Setup a Caching-only DNS Server in RHEL / CentOS 7 - CentLinux - Installation Guides & HowTos


Saturday, 1 December 2018

Setup a Caching-only DNS Server in RHEL / CentOS 7

Setup a Caching-only DNS Server in RHEL 7

DNS (Domain Name System) is a hierarchical decentralized naming system for computer, devices, services or other resources connected to the Internet/Intranet. DNS translates more readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocol.

A Caching-only DNS server is a special type of DNS server. It is not authoritative for any domain. Instead it forwards all DNS resolution requests to some other server and provide the results to the requested client as received from that server. It is also cache the results of DNS queries for fast resolution of repeating queries.

Configuring a Caching-only DNS server is a trivial task in Linux as compare to a Authoritative DNS Server, because, you don’t have to add any DNS records, whereas the DNS queries are forwarded and satisfied by some other authoritative or Caching-only DNS Servers.

BIND (Berkeley Internet Name Domain) is a famous DNS server in RHEL 7 and previous releases. BIND was used to configure Authoritative DNS servers as well caching-only DNS servers. However, In RHEL 7 we also have unbound to easily configure a Caching-only DNS Server. We recommend the use of unbound DNS Server, because it is simple and convenient.


Configure unbound as Caching-only DNS Server:

Connect to the with ssh and check current DNS Settings of the Server.

[root@dns-01 ~]# cat /etc/resolv.conf # Generated by NetworkManager domain localdomain search localdomain nameserver [root@dns-01 ~]#

Above command shows us the DNS server in use. Install unbound to configure a Caching-only DNS server.

[root@dns-01 ~]# yum install -y unbound Loaded plugins: langpacks, product-id, subscription-manager This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. Resolving Dependencies --> Running transaction check ---> Package unbound.x86_64 0:1.4.20-19.el7 will be installed --> Processing Dependency: unbound-libs(x86-64) = 1.4.20-19.el7 for package: unbound-1.4.20-19.el7.x86_64 --> Processing Dependency: ldns >= 1.6.13 for package: unbound-1.4.20-19.el7.x86_64 --> Processing Dependency: for package: unbound-1.4.20-19.el7.x86_64 --> Processing Dependency: for package: unbound-1.4.20-19.el7.x86_64 --> Processing Dependency: for package: unbound-1.4.20-19.el7.x86_64 --> Running transaction check ---> Package ldns.x86_64 0:1.6.16-7.el7 will be installed ---> Package libevent.x86_64 0:2.0.21-4.el7 will be installed ---> Package unbound-libs.x86_64 0:1.4.20-19.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================================================== Package Arch Version Repository Size ========================================================================================================================== Installing: unbound x86_64 1.4.20-19.el7 localyum 471 k Installing for dependencies: ldns x86_64 1.6.16-7.el7 localyum 473 k libevent x86_64 2.0.21-4.el7 localyum 214 k unbound-libs x86_64 1.4.20-19.el7 localyum 294 k Transaction Summary ========================================================================================================================== Install 1 Package (+3 Dependent packages) Total download size: 1.4 M Installed size: 4.4 M Downloading packages: -------------------------------------------------------------------------------------------------------------------------- Total 7.7 MB/s | 1.4 MB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : ldns-1.6.16-7.el7.x86_64 1/4 Installing : libevent-2.0.21-4.el7.x86_64 2/4 Installing : unbound-libs-1.4.20-19.el7.x86_64 3/4 Installing : unbound-1.4.20-19.el7.x86_64 4/4 Verifying : libevent-2.0.21-4.el7.x86_64 1/4 Verifying : unbound-1.4.20-19.el7.x86_64 2/4 Verifying : ldns-1.6.16-7.el7.x86_64 3/4 Verifying : unbound-libs-1.4.20-19.el7.x86_64 4/4 Installed: unbound.x86_64 0:1.4.20-19.el7 Dependency Installed: ldns.x86_64 0:1.6.16-7.el7 libevent.x86_64 0:2.0.21-4.el7 unbound-libs.x86_64 0:1.4.20-19.el7 Complete! [root@dns-01 ~]#

Configure unbound DNS server settings.

[root@dns-01 yum.repos.d]# vi /etc/unbound/unbound.conf

Find and adjust following settings in the above file.

interface: access-control: allow domain-insecure: "" forward-zone: name: "." forward-addr:

Check unbound Configurations for possible syntax errors.

[root@dns-01 yum.repos.d]# unbound-checkconf unbound-checkconf: no errors in /etc/unbound/unbound.conf

Start and enable unbound service.

[root@dns-01 yum.repos.d]# systemctl start unbound ; systemctl enable unbound

Allow DNS service in Linux firewall.

[root@dns-01 yum.repos.d]# firewall-cmd --permanent --add-service=dns ; firewall-cmd --reload success success

Set newly configured DNS Server as the primary DNS server for the machine.

[root@dns-01 yum.repos.d]# nmcli connection modify eno16777728 ipv4.dns [root@dns-01 yum.repos.d]# nmcli connection down eno16777728 ; nmcli connection up eno16777728 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4) [root@dns-01 yum.repos.d]# cat /etc/resolv.conf # Generated by NetworkManager domain localdomain search localdomain nameserver [root@dns-01 yum.repos.d]#

Check DNS Server by pinging an Internet Server by hostname.

[root@dns-01 yum.repos.d]# ping PING ( 56(84) bytes of data. 64 bytes from ( icmp_seq=1 ttl=128 time=271 ms 64 bytes from ( icmp_seq=2 ttl=128 time=275 ms 64 bytes from ( icmp_seq=3 ttl=128 time=271 ms

Our Caching-only DNS Server in RHEL 7 has been configured successfully.