In this tutorial we will learn how to install a DNS server with BIND on Rocky Linux .Among its numerous capabilities, BIND is one of the most widely used DNS servers. It supports IPv6, DNSSEC, split DNS, authoritative DNS, cache-only DNS, basic DNS load balancing, and many more.
Introduction
The DNS server software known as Berkeley Internet Name Domain, or BIND, is available for free. More than 70% of DNS on the Internet utilize this, making it one of the most widely used DNS server programs. BIND, which has been in existence since the 1980s, is renowned for its features, performance, and adaptability. Load balancing, dynamic updating, split DNS, DNSSEC, IPv6, and many other features are supported by BIND, which can be used as both authoritative DNS and caching DNS.
For operating systems similar to Unix, one of the most dependable DNS servers is the BIND program. The majority of Linux distributions support it, and it offers extra tools for DNS server testing and troubleshooting.
Pre-requisite
You will install and configure a BIND DNS server with Master-Slave architecture by following this guide. Thus, two Rocky Linux (Alma Linux) servers are required. Additionally, you will require administrator or root access on every server. For support on installation follow How to Install Rocky Linux
We may need a 3rd machine which will serve as client to test the DNS working functionality. You can chose any flavor of Linux – Debian , Ubuntu or RHEL based servers.
‘Glue Records’ must be configured and the domain name registered in order to set up an authoritative DNS server (public DNS server) that can handle your domain.
Additionally, we’ll assume that you have SELinux running in the “permissive” mode for the duration of this guide.
Host preparation
We will set up the correct FQDN (Fully Qualified Domain Name) on each of your Rocky Linux servers. This can be done via the ‘hostnamectl’ command utility and the ‘/etc/hosts’ file.
The servers along with IP details used in this tutorial is listed as below
Hostname IP Address FQDN Used as
--------------------------------------------------------------------------
node1 192.168.10.100 node1.example.com Master
node2 192.168.10.101 node2.exmaple.com SlaveLet us set the hostname on the master node using the below command
hostnamectl set-hostname node1.example.comOn the slave server run the below command
hostnamectl set-hostname node2.example.comOpen the /etc/hosts file
vim /etc/hostsAdd the below entries
192.168.10.100 node1.example.com node1
192.168.10.101 node2.example.com node2Save and Exit the file after the changes is done. Run the below command to make sure the changes are into effect in the same session
exec bashNow you can verify the hostname changes by running the below command on both the servers
hostname -f Installing BIND packages
The Rocky Linux AppStream repository provides the stable packages for the BIND.
dnf -y install bind bind-utilsOpen the configuration ‘/etc/sysconfig/named‘
vim /etc/sysconfig/namedMake sure to add OPTIONS=”-4″ so that BIND will run only on IPv4
OPTIONS="-4"Save and exit the file followed by restart of the service
systemctl start named
systemctl enable namedAdjust the firewall to add DNS
firewall-cmd --add-service=dns --permanent
firewall-cmd --reloadConfiguring Master Server
Perform the below action on the master BIND server which is node1.example.com running on IP 192.168.10.100
Open the default BIND configuration file
vi /etc/named.confMake sure the below entries to the file
acl "trusted" {
192.168.10.100; # node1 - or you can use localhost for node1
192.168.10.101; # node2
192.168.10.0/24; # trusted networks
};
options {
listen-on port 53 { 192.168.10.100; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { localhost; trusted; };
recursion yes;
allow-recursion { trusted; };
allow-transfer { localhost; 192.168.10.101; };
forwarders {
8.8.8.8;
1.1.1.1;
};Save and exit the file and verify the BIND configuration
named-checkconf /etc/named.confRestart the BIND service
systemctl restart namedNow the basic configuration is done we will proceed to setting up the zones .
Open the BIND configuration file
vim /etc/named.confAdd the line
include "/etc/named/zones.conf.local";Save the file and exit
Create a new configurational file /etc/named/zones.conf.local
vi /etc/named/zones.conf.localAdd the below content to the above file
zone "example.com" {
type master;
file "db.example.com"; # zone file path
allow-transfer { 192.168.10.101; }; # node2 IP address - secondary DNS
};
zone "10.168.192.in-addr.arpa" {
type master;
file "db.192.168.10"; # subnet 192.168.10.0/24
allow-transfer { 192.168.10.101; }; # node2 private IP address - secondary DNS
};Save and exit the file.
Create the DNS zone configuration file /var/named/db.example.com
vi /var/named/db.exmaple.comAdd the below entries to the above file
;
; BIND data file for the local loopback interface
;
$TTL 604800
@ IN SOA node1.example.com. admin.example.com. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; NS records for name servers
IN NS node1.example.com.
IN NS node2.example.com.
; A records for name servers
node1.example.com. IN A 192.168.10.100
node2.example.com. IN A 192.168.10.101
; Mail handler or MX record for the domain example.com
example.com. IN MX 10 mail.example.com.
; A records for domain names
example.com. IN A 192.168.10.3
mail.example.com. IN A 192.168.10.4Save & exit the file
Configure the reverse DNS for the domain exmaple.com by creating the below file
vi /var/named/db.192.168.10Add the below contents to the file
;
; BIND reverse data file for the local loopback interface
;
$TTL 604800
@ IN SOA node1.example.com. admin.example.com. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; name servers - NS records
IN NS node1.example.com.
IN NS node2.example.com.
; PTR Records
100 IN PTR node1.example.com. ; 192.168.10.100
120 IN PTR node2.example.com. ; 192.168.10.101
50 IN PTR example.com. ; 192.168.10.3
15 IN PTR mail.example.com. ; 192.168.10.4Save and exit the file
Change the ownership of the zones created
chown -R named: /var/named/{db.exmaple.com,db.192.168.10}Verify zone config files via the ‘named-checkconf‘
named-checkconfnamed-checkzone hwdomain.io /var/named/db.example.com
named-checkzone 10.168.192.in-addr.arpa /var/named/db.192.168.10If the configuration are correct you will see OK being flashed in the output
Restart the BIND service
systemctl restart namedConfiguring slave server
In this section we will perform the action on the Slave which is node2.exmaple.com running on IP 192.168.10.101
Open the BIND configuration file
vi /etc/named.confAdd the below contents to the above file
acl "trusted" {
192.168.10.100; # node1 - or you can use localhost for ns1
192.168.10.101; # node2
192.168.10.0/24; # trusted networks
};
options {
listen-on port 53 { 192.168.10.101; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; };
recursion yes;
allow-recursion { trusted; };
allow-transfer { none; };
forwarders {
8.8.8.8;
1.1.1.1;
};
};Add the following line to the bottom of the ‘named.conf’ file for defining zones.
include "/etc/named/zones.conf.local";Save and Exit the file after completion
Create a new configuration ‘/etc/named/zones.conf.local’
vim /etc/named/zones.conf.localAdd the below content to the above file
zone "example.com" {
type slave;
file "slaves/db.example.com";
masters { 192.168.5.100; }; # node1 IP address - master DNS
};
zone "10.168.192.in-addr.arpa" {
type slave;
file "slaves/db.192.168.10";
masters { 192.168.10.100; }; # node1 IP address - master DNS
};Save and close the file when completed
Verify the BIND configuration followed by restart
named-checkconf
systemctl restart namedYou can now finally verify the BIND service on both the master & slave
systemctl status namedIf everything was correctly configured you should see the service as Active (running) in the output.
Testing with a Client
You can any client node in the network and perform the below steps to test the DNS resolution for the hostnames.
Open /etc/resolv.conf file
vim /etc/resolv.confAdd the below content to the file above
nameserver 192.168.10.100
nameserver 192.168.10.101
search example.comSave and close the file once completed
We will now verify the DNS server from this client
Run the dig command below to check the domain name “example.com” and “mail.example.com”. And you should see the “example.com” is resolved to the server IP address “192.168.10.3“, while the sub-domain “mail.example.com” is handled by the server IP address “192.168.10.4″.
dig example.com +short
dig example.comdig mail.example.com +short
dig mail.example.comWe can also run the nslookup command to verify the reverse lookup
The IP address “192.168.10.100” is reversed to the name server “node1.example.com“, the IP address “192.168.10.101” is reversed to the name server “node2.example.com
nslookup 192.168.10.100
nslookup 192.168.10.101Conclusion
Best wishes! You have gained knowledge about the installation and setup of BIND DNS Server on Rocky Linux 9 systems during this guide. You have used two distinct Rocky Linux servers to successfully configure the Master-Slave BIND DNS Server. Additionally, you now know how to use Dig and Nslookup to inspect and validate DNS configurations by using another machine as client. For more detail on BIND refer the official Website BIND9