How to setup Caching DNS Server in CENTOS/RHEL 7.6

How to setup Caching DNS Server in CENTOS/RHEL 7.6 1

This article will help you, how to setup / configure Caching-only DNS with BIND in RHEL/CENTOS 7.6. As we be aware of that the DNS is a service used for Resolving the Name to IP Address and IP Address to Name. There are different types of DNS servers ( Master, Slave, Caching & Forwarding). Here we are going to talk about on Caching-Only DNS Server. Caching-Only DNS Server is also recognized as DNS Resolver.

A DNS Cache Server contacts the remote DNS server once, and then caches (locally) the address returned from the query with a stipulated time allowed by the records 'TTL value, so the subsequent time if any request going to the equal URL address, it instantly returns the answer, besides having to contact your ISP's DNS server to ask it for the translation. This process is quite faster than it does not have to connect to any remote servers each time.

This step by step guide will help you to setup Caching only DNS Server in CENTOS/RHEL 7.x

My Lab Setup :

For the Lab setup, I am using 2 machines in total. One system will use for Master (Primary) DNS Server and the other one will act as a DNS client locally

How to setup Caching DNS Server in CENTOS/RHEL 7.6 2

How to setup Caching DNS Server in CENTOS/RHEL 7.6 4

BIND Packages :

How to setup Caching DNS Server in CENTOS/RHEL 7.6 6

DNS Port :

How to setup Caching DNS Server in CENTOS/RHEL 7.6 8

Step 1 : Installing BIND9 on CentOS 7.6

Install bind packages using below command :

# yum install bind bind-utils -y

Once your BIND applications are installed, you need to start the service and enable it to begin automatically after each reboot, so that you don’t have to start manually each time. Follow the below command to do the same.

# systemctl enable named

# systemctl start named

# systemctl status named

Step 2 : BIND Server Configurations

It’s time to edit the main configuration file of the DNS server is called ‘named.conf’. It will be located under ‘/etc/’ directory. Use your favorite editor to edit this file.

#vi /etc/named.conf

Note: for performing the caching-only DNS server, we need to follow the 4 mandatory changes in the /etc/named.conf file. By default, the 'localhost' will be available and we need to add 'any' to accept the query from any range of network and recursion must be 'yes', but default it will be 'no'.

listen-on port 53 { 127.0.0.1; any; };
allow-query { localhost; any; };
allow-query-cache { localhost; any; };
recursion yes;

Do the changes accordingly

options {
                   listen-on port 53 { 127.0.0.1; any; };
                   listen-on-v6 port 53 { ::1; };
                  directory "/var/named";
                  dump-file "/var/named/data/cache_dump.db";
                  statistics-file "/var/named/data/named_stats.txt";
                  memstatistics-file "/var/named/data/named_mem_stats.txt";
                  recursing-file "/var/named/data/named.recursing";
                  secroots-file "/var/named/data/named.secroots";
                  allow-query { localhost; any; };
                  allow-query-cache { localhost; any; };

                  recursion yes;

                 dnssec-enable yes;
                 dnssec-validation yes;
                dnssec-lookaside auto;

              /* Path to ISC DLV key */
                bindkeys-file "/etc/named.iscdlv.key";
               managed-keys-directory "/var/named/dynamic";
               pid-file "/run/named/named.pid";
               session-keyfile "/run/named/session.key";       

 

};

logging {
                  channel default_debug {
                                      file "data/named.run";
                                      severity dynamic;
                  };

};

zone "." IN {
             type hint;
             file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

The followings are the short explanation of the entries added/highlighted in the '/etc/named.conf' file to setup DNS cache server:

How to setup Caching DNS Server in CENTOS/RHEL 7.6 10

Step 3 : SELinux Permission

Check the SELinux context for '/etc/named.conf' file. Follow the below command to check

# ls -Z /etc/named.conf

-rw-r-----. root root unconfined_u:object_r:etc_t:s0 named.conf

The result shows the wrong SELinux context, to change the security context & ownership. Follow the below command to change the ownership and SELinux context

# chown root:named /etc/named.conf

# chcon system_u:object_r:etc_t:s0 /etc/named.conf

Step 4 : Test my bind configuration for any syntax errors

Run command as follows:

# named-checkconf /etc/named.conf

If there is 'NO OUTPUT', then the configuration file is considered as valid.

Step 5 : restart the bind service 

# systemctl restart named

Step 6 : Firewall Configuration

# firewall-cmd --permanent --add-port=53/tcp

# firewall-cmd --permanent --add-port=53/udp

Reload the Firewall service :

# firewall-cmd --reload

Finally, the Cache-only-DNS-Server is ready! It's time to test

Step 7 : Test Caching Only DNS

Finally, test the cache server using 'dig & nslookup' commands. Now we query google.co.in for the first time, so it will cache its query & if we query the same you can see the difference in the query access time

# dig google.co.in

How to setup Caching DNS Server in CENTOS/RHEL 7.6 12

Again query the same website using dig :

# dig google.co.in

How to setup Caching DNS Server in CENTOS/RHEL 7.6 14

You can see the above output, as the 1st query taken around 254 msec to resolve and the 2nd query takes 1 msec to resolve the domain 'google.co.in'. It means, the 1st query gets cached in our DNS cache server and the time again the same request comes and it responds immediately back from the local DNS cache. Also, there is a drastic difference in the webpage loading before and after.

Step 7 : Setup Cache-only-DNS  to client machine

Add the DNS server IP to the interface of the client machine, use the below command to add directly :

# vi /etc/sysconfig/network-scripts/ifcfg-ens33

TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=262c0485-1177-48d0-baf8-386ce6ad73cf
DEVICE=ens33
ONBOOT=yes
DNS1=192.168.0.100
IPADDR=192.168.0.200
PREFIX=24
GATEWAY=192.168.0.1

Restart the Network service :

# systemclt restart network

Step 8 : Test the client machine

You can access one of the websites from the client machine and check the cache DNS server query access time

How to setup Caching DNS Server in CENTOS/RHEL 7.6 16

Again query the same website using dig :

How to setup Caching DNS Server in CENTOS/RHEL 7.6 18

Congratulations! You have successfully configured caching nameserver on your Centos/RHEL 7.x . Drop me your feedback/comments.

If you like the article ? Please share it and help us grow 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *