Setup Caching-Only DNS Server Using “Bind” in CentOS 6.5

There are several type of DNS servers such as master, slave, forwarding and cache, among them Caching-Only DNS is the one, which is easier to setup. DNS use UDP protocol so it will reduce the query time because UDP protocol does not have an acknowledgement.

Install Caching-Only DNS in CentOS
Setup Caching-Only DNS in CentOS

Read Also: Setup Master-Slave DNS Server in CentOS 6.5

The caching-only DNS server is also known as a resolver. It will query DNS records and get all DNS information from other servers and stores the each query request in its cache for later use. While we are querying same request for the second time, it will serve from its cache, this way it reduces query time.

If you’re looking to setup DNS Caching-Only Server in CentOS/RHEL 7, follow this guide here:

Setting Up Caching-Only DNS Name Server in CentOS/RHEL 7

My Testing Environment
IP Address	:	192.168.0.200
Host-name	:	dns.tecmintlocal.com
OS		:	Centos 6.5 Final
Ports Used	:	53
Config File	:	/etc/named.conf
script file	:	/etc/init.d/named

Step 1: Installing Caching-Only DNS

1. The Caching-Only DNS, can be installed by using package ‘bind‘. Let’s do a small search for the package name if we don’t remember the fill package name using below command.

# yum search bind
Search Bind Package
Search Bind Package

2. In the above result, you see the packages that displayed. From that we need to choose the ‘bind‘ and ‘bind-utils‘ packages, let’s install them using following ‘yum‘ command.

# yum install bind bind-utils -y
Install Caching Only DNS
Install DNS Utils

Step 2: Configure Caching-Only DNS

3. Once, DNS packages are installed, move forward to configure DNS. Open and edit ‘named.conf‘ file using vim editor.

# vim /etc/named.conf

4. Next, make changes as suggested below or you can use your settings as per your requirements. Following are the changes, that we need to do for a caching-only DNS server. Here, by default the localhost will be there, we need to add the ‘any‘ to accept query from any range of network.

listen-on port 53 { 127.0.0.1; any; };
allow-query     { localhost; any; };
allow-query-cache       { localhost; any; };
Configure Caching Only DNS
Configure Caching Only DNS
  1. listen-on port 53 – This say that Cache server want to use the port 53 for query.
  2. allow-query – This Specifies which ip address may query the server, here I have defined for localhost, from anywhere anyone can send query.
  3. allow-query-cache – This will add the query request to the bind.
  4. recursion – This will query the answer and give back to us, during query it may send query to other DNS server over the internet and pull back the query.

5. After editing the file, we have to confirm whether the ‘named.conf‘ files ownership was not changed from root:named, because the DNS runs under a system user named.

# ls -l /etc/named.conf
# ls -l /etc/named.rfc1912.zones

6. If the server enabled with selinux, after editing ‘named.conf‘ file, we need to check for the selinux context, every named config files need to be in “system_u:object_r:named_conf_t:s0” context as shown in the image below.

# ls -lZ /etc/named.conf
# ls -lZ /etc/named.rfc1912.zones

Okay, here we need to test DNS configuration now for some syntax error, before starting the bind service, if any error found some can be traced from /var/messages too.

# named-checkconf /etc/named.conf

After the syntax check results seems perfect, restart the service to take effect for above changes and make the service to run persistent while reboot the server and confirm the same.

# /etc/init.d/named restart
# chkconfig named on
# chkconfig --list named
Configure and Start DNS
Configure and Start DNS

7. Next, open the port 53 on the firewall to allow the access.

# iptables -I INPUT -p udp --dport 53 -j ACCEPT
Iptables Open DNS Port
Iptables Open DNS Port

Step 4: Chroot Caching-Only DNS

8. If you want to run the DNS caching-server under chroot environment, you need to install the chroot package only, no need of further configuration, as it by default hard-link to chroot.

# yum install bind-chroot -y

Once chroot package has been installed, you can restart the named service to take new changes.

# /etc/init.d/named restart

9. Once you restart named service, it automatically create a hard-link from the /etc/named config files to /var/named/chroot/etc/ directory. To confirm, just use the cat command under /var/named/chroot.

# sudo cat /var/named/chroot/etc/named.conf
Chroot Caching Only DNS
Chroot Caching Only DNS

In the above configuration, you will see the same /etc/named.conf configuration, as it will be replaced while installing bind-chroot package.

Step 5: Client Side DNS Setup

10. Add the DNS caching servers IP 192.168.0.200 as resolver to the client machines.

In Debian based machines it will be under /etc/resolv.conf and in RPM based machines it will be under setup command or we can edit manually under /etc/sysconfig/network-scripts/ifcfg-eth0 file.

11. Finally it’s time to check our cache server using some tools. We can test using dig & nslookup commands in Linux systems, and in windows you can use the nslookup command.

Let’s query ‘facebook.com‘ for first time, so that it will cache its query.

# dig facebook.com

Check DNS using Dig
Check DNS using Dig

Now, issue again same query, you will get replied from our cache server till it expires.

# dig facebook.com
Check DNS Cache
Check DNS Cache

Use ‘nslookup‘ command to confirm the same.

# nslookup facebook.com
Check DNS Query Cache
Check DNS Query Cache

To read more about dig and nslookup command examples and usage, use the following links.

  1. 8 nslookup commands and usage
  2. 10 dig commands and usage

Here we have seen how successfully we have setup a DNS caching-only server using bind package and also secured it using chroot package.

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

Babin Lonston
I'm Working as a System Administrator for last 10 year's with 4 years experience with Linux Distributions, fall in love with text based operating systems.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

8 Comments

Leave a Reply
  1. Why is the zone “.” root hints and the rest of the lines commented out? Isn’t the dns cache server supposed to search recursively, meaning to start with the root hints and then go downwards until it finds the domain? If you comment out the root hints zone, how is it supposed to do that? It would need a forwarders directive.

    Reply
  2. thanks for the great info on setting the caching only dns server up with bind! I was trying to set up with both unbound on one server and bind on another and this was just what I needed. Unbound seems to not be used as much yet, maybe because it is newer than bind? In case anyone else is after unbound information I recommend checking this information which helped me a LOT:

    https://www.rootusers.com/how-to-configure-a-caching-only-dns-name-server/

    https://www.digitalocean.com/community/tutorials/how-to-set-up-the-unbound-caching-dns-resolver-on-freebsd-10-1

    Good luck!

    Reply
  3. Would/should this configuration be locked down tighter perhaps with an acl that would disallow access to the nameserver from unauthorized/unwanted clients that might attempt to exploit for a DOS attack on another site?

    Your config:
    allow-query { localhost; any; };
    allow-query-cache { localhost; any; };

    Suggestion:
    allow-query { friends; };

    acl friends {
    192.168.0/24;
    localhost;
    localnets;
    };

    Reply
  4. Nice article, thanks for sharing, is there any option to manage DNS in GUI instead of TUI… any open source tools which could be integrated with this and for the Master/Slave DNS setup??

    Reply

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.