Using this article, you will learn how to setup / configure Caching-Only DNS with BIND on RHEL/CENTOS 7.6. As we know, DNS is used for translating names into IP addresses and IP addresses into names. DNS servers come in various types (Master, Slave, Caching, and Forwarding). The topic we are going to cover is Caching-Only DNS servers. Caching-Only DNS Server is also referred to as DNS Resolver.
Once a DNS Cache Server contacts the remote DNS server, and then caches (locally) the address returned from the query with the stipulated time allowed by the records 'TTL value, so the subsequent time if any request goes to the equal URL address, it instantly returns the answer, besides having to contact your ISP's DNS server to ask it for the translation. This process is much faster because it does not have to connect to any remote servers each time.
This step-by-step guide will help you to set up a Caching only DNS Server in CENTOS/RHEL 7.x.
My Lab Setup :
For the lab setup, I am using 2 machines in total. One system will be used for Master (Primary) DNS Server and the other will act as a DNS client locally
BIND Packages :
DNS Port :
Note:
Furthermore, if you are interested in learning more about master and slave DNS servers. Here's a link that will guide you through the process of how to configure a Master and Slave DNS server.
Step 1 : Installing BIND9 on CentOS 7.6
Install bind packages using the below command :
# yum install bind bind-utils -y
Once your BIND applications are installed, you need to start the service and enable it to begin automatically after each reboot, so that you don’t have to start manually each time. Follow the below command to do the same.
# systemctl enable named
# systemctl start named
# systemctl status named
Step 2 : BIND Server Configurations
It’s time to edit the main configuration file of the DNS server called "named.conf". It will be located under ‘/etc/’ directory. Use your favorite editor to edit this file.
#vi /etc/named.conf
Note: to perform the caching-only DNS server, we need to follow the 4 mandatory changes in the /etc/named.conf file. By default, the 'localhost' will be available and we need to add 'any' to accept the query from any range of network and recursion must be 'yes', but default it will be 'no'.
listen-on port 53 { 127.0.0.1; any; };
allow-query { localhost; any; };
allow-query-cache { localhost; any; };
recursion yes;
Will make the changes accordingly
options {
listen-on port 53 { 127.0.0.1; any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost; any; };
allow-query-cache { localhost; any; };recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};};
zone "." IN {
type hint;
file "named.ca";
};include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
The following is a short explanation of the entries added/highlighted in the '/etc/named.conf' file to setup DNS cache server:
Step 3 : SELinux Permission
Check the SELinux context for '/etc/named.conf' file. Follow the below command to check
# ls -Z /etc/named.conf
-rw-r-----. root root unconfined_u:object_r:etc_t:s0 named.conf
The result shows the wrong SELinux context, to change the security context & ownership. Follow the below command to change the ownership and SELinux context. For more details about SELinux, 'click here'
# chown root:named /etc/named.conf
# chcon system_u:object_r:etc_t:s0 /etc/named.conf
Step 4 : Test my bind configuration for any syntax errors
Run the following command:
# named-checkconf /etc/named.conf
If there is 'NO OUTPUT', then the configuration file is considered as valid.
Step 5 : restart the bind service
# systemctl restart named
Step 6 : Firewall Configuration
# firewall-cmd --permanent --add-port=53/tcp
# firewall-cmd --permanent --add-port=53/udp
Reload Firewall service :
# firewall-cmd --reload
If you want to know more about firewalld services, have a look at this article on 15 basic useful firewall-cmd commands in Linux.
Finally, the Cache-only-DNS-Server is ready! It's time to test
Step 7 : Test Caching Only DNS
Finally, test the cache server using 'dig & nslookup' commands. Now we are querying google.co.in for the first time, so it will cache its query & if we query the same, you can see the difference in the query access time.
# dig google.co.in
Again query the same website using dig :
# dig google.co.in
Please see the above output, as the 1st query was taken around 254 msec to resolve and the 2nd query took 1 msec to resolve the domain 'google.co.in'. This means that the 1st query gets cached on our DNS cache server and time again the same request comes and it responds immediately back from the local DNS cache. Also, there is a drastic difference in the webpage loading before and after.
Step 7 : Setup Cache-only-DNS to client machine
To add the DNS server IP to the interface of the client machine, use the below command to add directly :
# vi /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=262c0485-1177-48d0-baf8-386ce6ad73cf
DEVICE=ens33
ONBOOT=yes
DNS1=192.168.0.100
IPADDR=192.168.0.200
PREFIX=24
GATEWAY=192.168.0.1
Restart the Network service :
# systemclt restart network
Step 8 : Test the client machine
You can access one of the websites from the client machine and check the cache DNS server query access time
Again query the same website using dig :
Conclusion:
Congratulations! You have successfully configured the caching nameserver on your Centos/RHEL 7.x . Thank you for taking the time to read! We hope this article has helped you understand how it works. Drop me your feedback/comments. Feel free to share this article with others if you like it.
Thank you!