Install and Configure Caching-Only DNS Server in RHEL/CentOS 7 – Part 10

DNS servers comes in several types such as master, slave, forwarding and cache, to name a few examples, with cache-only DNS being the one that is easier to setup. Since DNS uses the UDP protocol, it improves the query time because it does not require an acknowledgement.

Setup Cache-Only DNS in RHEL and CentOS 7

RHCE Series: Setup Cache-Only DNS in RHEL and CentOS 7 – Part 11

The cache-only DNS server is also known as resolver, which will query DNS records and fetch all the DNS details from other servers, and keep each query request in its cache for later use so that when we perform the same request in the future, it will serve from its cache, thus reducing the response time even more.

If you’re looking to setup DNS Caching-Only Server in CentOS/RHEL 6, follow this guide here:

Setting Up Caching-Only DNS Name Server in CentOS/RHEL 6

My Testing Environment

DNS server		:	dns.tecmintlocal.com (Red Hat Enterprise Linux 7.1)
Server IP Address	:	192.168.0.18
Client			:	node1.tecmintlocal.com (CentOS 7.1)
Client IP Address	:	192.168.0.29

Step 1: Installing Cache-Only DNS Server in RHEL/CentOS 7

1. The Cache-Only DNS server, can be installed via the bind package. If you don’t remember the package name, you can do a quick search for the package name using the command below.

# yum search bind
Search DNS Bind Package

Search DNS Bind Package

2. In the above result, you will see several packages. From those, we need to choose and install only bind and bind-utils packages using following yum command.

# yum install bind bind-utils -y
Install DNS Bind in RHEL/CentOS 7

Install DNS Bind in RHEL/CentOS 7

Step 2: Configure Cache-Only DNS in RHEL/CentOS 7

3. Once DNS packages are installed we can go ahead and configure DNS. Open and edit /etc/named.conf using your preferred text editor. Make the changes suggested below (or you can use your settings as per your requirements).

listen-on port 53 { 127.0.0.1; any; };
allow-query     { localhost; any; };
allow-query-cache       { localhost; any; };
Configure Cache-Only DNS in CentOS and RHEL 7

Configure Cache-Only DNS in CentOS and RHEL 7

These directives instruct the DNS server to listen on UDP port 53, and to allow queries and caches responses from localhost and any other machine that reaches the server.

4. It is important to note that the ownership of this file must be set to root:named and also if SELinux is enabled, after editing the configuration file we need to make sure that its context is set to named_conf_t as shown in Fig. 4 (same thing for the auxiliary file /etc/named.rfc1912.zones):

# ls -lZ /etc/named.conf
# ls -lZ /etc/named.rfc1912.zones

Otherwise, configure the SELinux context before proceeding:

# semanage fcontext -a -t named_conf_t /etc/named.conf
# semanage fcontext -a -t named_conf_t /etc/named.rfc1912.zones

5. Additionally, we need to test the DNS configuration now for some syntax error before starting the bind service:

# named-checkconf /etc/named.conf

6. After the syntax verification results seems perfect, restart the named service to take new changes into effect and also make the service to auto start across system boots, and then check its status:

# systemctl restart named
# systemctl enable named
# systemctl status named
Configure and Start DNS Named Service

Configure and Start DNS Named Service

7. Next, open the port 53 on the firewall.

# firewall-cmd --add-port=53/udp
# firewall-cmd --add-port=53/udp --permanent
Open DNS Port 53 on Firewall

Open DNS Port 53 on Firewall

Step 3: Chroot Cache-Only DNS Server in RHEL and CentOS 7

8. If you wish to deploy the Cache-only DNS server within chroot environment, you need to have the package chroot installed on the system and no further configuration is needed as it by default hard-link to chroot.

# yum install bind-chroot -y

Once chroot package has been installed, you can restart named to take the new changes into effect:

# systemctl restart named

9. Next, create a symbolic link (also named /etc/named.conf) inside /var/named/chroot/etc/:

# ln -s /etc/named.conf /var/named/chroot/etc/named.conf

Step 4: Configure DNS on Client Machine

10. Add the DNS Cache servers IP 192.168.0.18 as resolver to the client machine. Edit /etc/sysconfig/network-scripts/ifcfg-enp0s3 as shown in the following figure:

DNS=192.168.0.18
Configure DNS on Client Machine

Configure DNS on Client Machine

And /etc/resolv.conf as follows:

nameserver 192.168.0.18

11. Finally it’s time to check our cache server. To do this, you can use dig utility or nslookup command.

Choose any website and query it twice (we will use facebook.com as an example). Note that with dig the second time the query is completed much faster because it is being served from the cache.

# dig facebook.com
Check Cache only DNS Queries

Check Cache only DNS Queries

You can also use nslookup to verify that the DNS server is working as expected.

# nslookup facebook.com
Checking DNS Query with nslookup

Checking DNS Query with nslookup

Summary

In this article we have explained how to set up a DNS Cache-only server in Red Hat Enterprise Linux 7 and CentOS 7, and tested it in a client machine. Feel free to let us know if you have any questions or suggestions using the form below.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

Gabriel Cánepa

Gabriel Cánepa is a GNU/Linux sysadmin and web developer from Villa Mercedes, San Luis, Argentina. He works for a worldwide leading consumer product company and takes great pleasure in using FOSS tools to increase productivity in all areas of his daily work.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

16 Responses

  1. Raghu says:

    Hi,

    After configuring DNS cache server as follows above, when I test from windows nslookup it shows as (default server : Unknown).
    rest of things are working fine.

    why it is ?

  2. Player says:

    Hello,

    I have a little problems in bind9.

    IN DNS service running status, First Query Time: 827 msec and Second Query Time: 1 0r 0 msec .

    After restart service or reboot the bind server, First Query Time: 827 and Second Query Time: 0 or msec.

    I want to know is previous cache is missing or not useless. and then may i know the best caching parameter

  3. x says:

    Isn’t it a open resolver now? any? means any? including localhost and all the others….

  4. Trung Ma says:

    Hello Gabriel,

    Great articles. How long DNS cached will be updated the new record.

  5. jose says:

    After creating a dns caching only server, and changing the client dns ip, when i run the yum repolist it shows the available lists, however it errors out while tying to download using the yum install option.
    Also wget fails to download. centos 7. Any suggestions on what could be the problem

  6. Manu Jain says:

    Hi,
    When I change the DNS server IP address at the client side, the internet stops working. I’m unable to test. Please help!!

    • @Manu Jain,
      Are you sure you have followed all the steps outlined in this guide? As you can see in the screenshots above, it should work without problems. Particularly pay attention to Step 2. You should make sure the server allows for connections from the local network, or at least from the IP of the client machine.

  7. Pang Kuo Loon says:

    How to block certain website in caching server? Manage implement in authorization named server. Kindly advise.

  8. Kay says:

    Hi, pretty good explanation. Im using a domain hoster which is pointing with an A-Record to my webserver. Do you recomment to implement a DNS caching to decrease response times?

    Thank you very much,
    Kay

  9. Mouchy says:

    Hello,

    DNS need udp and TCP 53 open because dnsec query are ganerally larger than 512o.
    You can add dnssec support on a cache server, it’s important.

    • @Mouchy,
      Thank you for your comment. Please tell us why, in your opinion, it is important to have DNSSEC support in a cache-only DNS server. We and the rest of the community will thank you for that :).

      • Tomas says:

        DNS cache poisoning.

      • Ralph Siegler says:

        Never mind dnssec, DNS uses both tcp and udp! longer query responses will use tcp, you’ll find your udp-only solution works great most of the time then sporadically fails for queries returning long lists. Classic mistake you’ve committed there

Leave a Reply to Gabriel A. Cánepa Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.