How to setup Caching DNS Server in CENTOS/RHEL 7.6

Using this article, you will learn how to setup / configure Caching-Only DNS with BIND on RHEL/CENTOS 7.6. As we know, DNS is used for translating names into IP addresses and IP addresses into names. DNS servers come in various types (Master, Slave, Caching, and Forwarding). The topic we are going to cover is Caching-Only DNS servers. Caching-Only DNS Server is also referred to as DNS Resolver.

Once a DNS Cache Server contacts the remote DNS server, and then caches (locally) the address returned from the query with the stipulated time allowed by the records 'TTL value, so the subsequent time if any request goes to the equal URL address, it instantly returns the answer, besides having to contact your ISP's DNS server to ask it for the translation. This process is much faster because it does not have to connect to any remote servers each time.

This step-by-step guide will help you to set up a Caching only DNS Server in CENTOS/RHEL 7.x.

My Lab Setup :

For the lab setup, I am using 2 machines in total. One system will be used for Master (Primary) DNS Server and the other will act as a DNS client locally

How to setup Caching DNS Server in CENTOS/RHEL 7.6 1

How to setup Caching DNS Server in CENTOS/RHEL 7.6 2

BIND Packages :

How to setup Caching DNS Server in CENTOS/RHEL 7.6 3

DNS Port :

How to setup Caching DNS Server in CENTOS/RHEL 7.6 4

Note:

Furthermore, if you are interested in learning more about master and slave DNS servers. Here's a link that will guide you through the process of how to configure a Master and Slave DNS server.

Step 1 : Installing BIND9 on CentOS 7.6

Install bind packages using the below command :

# yum install bind bind-utils -y

Once your BIND applications are installed, you need to start the service and enable it to begin automatically after each reboot, so that you don’t have to start manually each time. Follow the below command to do the same.

# systemctl enable named

# systemctl start named

# systemctl status named

Step 2 : BIND Server Configurations

It’s time to edit the main configuration file of the DNS server called "named.conf". It will be located under ‘/etc/’ directory. Use your favorite editor to edit this file.

#vi /etc/named.conf

Note: to perform the caching-only DNS server, we need to follow the 4 mandatory changes in the /etc/named.conf file. By default, the 'localhost' will be available and we need to add 'any' to accept the query from any range of network and recursion must be 'yes', but default it will be 'no'.

listen-on port 53 { 127.0.0.1; any; };
allow-query { localhost; any; };
allow-query-cache { localhost; any; };
recursion yes;

Will make the changes accordingly

options {
                   listen-on port 53 { 127.0.0.1; any; };
                   listen-on-v6 port 53 { ::1; };
                  directory "/var/named";
                  dump-file "/var/named/data/cache_dump.db";
                  statistics-file "/var/named/data/named_stats.txt";
                  memstatistics-file "/var/named/data/named_mem_stats.txt";
                  recursing-file "/var/named/data/named.recursing";
                  secroots-file "/var/named/data/named.secroots";
                  allow-query { localhost; any; };
                  allow-query-cache { localhost; any; };

                  recursion yes;

                 dnssec-enable yes;
                 dnssec-validation yes;
                dnssec-lookaside auto;

              /* Path to ISC DLV key */
                bindkeys-file "/etc/named.iscdlv.key";
               managed-keys-directory "/var/named/dynamic";
               pid-file "/run/named/named.pid";
               session-keyfile "/run/named/session.key";       

 

};

logging {
                  channel default_debug {
                                      file "data/named.run";
                                      severity dynamic;
                  };

};

zone "." IN {
             type hint;
             file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

The following is a short explanation of the entries added/highlighted in the '/etc/named.conf' file to setup DNS cache server:

How to setup Caching DNS Server in CENTOS/RHEL 7.6 5

Step 3 : SELinux Permission

Check the SELinux context for '/etc/named.conf' file. Follow the below command to check

# ls -Z /etc/named.conf

-rw-r-----. root root unconfined_u:object_r:etc_t:s0 named.conf

The result shows the wrong SELinux context, to change the security context & ownership. Follow the below command to change the ownership and SELinux context. For more details about SELinux, 'click here'

# chown root:named /etc/named.conf

# chcon system_u:object_r:etc_t:s0 /etc/named.conf

Step 4 : Test my bind configuration for any syntax errors

Run the following command:

# named-checkconf /etc/named.conf

If there is 'NO OUTPUT', then the configuration file is considered as valid.

Step 5 : restart the bind service 

# systemctl restart named

Step 6 : Firewall Configuration

# firewall-cmd --permanent --add-port=53/tcp

# firewall-cmd --permanent --add-port=53/udp

Reload Firewall service :

# firewall-cmd --reload

If you want to know more about firewalld services, have a look at this article on 15 basic useful firewall-cmd commands in Linux.

Finally, the Cache-only-DNS-Server is ready! It's time to test

Step 7 : Test Caching Only DNS

Finally, test the cache server using 'dig & nslookup' commands. Now we are querying google.co.in for the first time, so it will cache its query & if we query the same, you can see the difference in the query access time.

# dig google.co.in

How to setup Caching DNS Server in CENTOS/RHEL 7.6 6

Again query the same website using dig :

# dig google.co.in

How to setup Caching DNS Server in CENTOS/RHEL 7.6 7

Please see the above output, as the 1st query was taken around 254 msec to resolve and the 2nd query took 1 msec to resolve the domain 'google.co.in'. This means that the 1st query gets cached on our DNS cache server and time again the same request comes and it responds immediately back from the local DNS cache. Also, there is a drastic difference in the webpage loading before and after.

Step 7 : Setup Cache-only-DNS  to client machine

To add the DNS server IP to the interface of the client machine, use the below command to add directly :

# vi /etc/sysconfig/network-scripts/ifcfg-ens33

TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=262c0485-1177-48d0-baf8-386ce6ad73cf
DEVICE=ens33
ONBOOT=yes
DNS1=192.168.0.100
IPADDR=192.168.0.200
PREFIX=24
GATEWAY=192.168.0.1

Restart the Network service :

# systemclt restart network

Step 8 : Test the client machine

You can access one of the websites from the client machine and check the cache DNS server query access time

How to setup Caching DNS Server in CENTOS/RHEL 7.6 8

Again query the same website using dig :

How to setup Caching DNS Server in CENTOS/RHEL 7.6 9

Conclusion:

Congratulations! You have successfully configured the caching nameserver on your Centos/RHEL 7.x . Thank you for taking the time to read! We hope this article has helped you understand how it works. Drop me your feedback/comments. Feel free to share this article with others if you like it.

Thank you!

Support My Work

Thank you for your support and for being a part of my journey, I would be very grateful if you could consider buying me a coffee. The contributions you make will help me to continue to produce quality content and enhance my readers' experience.


Buy Me A Coffee

Thank you for your endless support!

 

Leave a Reply

Your email address will not be published.

L