Comprehensive Guide To Set up Bind on AlmaLinux 9
This tutorial aims to guide you through the process of How To Set up Bind on AlmaLinux 9. BIND (Berkeley Internet Name Domain) is a comprehensive software suite that includes the world’s most widely deployed DNS (Domain Name System) server software. This full-featured implementation of DNS service and tools is designed to be 100% standards-compliant and serves as a reference architecture for DNS software.
BIND is the most prevalent DNS server software on the Internet. The individuals who manage BIND DNS servers on a daily basis are typically network administrators or system administrators who possess proficiency in Linux/UNIX environments. Let’s dive into setting up Bind on AlmaLinux 9.
You can now follow the steps below to install and configure Bind on AlmaLinux 9.
Before you begin, ensure you are logged in to your server as a non-root user with sudo privileges and that you have set up a basic firewall. If you haven’t already, you can refer to a guide on Initial Server Setup with AlmaLinux 9.
Additionally, you’ll need a domain name that is pointed to your server’s IP address. This is crucial for the DNS server to function correctly.
1. Install Bind on AlmaLinux 9
First, update the local package index using the following command:
sudo dnf update -yNext, install Bind and bind-utils on AlmaLinux 9 by executing the command below:
sudo dnf install bind bind-utils -yStart and Enable Bind Service
Once the installation is complete, initiate the Bind service on AlmaLinux 9 with the following command:
systemctl start namedThen, enable the service to start automatically on boot:
systemctl enable namedYou can verify the service’s status to ensure it’s active and running:
systemctl status named[Example Output]
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2023-03-06 10:00:00 UTC; 10s ago
Docs: man:named(8)
Main PID: 1234 (named)
Status: "working"
Tasks: 5 (limit: 11488)
Memory: 22.5M
CPU: 154ms
CGroup: /system.slice/named.service
└─1234 /usr/sbin/named -u named -c /etc/named.confNow, let’s explore how to configure Bind on AlmaLinux 9.
2. Configure Bind on AlmaLinux 9
First, create a backup of the Bind configuration file:
sudo cp /etc/named.conf /etc/named.bakNow, open the file with your preferred text editor. Here, we’ll use vi:
sudo vi /etc/named.confLocate the options section and comment out the following two lines:
// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };Next, find the allow-query parameter and adjust it to reflect your network subnet:
allow-query { localhost; 192.168.43.0/24; };Save and close the file after making these changes.
This configuration restricts access to the DNS server, allowing only hosts within the defined network subnet to query it.
Define Forward Lookup DNS Zone
A Forward lookup DNS zone stores the relationship between a hostname and its corresponding IP address. Upon query, it resolves the hostname to its associated IP address.
Conversely, the reverse DNS zone provides the Fully Qualified Domain Name (FQDN) of a server based on its IP address.
To define both reverse and forward lookup zones, append the following content to the Bind configuration file on AlmaLinux 9, substituting your own domain name where appropriate:
sudo vi /etc/named.conf//forward zone
zone "bind.orcacore.net" IN {
type master;
file "bind.orcacore.net.db";
allow-update { none; };
allow-query { any; };
};
//backward zone
zone "43.168.192.in-addr.arpa" IN {
type master;
file "bind.orcacore.net.rev";
allow-update { none; };
allow-query { any; };
};Save and close the file after making the necessary changes.
Next, we’ll see how to create a forward DNS zone file for the domain.
Create a Forward DNS zone file on AlmaLinux 9
Create a Forward DNS zone file for your domain using the following command:
sudo vi /var/named/bind.orcacore.net.dbNote: Remember to replace the domain name and hostname with your own.
Paste the following content into the file:
$TTL 86400
@ IN SOA hostname. admin.domain-name. (
2020011800 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
;Name Server Information
@ IN NS hostname.
;IP Address for Name Server
hostname IN A 192.168.43.35
;Mail Server MX (Mail exchanger) Record
domain-name. IN MX 10 mail.domain-name.
;A Record for the following Host name
www IN A 192.168.43.50
mail IN A 192.168.43.60
;CNAME Record
ftp IN CNAME www.domain-name.Save and close the file.
Create a Reverse DNS zone file on AlmaLinux 9
For the rest of configuring How To Set up Bind on AlmaLinux 9, you need to create a reverse DNS zone file for the domain.
sudo vi /var/named/bind.orcacore.net.revPaste the following content into the file:
$TTL 86400
@ IN SOA hostname. admin.doaminname. (
2020011800 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
;Name Server Information
@ IN NS hostname.
hostname IN A 192.168.43.35
;Reverse lookup for Name Server
35 IN PTR hostname.
;PTR Record IP address to Hostname
50 IN PTR www.domainname
60 IN PTR mail.domainanmeSave and close the file.
Assign the necessary file permissions to the two configuration files:
# sudo chown named:named /var/named/bind.orcacore.net.db
# sudo chown named:named /var/named/bind.orcacore.net.revNow, verify that the DNS zone lookup files have no syntax errors:
# sudo named-checkconf
# sudo named-checkzone bind.orcacore.net /var/named/bind.orcacore.net.db
# sudo named-checkzone 192.168.43.35 /var/named/bind.orcacore.net.revRestart Bind service on AlmaLinux 9
To apply these changes, restart the Bind service:
sudo systemctl restart namedConfigure Firewall
To allow client systems to access the DNS server, add the DNS service to the firewall and reload the firewall:
# sudo firewall-cmd --add-service=dns --zone=public --permanent
# sudo firewall-cmd --reloadTest Bind from a Client system AlmaLinux 9
On a client machine (here, an AlmaLinux 9 system), open the /etc/resolv.conf file:
vi /etc/resolv.confThen, edit the following parameter:
nameserver 192.168.43.35Save and close the file.
Finally, append the Bind DNS server’s IP address to the /etc/sysconfig/network-scripts/ifcfg-eth0 file:
vi /etc/sysconfig/network-scripts/ifcfg-eth0Add the following line below the gateway:
...
DNS1= 192.168.43.35Save and close the file.
Restart Network on AlmaLinux 9
Apply this change by restarting the network service:
systemctl restart NetworkManagerTest Bind DNS Server
You can use the nslookup or dig command to test the Bind DNS server on AlmaLinux 9.
nslookup 192.168.43.35dig bind.orcacore.netTo perform a reverse DNS lookup:
dig -x 192.168.43.35Also, on a Windows client, you can open the Internet Protocol Version 4 properties window and add the DNS server address.
Alternative Solutions for Setting Up a DNS Server on AlmaLinux 9
While BIND is a robust and widely used DNS server, alternative solutions exist for managing DNS services on AlmaLinux 9. Here are two alternative approaches:
1. Using dnsmasq
dnsmasq is a lightweight, easy-to-configure DNS forwarder and DHCP server. It’s ideal for small networks and can simplify DNS setup compared to BIND.
Explanation:
dnsmasq acts as a caching DNS forwarder. It queries upstream DNS servers for addresses and caches the results to speed up future queries. It can also serve as an authoritative DNS server for local networks, resolving hostnames to IP addresses specified in its configuration file.
Installation and Configuration:
-
Install dnsmasq:
sudo dnf install dnsmasq -y -
Configure dnsmasq:
Edit the
/etc/dnsmasq.conffile. Here’s a basic configuration example:# Listen only on the local interface listen-address=127.0.0.1,192.168.43.35 # Specify upstream DNS servers server=8.8.8.8 server=8.8.4.4 # Local domain domain=bind.orcacore.net # Host-to-IP mappings address=/www.bind.orcacore.net/192.168.43.50 address=/mail.bind.orcacore.net/192.168.43.60listen-address: Specifies the IP addresses dnsmasq will listen on. Replace192.168.43.35with your server’s IP.server: Defines the upstream DNS servers to use.domain: Sets the local domain name.address: Maps hostnames to IP addresses.
-
Start and enable dnsmasq:
sudo systemctl start dnsmasq sudo systemctl enable dnsmasq -
Configure the client to use dnsmasq:
On the client machine, configure it to use your server’s IP address as the DNS server in
/etc/resolv.confor through network manager settings.nameserver 192.168.43.35
Advantages of dnsmasq:
- Simple configuration.
- Lightweight and efficient.
- Suitable for small networks and home labs.
- Includes DHCP server functionality.
2. Using systemd-resolved
systemd-resolved is a system service that provides network name resolution to local applications. It’s part of the systemd suite and is readily available on AlmaLinux 9.
Explanation:
systemd-resolved manages DNS resolution through a combination of stub resolvers, DNS caching, and support for multiple DNS servers. It integrates tightly with the operating system and provides a modern approach to DNS management.
Configuration:
- Edit
/etc/systemd/resolved.conf
[Resolve]
DNS=8.8.8.8 8.8.4.4
Domains=~bind.orcacore.netDNS: Specifies the upstream DNS servers to use.Domains: Specifies the search domain
-
Create a Link Local File
Create a file in /etc/systemd/resolved.conf.d/[Resolve] DNS=192.168.43.35 Domains=bind.orcacore.netThis will make your local server the primary DNS server.
-
Restart the service
sudo systemctl restart systemd-resolved- Configure the client to use systemd-resolved:
Ensure that /etc/resolv.conf is a symbolic link to /run/systemd/resolve/stub-resolv.conf. systemd-resolved automatically manages this file.
Advantages of systemd-resolved:
- Tight integration with systemd.
- Automatic management of
/etc/resolv.conf. - Supports DNSSEC.
- Modern and efficient DNS resolution.
Conclusion
This guide provided a comprehensive walkthrough of How To Set up Bind on AlmaLinux 9. It covered the installation, configuration, and testing phases. Additionally, it presented two alternative solutions – dnsmasq and systemd-resolved – offering different approaches to managing DNS services on AlmaLinux 9, each with its own advantages and suitability for various network environments. Remember to test your DNS server thoroughly after any configuration changes.
