Setup Caching-Only DNS Server Using “Bind” in CentOS 6.5

Original Post: http://www.tecmint.com/install-caching-only-dns-server-in-centos/

There are several type of DNS servers such as master, slave, forwarding and cache, among them Caching-Only DNS is the one, which is easier to setup. DNS use UDP protocol so it will reduce the query time because UDP protocol does not have an acknowledgement.

Install Caching-Only DNS in CentOS

Setup Caching-Only DNS in CentOS

Read Also: Setup Master-Slave DNS Server in CentOS 6.5

The caching-only DNS server is also known as a resolver. It will query DNS records and get all DNS information from other servers and stores the each query request in its cache for later use. While we are querying same request for the second time, it will serve from its cache, this way it reduces query time.

My Testing Environment
IP Address	:	192.168.0.200
Host-name	:	dns.tecmintlocal.com
OS		:	Centos 6.5 Final
Ports Used	:	53
Config File	:	/etc/named.conf
script file	:	/etc/init.d/named

Step 1: Installing Caching-Only DNS

1. The Caching-Only DNS, can be installed by using package ‘bind‘. Let’s do a small search for the package name if we don’t remember the fill package name using below command.

# yum search bind
Search Bind Package

Search Bind Package


2. In the above result, you see the packages that displayed. From that we need to choose the 'bind' and 'bind-utils' packages, let's install them using following 'yum' command.
# yum install bind bind-utils -y
Install Caching Only DNS

Install DNS Utils

Step 2: Configure Caching-Only DNS

3. Once, DNS packages are installed, move forward to configure DNS. Open and edit ‘named.conf‘ file using vim editor.

# vim /etc/named.conf

4. Next, make changes as suggested below or you can use your settings as per your requirements. Following are the changes, that we need to do for a caching-only DNS server. Here, by default the localhost will be there, we need to add the ‘any‘ to accept query from any range of network.

listen-on port 53 { 127.0.0.1; any; };
allow-query     { localhost; any; };
allow-query-cache       { localhost; any; };
Configure Caching Only DNS

Configure Caching Only DNS

  1. listen-on port 53 – This say that Cache server want to use the port 53 for query.
  2. allow-query – This Specifies which ip address may query the server, here I have defined for localhost, from anywhere anyone can send query.
  3. allow-query-cache – This will add the query request to the bind.
  4. recursion – This will query the answer and give back to us, during query it may send query to other DNS server over the internet and pull back the query.

5. After editing the file, we have to confirm whether the ‘named.conf‘ files ownership was not changed from root:named, because the DNS runs under a system user named.

# ls -l /etc/named.conf
# ls -l /etc/named.rfc1912.zones

6. If the server enabled with selinux, after editing ‘named.conf‘ file, we need to check for the selinux context, every named config files need to be in “system_u:object_r:named_conf_t:s0” context as shown in the image below.

# ls -lZ /etc/named.conf
# ls -lZ /etc/named.rfc1912.zones

Okay, here we need to test DNS configuration now for some syntax error, before starting the bind service, if any error found some can be traced from /var/messages too.

# named-checkconf /etc/named.conf

After the syntax check results seems perfect, restart the service to take effect for above changes and make the service to run persistent while reboot the server and confirm the same.

# /etc/init.d/named restart
# chkconfig named on
# chkconfig --list named
Configure and Start DNS

Configure and Start DNS

7. Next, open the port 53 on the firewall to allow the access.

# iptables -I INPUT -p udp --dport 53 -j ACCEPT
Iptables Open DNS Port

Iptables Open DNS Port

Step 4: Chroot Caching-Only DNS

8. If you want to run the DNS caching-server under chroot environment, you need to install the chroot package only, no need of further configuration, as it by default hard-link to chroot.

# yum install bind-chroot -y

Once chroot package has been installed, you can restart the named service to take new changes.

# /etc/init.d/named restart

9. Once you restart named service, it automatically create a hard-link from the /etc/named config files to /var/named/chroot/etc/ directory. To confirm, just use the cat command under /var/named/chroot.

# sudo cat /var/named/chroot/etc/named.conf
Chroot Caching Only DNS

Chroot Caching Only DNS

In the above configuration, you will see the same /etc/named.conf configuration, as it will be replaced while installing bind-chroot package.

Step 5: Client Side DNS Setup

10. Add the DNS caching servers IP 192.168.0.200 as resolver to the client machines.

In Debian based machines it will be under /etc/resolv.conf and in RPM based machines it will be under setup command or we can edit manually under /etc/sysconfig/network-scripts/ifcfg-eth0 file.

11. Finally it’s time to check our cache server using some tools. We can test using dig & nslookup commands in Linux systems, and in windows you can use the nslookup command.

Let’s query ‘facebook.com‘ for first time, so that it will cache its query.

# dig facebook.com
Check DNS using Dig

Check DNS using Dig

Now, issue again same query, you will get replied from our cache server till it expires.
# dig facebook.com
Check DNS Cache

Check DNS Cache

Use ‘nslookup‘ command to confirm the same.

# nslookup facebook.com
Check DNS Query Cache

Check DNS Query Cache

To read more about dig and nslookup command examples and usage, use the following links.

  1. 8 nslookup commands and usage
  2. 10 dig commands and usage

Here we have seen how successfully we have setup a DNS caching-only server using bind package and also secured it using chroot package.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s