Welcome to the interactive DNS configuration tutorial!
Configure a DNS is an important task that any junior networking engineer should master. However, it could have significant impact on entire network infrastructure. So in this tutorial, I will show you the ways I do it for my home lab.
Most important: You need to know which operating system you are running. In this case, we will use RHEL 9.
cat /etc/os-release
NAME="Red Hat Enterprise Linux"
VERSION="9.2 (Plow)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="9.2"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Red Hat Enterprise Linux 9.2 (Plow)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos"
HOME_URL="https://www.redhat.com/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_BUGZILLA_PRODUCT_VERSION="9.2"
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.2"
Great! We're running RHEL 9.2. Now let's check if we have the necessary DNS packages installed.
rpm -qa | grep bind
bind-utils-9.16.23-11.el9.x86_64
bind-libs-9.16.23-11.el9.x86_64
We need to install the full BIND DNS server. Let's install it now.
sudo dnf install bind bind-utils -y
Last metadata expiration check: 0:00:12 ago on Mon 04 Dec 2023 10:15:23 AM EST.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
bind x86_64 32:9.16.23-11.el9 appstream 2.1 M
bind-utils x86_64 32:9.16.23-11.el9 appstream 479 k
Installing dependencies:
bind-libs x86_64 32:9.16.23-11.el9 appstream 1.7 M
Transaction Summary
Install 3 Packages
Total download size: 4.3 M
Installed size: 12 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : bind-libs-32:9.16.23-11.el9.x86_64 1/3
Installing : bind-32:9.16.23-11.el9.x86_64 2/3
Installing : bind-utils-32:9.16.23-11.el9.x86_64 3/3
Running scriptlet: bind-utils-32:9.16.23-11.el9.x86_64 3/3
Verifying : bind-32:9.16.23-11.el9.x86_64 1/3
Verifying : bind-libs-32:9.16.23-11.el9.x86_64 2/3
Verifying : bind-utils-32:9.16.23-11.el9.x86_64 3/3
Installed:
bind-32:9.16.23-11.el9.x86_64 bind-libs-32:9.16.23-11.el9.x86_64
bind-utils-32:9.16.23-11.el9.x86_64
Complete!
Perfect! BIND is now installed. Let's check the main configuration file location.
ls -la /etc/named.conf
-rw-r-----. 1 root named 1785 Oct 14 14:30 /etc/named.conf
Now let's backup the original configuration before making changes.
sudo cp /etc/named.conf /etc/named.conf.backup
Let's examine the current DNS configuration to understand the structure.
sudo cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
secroots-file “/var/named/data/named.secroots”;
recursing-file “/var/named/data/named.recursing”;
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
managed-keys-directory “/var/named/dynamic”;
pid-file “/run/named/named.pid”;
session-keyfile “/run/named/session.key”;
include “/etc/crypto-policies/back-ends/bind.config”;
};
logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};
zone “.” IN {
type hint;
file “named.ca”;
};
include “/etc/named.rfc1912.zones”;
include “/etc/named.root.key”;
Now we need to configure BIND to accept queries from our network. Let's edit the configuration.
sudo nano /etc/named.conf
We'll modify the listen-on and allow-query directives. Here's what we're changing:
- listen-on port 53 { 127.0.0.1; }; → listen-on port 53 { any; };
- allow-query { localhost; }; → allow-query { any; };
This allows the DNS server to accept queries from any IP address.
sudo systemctl start named
sudo systemctl enable named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /lib/systemd/system/named.service.
Let's check if the DNS service is running properly.
sudo systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2023-12-04 10:25:43 EST; 2min 15s ago
Docs: man:named(8)
Main PID: 12345 (named)
Tasks: 5 (limit: 4915)
Memory: 15.2M
CPU: 45ms
CGroup: /system.slice/named.service
└─12345 /usr/sbin/named -u named -c /etc/named.conf
Dec 04 10:25:43 linux-server named[12345]: zone localhost/IN: loaded serial 0
Dec 04 10:25:43 linux-server named[12345]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Dec 04 10:25:43 linux-server named[12345]: zone localhost.localdomain/IN: loaded serial 0
Dec 04 10:25:43 linux-server named[12345]: all zones loaded
Dec 04 10:25:43 linux-server named[12345]: running
Dec 04 10:25:43 linux-server systemd[1]: Started Berkeley Internet Name Domain (DNS).
Excellent! The DNS service is running. Now let's test our DNS server.
nslookup google.com localhost
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: google.com
Address: 172.217.12.142
Name: google.com
Address: 2607:f8b0:4004:c1b::71
Perfect! Our DNS server is working and can resolve external domains. Let's also configure the firewall to allow DNS traffic.
sudo firewall-cmd --permanent --add-service=dns
success
sudo firewall-cmd --reload
success
🎉 Congratulations! You have successfully configured a DNS server on Linux!
Here’s what we accomplished:
✅ Installed BIND DNS server
✅ Configured the server to accept queries from any IP
✅ Started and enabled the DNS service
✅ Tested DNS resolution
✅ Configured firewall rules
Your DNS server is now ready to serve DNS queries for your network!