Setup a Basic Recursive Caching DNS Server and Configure Zones for Domain

Configuring DNS Zones

In the files /var/named/ and /var/named/ we will configure the forward (domain → IP address) and reverse (IP address → domain) zones.

Let’s tackle the forward configuration first:

1. At the top of the file you will find a line beginning with TTL (short for Time To Live), which specifies how long the cached response should “live” before being replaced by the results of a new query.

In the line immediately below, we will reference our domain and set the email address where notifications should be sent (note that the means [email protected]).

2. A SOA (Start Of Authority) record indicates that this system is the authoritative nameserver for machines inside the domain.

The following settings are required when there are two nameservers (one master and one slave) per domain (although such is not our case since it is not required in the exam, they are presented here for your reference):

The Serial is used to distinguish one version of the zone definition file from a previous one (where settings could have changed). If the cached response points to a definition with a different serial, the query is performed again instead of feeding it back to the client.

In a setup with a slave (secondary) nameserver, Refresh indicates the amount of time until the secondary should check for a new serial from the master server.

In addition, Retry tells the server how often the secondary should attempt to contact the primary if no response from the primary has been received, whereas Expire indicates when the zone definition in the secondary is no longer valid after the master server could not be reached, and Negative TTL is the time that a Non-existent domain (NXdomain) should be cached.

3. A NS record indicates what is the authoritative DNS server for our domain (referenced by the @ sign at the beginning of the line).

4. An A record (for IPv4 addresses) or an AAAA (for IPv6 addresses) translates names into IP addresses.

In the example below:

dns: (the DNS server itself)
web1: (a web server inside the zone)
mail1: (a mail server inside the zone)
mail2: (another mail server)

5. A MX record indicates the names of the authorized mail transfer agents (MTAs) for this domain. The hostname should be prefaced by a number indicating the priority that the current mail server should have when there are two or more MTAs for the domain (the lower the value, the higher the priority – in the following example, mail1 is the primary whereas mail2 is the secondary MTA).

6. A CNAME record sets an alias (www.web1) for a host (web1).

IMPORTANT: The dot (.) at the end of the names is required.

$TTL	604800
@   	IN  	SOA (
                    	2016051101 ; Serial
                    	10800 ; Refresh
                    	3600  ; Retry
                    	604800 ; Expire
                    	604800) ; Negative TTL
@   	IN  	NS
dns 	IN  	A
web1	IN  	A
mail1   IN  	A
mail2   IN  	A
@   	IN  	MX  	10
@   	IN  	MX  	20
www.web1    	IN  	CNAME   web1

Let’s now take a look at the reverse zone configuration (/var/named/ The SOA record is the same as in the previous file, whereas the last three lines with a PTR (pointer) record indicates the last octet in the IPv4 address of the mail1, web1, and mail2 hosts (,, and, respectively).

$TTL	604800
@   	IN  	SOA (
                    	2016051101 ; Serial
                    	10800 ; Refresh
                    	3600  ; Retry
                    	604800 ; Expire
                    	604800) ; Minimum TTL
@   	IN  	NS
28  	IN  	PTR
29  	IN  	PTR
30  	IN  	PTR

You can check the zone files for errors with:

# named-checkzone /var/named/
# named-checkzone /var/named/

The following image illustrates what is the expected output on success:

Check DNS Zone File Configuration Errors
Check DNS Zone File Configuration Errors

Otherwise, you will get an error message stating the cause and how to fix it:

Fix DNS Zone Configuration Error
Fix DNS Zone Configuration Error

Once you have verified the main configuration file and the zone files, restart the named service to apply changes.

In CentOS and OpenSUSE, do:

# systemctl restart named

And don’t forget to enable it as well:

# systemctl enable named

In Ubuntu:

$ sudo service bind9 restart

Finally, you will have to edit the configuration of your main network interfaces:

---- In /etc/sysconfig/network-scripts/ifcfg-enp0s3 for CentOS and openSUSE ----

---- In /etc/network/interfaces for Ubuntu ----

and restart the network service to apply changes.

Tutorial Feedback...
Was this article helpful? If you don't find this article helpful or found some outdated info, issue or a typo, do post your valuable feedback or suggestions in the comments to help improve this article...

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

5 thoughts on “Setup a Basic Recursive Caching DNS Server and Configure Zones for Domain”

  1. There are 2 typos (well two digits transposed) in the sample reverse DNS zone example given above.

    Here’s the text provided:

    zone "" IN {
        type master;
        file "/var/named/";

    The file directive has the 2 and the 8 transposed. The file name should be “/var/named/

  2. Hello Mr Canepa,

    First of all I would like to thank you for a very good articles in order to help me to prepare for LFCS. I studied all of them very carefully, but unfortunately I was stuck at the DNS.

    It is about 3th part of this chapter. I don’t know if files /var/named/ and /var/named/ should be appeared automatically or should I append them on my own?

    There are differences between CentOS and Ubuntu because of location of these files – in Ubuntu these files supposed to be in /var/cache/bind…
    I will be thankful for your support.

    • Hello again,

      I would like to inform that all questions mentioned above I solved. I just created require zone-files in /etc/bind/.

      Unfortunately I met another issue and I tried to handled with that all the day – without result. When I try to check the answer with host command I received always the same error: “Host ….. not found: 3(NXDOMAIN)“.

      The zone files and option files are done correctly without any errors.

      Could someone help me with that and point me where I should looking for a mistake..? Many thanks in advance.



Got something to say? Join the discussion.

Have a question or suggestion? Please leave a comment to start the discussion. Please keep in mind that all comments are moderated and your email address will NOT be published.