How to Set Up a DNS Server on Linux with BIND
The Domain Name System (DNS) acts as the phonebook of the internet, translating human-readable domain names into machine-readable IP addresses.
On Linux systems, the most widely used DNS server implementation is BIND (Berkeley Internet Name Domain). It provides a powerful and flexible platform for running authoritative or recursive DNS services.
This guide walks through the complete process of installing and configuring a DNS server using BIND on Linux.
๐ฆ Installing BIND on Linux #
Begin by installing the BIND server and its supporting utilities.
sudo yum install bind bind-utils
These packages include:
- named โ the BIND DNS server daemon
- dig / nslookup tools โ utilities for testing DNS queries
- Configuration templates for DNS zones
After installation, configuration files are typically located under:
/etc/named.conf
/var/named/
โ๏ธ Configuring the Primary DNS Server #
The main BIND configuration file is located at:
/etc/named.conf
This file controls server behavior, including network interfaces, query permissions, and DNS zone definitions.
Example configuration:
options {
listen-on port 53 { any; }; // Listen on all network interfaces
allow-query { any; }; // Allow DNS queries from any source
recursion yes; // Enable recursive queries
};
// Forward lookup zone
zone "example.com" IN {
type master;
file "/var/named/example.com.zone";
allow-update { none; };
};
Key configuration points:
- listen-on determines which interfaces accept DNS requests.
- allow-query defines which clients may query the server.
- recursion enables recursive DNS lookups.
The zone block defines an authoritative DNS zone for your domain.
๐ Creating the Forward Zone File #
The forward zone file contains the DNS records that map domain names to IP addresses.
Create the file:
/var/named/example.com.zone
Example zone configuration:
$TTL 86400
@ IN SOA ns1.example.com. root.example.com. (
2018010101 ; Serial (YYYYMMDDNN)
3600 ; Refresh
1800 ; Retry
604800 ; Expire
86400 ; Minimum TTL
)
@ IN NS ns1.example.com.
@ IN A 192.168.1.10
www IN A 192.168.1.20
Explanation of the records:
- SOA (Start of Authority) โ Administrative metadata for the zone.
- NS record โ Declares the authoritative nameserver.
- A record โ Maps a hostname to an IPv4 address.
In this example:
example.comresolves to192.168.1.10www.example.comresolves to192.168.1.20
๐ Configuring Reverse DNS Lookup #
Reverse DNS translates IP addresses back into hostnames.
Add a reverse lookup zone to /etc/named.conf:
zone "1.168.192.in-addr.arpa" IN {
type master;
file "/var/named/1.168.192.zone";
allow-update { none; };
};
Then create the reverse zone file:
/var/named/1.168.192.zone
Example configuration:
$TTL 86400
@ IN SOA ns1.example.com. root.example.com. (
2018010101
3600
1800
604800
86400
)
@ IN NS ns1.example.com.
10 IN PTR example.com.
20 IN PTR www.example.com.
PTR records map the last octet of the IP address:
192.168.1.10 โ example.com192.168.1.20 โ www.example.com
Reverse DNS is often required for mail servers, security validation, and network diagnostics.
๐ Configuring Firewall and DNS Services #
To allow DNS traffic, ensure port 53 (UDP/TCP) is open in the firewall.
# Allow DNS traffic
sudo firewall-cmd --add-service=dns --permanent
sudo firewall-cmd --reload
# Start BIND
sudo systemctl start named
# Enable auto-start at boot
sudo systemctl enable named
You can verify that the service is running:
systemctl status named
๐ How DNS Resolution Works #
When a user enters www.example.com into a browser, a multi-step resolution process converts the domain into an IP address.
DNS Resolution Workflow #
-
Local Cache Check The operating system checks its DNS cache.
-
Recursive Resolver If the record is not cached, the request is sent to a recursive DNS server (usually provided by the ISP).
-
Root Name Server The resolver queries a root server to find the appropriate Top-Level Domain (TLD) server.
-
TLD Name Server The root server points to the
.comTLD nameserver. -
Authoritative Server The TLD server directs the resolver to the authoritative server responsible for
example.com. -
IP Address Retrieval The authoritative server returns the requested IP address.
-
Caching and Response The resolver caches the result for the duration defined by the TTL and returns the IP to the client.
This entire process typically completes in just a few milliseconds.
๐ง Key DNS Terminology #
| Term | Description |
|---|---|
| A Record | Maps a hostname to an IPv4 address. |
| PTR Record | Maps an IP address to a hostname (reverse lookup). |
| NS Record | Specifies authoritative name servers for a zone. |
| SOA Record | Contains administrative information about a DNS zone. |
| TTL | Defines how long DNS responses remain cached. |
๐งพ Summary #
Setting up a DNS server using BIND involves several key steps:
- Installing the BIND server and utilities
- Configuring the main server configuration file
- Creating forward and reverse zone records
- Enabling firewall access and starting the service
- Understanding how recursive DNS resolution works
Once configured, your Linux server becomes an authoritative DNS provider capable of resolving domain names and supporting network infrastructure services.