×



DNS signifies Domain Name System which is basically a Database of the Internet.


DNS is important as it helps to translate a domain name to IP address to enable the web browser to loads the Internet resource.


Here at LinuxAPT as part of our Server Support Services, we regularly help our customers to install Software, configure DNS on their Server.


In this context, we shall look into how to set up Caching DNS Server on CentOS 8 Machine.



More about DNS Server?

In summary, DNS helps a domain name to resolve to an IP address and in turn the IP address resolves to the domain name. You can learn how to  configure DNS Server on CentOS 8.

There are four types of  DNS Server as outlined below;


i. Master DNS Server also known as Primary DNS Server.

ii. Slave DNS Server also known as Secondary DNS Server.

iii. Forwarding-only DNS Server.

iv. Caching-only DNS Server.


What is DNS Cache Server?

A DNS Cache Server relates with the remote DNS Server at a time and then stores the addresses locally from the query. This means that it is only valid for a specific time known as TTL (Time To Live). Basically, during this time, any request for a domain name will return the response automatically.


Therefore a Caching-only DNS Server does not have a full database. How it works is that it queries dns servers to get a response  and then send it to the requester.


The advantages of using caching-only DNS Servers includes;


i. Great Performance to achieve a faster response time when a dns lookup of server is performed or cached.

ii. An enhanced security to make internal servers to access dns lookup within the internal network and close the dns port to the public.


1. How to configure Cache-only DNS Server?

In this guide, we are going to use two system. One would represent the DNS Cache Server while the second one will server as a client.


For the DNS Cache Server, we have to install Bind Software package on the Server System which will use the dns default port 53.


The following information will apply for the Server system;


The Operating System is CentOS 8/RHEL 8

The Hostname for our demonstration is dnscache.linuxapt.com

The IP address is 192.168.10.10


For the Client System, the following information will apply;


The Operating System is CentOS 8/RHEL 8

The Hostname for our demonstration is client.linuxapt.com

The IP address is 192.168.10.20


How to install BIND 9 on CentOS 8?

To install BIND, start by updating the system packages and then proceed with the installation of  Bind by running the following commands;


yum update
dnf install bind bind-utils


You can use "yum" instead of dnf as stated above to perform the installation of Bind.


From the above command, "Bind" represents the name of the DNS software package while "Bind-utils" signifies a collection of utilities used for querying DNS name Servers to get information about internet hosts.


How to start the BIND Service?

You can start the BIND service and enable it to start automatically on boot. Note that the name of the BIND Service is "named". Now run the command below to start it;


systemctl enable --now named


Now you can test the BIND service to see if it is running with the command below;


systemctl status named


How to configure DNS cache Server via its configuration file?

To configure DNS cache server, simply locate the configuration file located at "/etc/named.conf".

Run the command below to edit the configuration file;


vim /etc/named.conf


Now you will implement the following changes;


listen-on port 53 { 127.0.0.1; any; };
allow-query { localhost; any; };
allow-query-cache { localhost; any; };
recursion yes;


From the attributes above, note that;


"any" means that the query from any range of the network will be accepted. This instructs BIND to be accessible to all available interfaces, public or private.

Also the recursion is set to yes.


The complete "named.conf" configuration file will look like this;


options {
        listen-on port 53 { 127.0.0.1; any; };
        listen-on-v6 port 53 { ::1; };
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        secroots-file "/var/named/data/named.secroots";
        recursing-file "/var/named/data/named.recursing";
        allow-query { localhost; any; };
        allow-query-cache { localhost; any; };
        recursion yes;
        dnssec-enable yes;
        dnssec-validation yes;
        managed-keys-directory "/var/named/dynamic";
        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
        include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
         channel default_debug {
                 file "data/named.run";
                 severity dynamic;
         };
};
zone "." IN {
         type hint;
         file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";



Note the following;


The line "listen-on port 53 { 127.0.0.1; any; };" sets the port on which BIND will listen for incoming DNS requests. We can also specify an IP address in place of "any".


"allow-query { localhost; any; };" will allow queries and caches responses from any machine that reaches the server.


"allow-query-cache { localhost; any; };" will add the query request to the BIND.


"recursion" will query the response and returns it.


How to update the SELinux context?

For a great performance you need to change the group of the named.conf file to be "named" by running the command below;


chown root:named /etc/named.conf


Also, restore the original SELinux context with the command below;


chcon system_u:object_r:named_conf_t:s0 /etc/named.conf


How to check BIND configuration?

To check if the syntax for BIND configuration file is correct, run the command below;


named-checkconf


How to Restart BIND Service?

Now that we have completed the BIND configuration, you can restart the "named" service by running the command below;


systemctl restart named


How to configure Firewall for DNS?

The Firewall allows the incoming and outgoing connections as per the configuration. The default port for DNS is 53 and it needs to be allowed to go through the firewall. Run the following commands to open DNS Port 53;


firewall-cmd --permanent --add-port 53/tcp
firewall-cmd --permanent --add-port 53/udp


To effect changes, run the following command to reload the firewall service;


firewall-cmd --reload


Testing the DNS caching-only Server

With the "dig" command, the DNS can be tested. 

Let's sat we wand to test "google.com", then run the command below;


dig google.com



2. How to set up DNS cache-only on the client's machine?

This involves modifying the DNS address on the client's machine. 

Start by knowing the name of the network interface with the command below;


ifconfig -a


Lets say its name is "ens33", then you can run the command to edit the network configuration file;


vim /etc/sysconfig/network-scripts/ifcfg-ens33


You will see the following details;


TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=45cc7c46-5417-35aa-9e15-a07314c5f0bd
DEVICE=ens33
ONBOOT=yes
AUTOCONNECT_PRIORITY=-999
IPADDR=192.168.10.20
PREFIX=24
GATEWAY=192.168.43.1
DNS1=192.168.10.10


After the DNS modification, perform an restart of the network manager with the command below;


systemctl restart NetworkManager


Testing the DNS Caching-only settings for the client machine

You can test the DNS for client with the dig command below;


dig google.com


Working with the Named service.

To start the named service, run the command below;


systemctl start named


To enable the named service to startup automatically on boot with the command below;


systemctl is-enabled named


If it is not enabled, you need to run the following command below;


systemctl enable named


To disable the named service, run the command below;


systemctl disable named


Additionally,  if you want to mask the named service so it will not start by any other program, you can run the below command;


systemctl mask named


To unmask the named service, run the command below;


systemctl unmask named


Need support in configuring the DNS Caching-only server on CentOS? We are available to help you today.


Conclusion


More Linux Tutorials

We create Linux HowTos and Tutorials for Sys Admins. Visit us on IbmiMedia.com

Also for Tech related tips, Visit forum.outsourcepath.com or General Technical tips on www.outsourcepath.com