How to Install Bind DNS on CentOS Stream 9 Server (Setup / Configure)
How to Install Bind DNS on CentOS Stream 9 Server (Setup/Configure). In this article, we will introduce what Bind DNS server is with its main features and move on to the installation and configuration phase.
Bind is a free and open source DNS server developed in the 1980s that supports various features, including IPv6, load balancing, split DNS, DNSSEC, Incremental zone transfer (IXFR), Transaction Signatures (TSIG), DNS Notify, Transaction Key (TKEY), etc. Let’s get started!
What Is Bind 9 DNS?
Bind 9 DNS is a highly flexible and fully featured DNS system that is available in every application. This transparent open source solution is licensed under the MPL 2.0 license, which means users are free to add functionality to the Bind 9 and contribute back to the community through open Gitlab.
Today, almost every Internet connection begins with a DNS lookup. Before your mail, the server sends an email, which provides a DNS lookup to resolve a DNS name and IP address. You can use Bind 9 successfully on every application that includes publishing the DNS root zone and many top level domains, hosting providers who publish very large zone files with many small zones, enterprises with internal and external zones, and service providers with large resolver farms.
Bind 9 Features
Bind 9 constitutes the following features and capabilities:
- Authoritative DNS – It published DNS under the server’s authoritative control.
- Basic DNS Load Balancing – It can be achieved using several A records under one name.
- Dynamic Update – It enables you to add, replace, or delete records in a primary server by sending a special type of DNS message.
- Split DNS – It provides different views of the DNS space to internal and external resolvers
- Transaction Keys – With the help of this key, you can negotiate a shared secret between two hosts efficiently.
- Transaction Signatures – It helps you to authenticate DNS messages by cryptographically signing them with a shared secret.
- Incremental Zone Transfer – With the help of Incremental Zone Transfer, you can transfer only modified data to the secondary server.
- DNS Notify – It enables the primary DNS server to notify a secondary server of changes to zone data.
- Cache Only DNS – It provides DNS name resolution for applications by replaying requests to an authoritative server or acting as a secondary DNS that holds a read -only copy of the authoritative zone file.
Benefits Of Bind 9 DNS
The benefits of Bind 9 DNS are as follows:
- Bind 9 DNS has broad usage and a strong community. It is considered a de facto standard for DNS in Linux systems and is actively supported by a large open source community.
- Bind 9 DNS supports Linux, NetBSD, FreeBSD, OpenBSD, macOS, and Windows.
- Bind 9 is the only DNS server that covers all the basic DNS functionality.
- Bind 9 is used in several production DNS servers and is also known for stable and predictable operations.
Follow this post to navigate through how to install the Bind DNS server on CentOS Stream 9 Server (Setup/Configure).
Install Bind DNS on CentOS Stream 9 Server
Prerequisites
- A server running Centos 9 Steam with SSH access.
- A root user or a user with sudo privileges.
Install Bind DNS on Centos 9
By default, the Bind DNS package is included in the Centos 9 default repo. You can install it easily with the following command:
dnf install -y bind bind-utils
Once the Bind package is installed, you can verify it using the following command:
rpm -qa| grep bind
You will get the following output:
bind-license-9.11.36-3.el8.noarch
bind-export-libs-9.11.26-6.el8.x86_64
bind-9.11.36-3.el8.x86_64
bind-libs-9.11.36-3.el8.x86_64
python3-bind-9.11.36-3.el8.noarch
bind-utils-9.11.36-3.el8.x86_64
bind-libs-lite-9.11.36-3.el8.x86_64
How to Manage Bind Services
Bind service is managed by systemd. You can manage it easily via systemctl command.
Start Bind service
To start the Bind service, run the following command:
systemctl start named
To enable the Bind service to start it after the system reboot, run the following command:
systemctl enable named
Check status of Bind service
To check the status of the Bind DNS service, run the following command:
systemctl status named
You will get the following output:
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since Mon 2022-06-27 04:46:54 UTC; 4s ago
Process: 1742 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 1739 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else ec>
Main PID: 1744 (named)
Tasks: 4 (limit: 11412)
Memory: 15.5M
CGroup: /system.slice/named.service
└─1744 /usr/sbin/named -u named -c /etc/named.conf
Jun 27 04:46:54 centos9 named[1744]: network unreachable resolving './DNSKEY/IN': 2001:500:2d::d#53
Jun 27 04:46:54 centos9 named[1744]: network unreachable resolving './NS/IN': 2001:500:2d::d#53
Jun 27 04:46:54 centos9 named[1744]: network unreachable resolving './DNSKEY/IN': 2001:500:2f::f#53
Jun 27 04:46:54 centos9 named[1744]: network unreachable resolving './NS/IN': 2001:500:2f::f#53
Jun 27 04:46:54 centos9 named[1744]: network unreachable resolving './DNSKEY/IN': 2001:7fe::53#53
Jun 27 04:46:54 centos9 named[1744]: network unreachable resolving './NS/IN': 2001:7fe::53#53
Jun 27 04:46:54 centos9 named[1744]: network unreachable resolving './DNSKEY/IN': 2001:500:200::b#53
Jun 27 04:46:54 centos9 named[1744]: network unreachable resolving './NS/IN': 2001:500:200::b#53
Jun 27 04:46:54 centos9 named[1744]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
Jun 27 04:46:54 centos9 named[1744]: resolver priming query complete
At this point, Bind DNS is started and listens on port 53. You can check it using the following command:
ss -antpl | grep named
You should see the following output:
LISTEN 0 128 127.0.0.1:953 0.0.0.0:* users:(("named",pid=1744,fd=23))
LISTEN 0 10 127.0.0.1:53 0.0.0.0:* users:(("named",pid=1744,fd=21))
LISTEN 0 128 [::1]:953 [::]:* users:(("named",pid=1744,fd=24))
LISTEN 0 10 [::1]:53 [::]:* users:(("named",pid=1744,fd=22))
Configure Bind DNS
By default, Bind DNS listens on the localhost. So you will need to configure it to listen to your IP address. You can do it by editing the Bind DNS default configuration file:
nano /etc/named.conf
Change the following line:
listen-on port 53 { 127.0.0.1; 192.168.0.25;};
Save and close the file when you are finished.
Create Forward and Reverse Lookup Zone File
Next, you will need to create a forward and reverse lookup configuration file to resolve the DNS query. You can define both by editing named.rfc1912.zones configuration file:
nano /etc/named.rfc1912.zones
Add the following lines:
zone "testdomain.com" {
type master;
file "https://net.cloudinfrastructureservices.co.uk/var/named/forward.testdomain.com";
};
zone "0.168.192.in-addr.arpa" {
type master;
file "https://net.cloudinfrastructureservices.co.uk/var/named/reverse.testdomain.com";
};
Save and close the file then verify the configuration file with the following command:
named-checkconf
If everything is fine, you should not get any output.
Create forward lookup file
Next, create a forward lookup file using the following command:
nano /var/named/forward.testdomain.com
Add the following configuration:
$TTL 604800
@ IN SOA nameserver.testdomain.com. root.nameserver.testdomain.com. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
@ IN NS nameserver.testdomain.com.
nameserver IN A 192.168.0.25
ftp IN A 192.168.0.25
@ IN AAAA ::1
Save and close the file then create a reverse lookup configuration file:
nano /var/named/reverse.testdomain.com
Add the following lines:
$TTL 604800
@ IN SOA nameserver.testdomain.com. root.nameserver.testdomain.com. (
1
604800
86400
2419200
604800 )
@ IN NS nameserver.testdomain.com.
nameserver IN A 192.168.0.25
25 IN PTR nameserver.testdomain.com.
Save and close the file when you are done.
To check the forward lookup configuration file, run the following command:
named-checkzone forward.testdomain /var/named/forward.testdomain.com
You should see the following output:
zone forward.testdomain/IN: loaded serial 2
OK
Check reverse lookup file
To check the reverse lookup configuration file, run the following command:
named-checkzone reverse.testdomain /var/named/reverse.testdomain.com
You should see the following output:
zone reverse.testdomain/IN: loaded serial 1
OK
Finally, restart the Bind service to apply the changes:
systemctl restart named
Configure Client Machine to Use Bind DNS Server
Next, you will need to define your Bind DNS server on your client’s machine. You can do it by editing the /etc/resolv.conf file:
nano /etc/resolv.conf
Add your DNS server domain and IP as shown below:
search testdomain.com
nameserver 192.168.0.25
Save and close the file when you are finished.
Next in this blog how to Install Bind DNS on CentOS Stream 9 Server (Setup / Configure) is to verify Bind DNS Server.
Verify Bind DNS Server
At this point, Bind DNS server is installed and configured. Now, you will need to test whether it functions properly or not. You can use the dig tool to test the DNS server.
Run the dig command against your DNS nameserver as shown below:
dig nameserver.testdomain.com
You should see the name to IP resolution in the following output:
; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> nameserver.testdomain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52312
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: f28984410b46e4d0fe2aa38f62b9380dc368187fe9b0d441 (good)
;; QUESTION SECTION:
;nameserver.testdomain.com. IN A
;; ANSWER SECTION:
nameserver.testdomain.com. 604800 IN A 192.168.0.25
;; AUTHORITY SECTION:
testdomain.com. 604800 IN NS nameserver.testdomain.com.
;; Query time: 0 msec
;; SERVER: 192.168.0.25#53(192.168.0.25)
;; WHEN: Mon Jun 27 04:54:37 UTC 2022
;; MSG SIZE rcvd: 112
Next, run the dig command against your DNS server IP:
dig -x 192.168.0.25
You should see the IP to name resolution in the following output:
; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> -x 192.168.0.25
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47120
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: e9a69f215dde259fae7960b462b9381f09ffd64beb2bd781 (good)
;; QUESTION SECTION:
;25.0.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
25.0.168.192.in-addr.arpa. 604800 IN PTR nameserver.testdomain.com.
;; AUTHORITY SECTION:
0.168.192.in-addr.arpa. 604800 IN NS nameserver.testdomain.com.
;; ADDITIONAL SECTION:
nameserver.testdomain.com. 604800 IN A 192.168.0.25
;; Query time: 0 msec
;; SERVER: 192.168.0.25#53(192.168.0.25)
;; WHEN: Mon Jun 27 04:54:55 UTC 2022
;; MSG SIZE rcvd: 151
You can also use the nslookup tool to verify name to IP address resolution:
nslookup nameserver.testdomain.com
You should see the following output:
Server: 192.168.0.25
Address: 192.168.0.25#53
Name: nameserver.testdomain.com
Address: 192.168.0.25
To test IP address to name resolution, run the following command:
nslookup 192.168.0.25
You should see the following output:
25.0.168.192.in-addr.arpa name = nameserver.testdomain.com.
Great effort! Today we have learned how to Install Bind DNS on CentOS Stream 9 Server (Setup/Configure). Let’s conclude.
How to Install Bind DNS on CentOS Stream 9 Server Conclusion
The Bind DNS is simple, easy to use and customizable which provides administrators with granular control over a DNS server. It is compatible with almost all major Linux distributions and can run on Windows hosts.
In this post we have learned how to install and configure the Bind DNS server on Centos 9 Steam. We also create a forward and reverse lookup zone file and test the DNS functionality using the dig command. I hope this guide will help you to set up the Bind DNS server in your environment to resolve DNS queries.
