Steps to configure Caching Dns Server on CentOS 8 Machine

DNS signifies Domain Name System which is basically a Database of the Internet.

DNS is important as it helps to translate a domain name to IP address to enable the web browser to loads the Internet resource.

Here at LinuxAPT as part of our Server Support Services, we regularly help our customers to install Software, configure DNS on their Server.

In this context, we shall look into how to set up Caching DNS Server on CentOS 8 Machine.

More about DNS Server?

In summary, DNS helps a domain name to resolve to an IP address and in turn the IP address resolves to the domain name. You can learn how to  configure DNS Server on CentOS 8.

There are four types of  DNS Server as outlined below;

i. Master DNS Server also known as Primary DNS Server.

ii. Slave DNS Server also known as Secondary DNS Server.

iii. Forwarding-only DNS Server.

iv. Caching-only DNS Server.

What is DNS Cache Server?

A DNS Cache Server relates with the remote DNS Server at a time and then stores the addresses locally from the query. This means that it is only valid for a specific time known as TTL (Time To Live). Basically, during this time, any request for a domain name will return the response automatically.

Therefore a Caching-only DNS Server does not have a full database. How it works is that it queries dns servers to get a response  and then send it to the requester.

The advantages of using caching-only DNS Servers includes;

i. Great Performance to achieve a faster response time when a dns lookup of server is performed or cached.

ii. An enhanced security to make internal servers to access dns lookup within the internal network and close the dns port to the public.

1. How to configure Cache-only DNS Server?

In this guide, we are going to use two system. One would represent the DNS Cache Server while the second one will server as a client.

For the DNS Cache Server, we have to install Bind Software package on the Server System which will use the dns default port 53.

The following information will apply for the Server system;

The Operating System is CentOS 8/RHEL 8

The Hostname for our demonstration is

The IP address is

For the Client System, the following information will apply;

The Operating System is CentOS 8/RHEL 8

The Hostname for our demonstration is

The IP address is

How to install BIND 9 on CentOS 8?

To install BIND, start by updating the system packages and then proceed with the installation of  Bind by running the following commands;

yum update
dnf install bind bind-utils

You can use "yum" instead of dnf as stated above to perform the installation of Bind.

From the above command, "Bind" represents the name of the DNS software package while "Bind-utils" signifies a collection of utilities used for querying DNS name Servers to get information about internet hosts.

How to start the BIND Service?

You can start the BIND service and enable it to start automatically on boot. Note that the name of the BIND Service is "named". Now run the command below to start it;

systemctl enable --now named

Now you can test the BIND service to see if it is running with the command below;

systemctl status named

How to configure DNS cache Server via its configuration file?

To configure DNS cache server, simply locate the configuration file located at "/etc/named.conf".

Run the command below to edit the configuration file;

vim /etc/named.conf

Now you will implement the following changes;

listen-on port 53 {; any; };
allow-query { localhost; any; };
allow-query-cache { localhost; any; };
recursion yes;

From the attributes above, note that;

"any" means that the query from any range of the network will be accepted. This instructs BIND to be accessible to all available interfaces, public or private.

Also the recursion is set to yes.

The complete "named.conf" configuration file will look like this;

options {
        listen-on port 53 {; any; };
        listen-on-v6 port 53 { ::1; };
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        secroots-file "/var/named/data/named.secroots";
        recursing-file "/var/named/data/named.recursing";
        allow-query { localhost; any; };
        allow-query-cache { localhost; any; };
        recursion yes;
        dnssec-enable yes;
        dnssec-validation yes;
        managed-keys-directory "/var/named/dynamic";
        pid-file "/run/named/";
        session-keyfile "/run/named/session.key";
        include "/etc/crypto-policies/back-ends/bind.config";
logging {
         channel default_debug {
                 file "data/";
                 severity dynamic;
zone "." IN {
         type hint;
         file "";
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

Note the following;

The line "listen-on port 53 {; any; };" sets the port on which BIND will listen for incoming DNS requests. We can also specify an IP address in place of "any".

"allow-query { localhost; any; };" will allow queries and caches responses from any machine that reaches the server.

"allow-query-cache { localhost; any; };" will add the query request to the BIND.

"recursion" will query the response and returns it.

How to update the SELinux context?

For a great performance you need to change the group of the named.conf file to be "named" by running the command below;

chown root:named /etc/named.conf

Also, restore the original SELinux context with the command below;

chcon system_u:object_r:named_conf_t:s0 /etc/named.conf

How to check BIND configuration?

To check if the syntax for BIND configuration file is correct, run the command below;


How to Restart BIND Service?

Now that we have completed the BIND configuration, you can restart the "named" service by running the command below;

systemctl restart named

How to configure Firewall for DNS?

The Firewall allows the incoming and outgoing connections as per the configuration. The default port for DNS is 53 and it needs to be allowed to go through the firewall. Run the following commands to open DNS Port 53;

firewall-cmd --permanent --add-port 53/tcp
firewall-cmd --permanent --add-port 53/udp

To effect changes, run the following command to reload the firewall service;

firewall-cmd --reload

Testing the DNS caching-only Server

With the "dig" command, the DNS can be tested. 

Let's sat we wand to test "", then run the command below;


2. How to set up DNS cache-only on the client's machine?

This involves modifying the DNS address on the client's machine. 

Start by knowing the name of the network interface with the command below;

ifconfig -a

Lets say its name is "ens33", then you can run the command to edit the network configuration file;

vim /etc/sysconfig/network-scripts/ifcfg-ens33

You will see the following details;


After the DNS modification, perform an restart of the network manager with the command below;

systemctl restart NetworkManager

Testing the DNS Caching-only settings for the client machine

You can test the DNS for client with the dig command below;


Working with the Named service.

To start the named service, run the command below;

systemctl start named

To enable the named service to startup automatically on boot with the command below;

systemctl is-enabled named

If it is not enabled, you need to run the following command below;

systemctl enable named

To disable the named service, run the command below;

systemctl disable named

Additionally,  if you want to mask the named service so it will not start by any other program, you can run the below command;

systemctl mask named

To unmask the named service, run the command below;

systemctl unmask named

Need support in configuring the DNS Caching-only server on CentOS? We are available to help you today.

Here is a complete guide on how to configure the DNS caching-only server on CentOS 8.

Related Posts