How to install caching only dns server on Rhel 8 / Centos 8

How to install caching only DNS server in RedHat 8 / Centos 8

1. package name = bind
2. service name = named
3. port number = 53
4. rndc port = 953

rndc it uses only the loopback address, rndc is used
to manage the name server.

First install the required packages using yum or dnf:

Yum install bind bind-utils -y

Take the backup of named.conf before configuration:

Cp -p /etc/named.conf
/etc/named.conf.orig

Information about bind “named” package:

rpm -qi bind

exploring files and directories of bind “named” server:

rpm -ql bind

Now configure dns server open the file “vim /etc/named.conf” and make changes:

[root@itsummation ~]# vim /etc/named.conf

//

options {

        listen-on port 53 { localhost ; 192.168.56.12; };

                                               

        listen-on-v6 port 53 { ::1; };

        directory       "/var/named";

        dump-file    
"/var/named/data/cache_dump.db";

        statistics-file
"/var/named/data/named_stats.txt";

        memstatistics-file
"/var/named/data/named_mem_stats.txt";

        secroots-file   "/var/named/data/named.secroots";

        recursing-file  "/var/named/data/named.recursing";

        

allow-query {
localhost ; 192.168.56.0/24; };

        /*

         - If you are building an AUTHORITATIVE
DNS server, do NOT enable recursion.

         - If you are building a RECURSIVE
(caching) DNS server, you need to enable

           recursion                                             

       - If your recursive DNS server has a
public IP address, you MUST enable access

           control to limit queries to your
legitimate users. Failing to do so will

           cause your server to become part of large-scale
DNS amplification

           attacks. Implementing BCP38 within
your network would greatly

           reduce such attack surface  */

        recursion yes;    << allow recursion yes please do not
set it to NO

        dnssec-enable yes;

        dnssec-validation yes;

        managed-keys-directory
"/var/named/dynamic";

        pid-file
"/run/named/named.pid";

        
: wq!  Save exit 

To check if the configuration is OK we can run the command:

#  named-checkconf

Set your hostname in /etc/hosts

[root@itsummation ~] vim /etc/hosts

127.0.0.1
localhost localhost.localdomain localhost4 localhost4.localdomain4

::1      
localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.56.12 itsummation.lab    

: wq! Save exit                          

Add firewall rules:

firewall-cmd
--list-ports

firewall-cmd --permanent --add-port=53/tcp

firewall-cmd --permanent --add-port=53/udp

firewall-cmd –reload

If you want to remove

firewall-cmd --zone=public --remove-port=53/tcp

firewall-cmd
--zone=public --remove-port=53/tcp –permanent

firewall-cmd
--zone=public --remove-port=53/udp –permanent

firewall-cmd –reload

Enable and start dns service:

Systemctl
enable named. service

Systemctl
start named. service

Check the status:

Systemctl
status named. service

Check the port status:

Netstat -ltnp
| grep named

Change the network interface settings set your
local network ip address into wan interface file:

Wan interface file:

DEVICE="enp0s3"

ONBOOT="yes"

IPADDR="200.100.1.5"

PREFIX="24"

GATEWAY="200.100.1.1"

DNS1="192.168.56.12"    <<
set your local ip address here LAN ip address

Restart Network Manager:

systemctl restart NetworkManager

Test your dns server;

dig test.com

done 😊