IN DNS service running status, First Query Time: 827 msec and Second Query Time: 1 0r 0 msec .

    After restart service or reboot the bind server, First Query Time: 827 and Second Query Time: 0 or msec.

    I want to know is previous cache is missing or not useless. and then may i know the best caching parameter

  3. After creating a dns caching only server, and changing the client dns ip, when i run the yum repolist it shows the available lists, however it errors out while tying to download using the yum install option.
    Also wget fails to download. centos 7. Any suggestions on what could be the problem

  4. Hi,
    When I change the DNS server IP address at the client side, the internet stops working. I’m unable to test. Please help!!

    • @Manu Jain,
      Are you sure you have followed all the steps outlined in this guide? As you can see in the screenshots above, it should work without problems. Particularly pay attention to Step 2. You should make sure the server allows for connections from the local network, or at least from the IP of the client machine.

  5. Hi, pretty good explanation. Im using a domain hoster which is pointing with an A-Record to my webserver. Do you recomment to implement a DNS caching to decrease response times?

    Thank you very much,

  6. Hello,

    DNS need udp and TCP 53 open because dnsec query are ganerally larger than 512o.
    You can add dnssec support on a cache server, it’s important.

    • @Mouchy,
      Thank you for your comment. Please tell us why, in your opinion, it is important to have DNSSEC support in a cache-only DNS server. We and the rest of the community will thank you for that :).

      • Never mind dnssec, DNS uses both tcp and udp! longer query responses will use tcp, you’ll find your udp-only solution works great most of the time then sporadically fails for queries returning long lists. Classic mistake you’ve committed there


Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.