Aug 15, 2024 7 min read

How to Set Up Private DNS Servers With Bind on AlmaLinux 8

Set up private dns servers with bind on almalinux 8 with our step-by-step tutorial. It is a crucial component of the internet infrastructure.

Set Up Private DNS Servers With Bind on AlmaLinux 8
Set Up Private DNS Servers With Bind on AlmaLinux 8
Table of Contents

Choose a different version or distribution

Introduction

Before we begin talking about how to set up private DNS Servers with Bind on AlmaLinux 8, let's briefly understand – What is DNS Server?

A DNS server, which stands for Domain Name System, is a crucial component of the internet infrastructure. It functions like a digital phonebook, translating human-friendly domain names (such as example.com) into the corresponding IP addresses that computers use to communicate with each other.

By doing so, DNS servers enable smooth navigation of the internet, allowing you to access websites through familiar and memorable domain names. DNS servers play a vital role in ensuring speedy and reliable internet connectivity, minimizing delays experienced during web browsing or accessing online services.

BIND, which stands for Berkeley Internet Name Domain, is an open-source software package used for implementing the Domain Name System (DNS) protocol. It serves as a DNS server, translating domain names into their corresponding IP addresses to facilitate communication between computers on the internet.

In this tutorial, you will set up private DNS Servers with Bind on AlmaLinux 8. We will also address a few FAQs on how to set up private DNS Servers with Bind on AlmaLinux 8.

Prerequisites

Step 1. Log in to your server via SSH

Initially, you must use SSH to access your AlmaLinux 8 VPS as the root user:

ssh root@IP_Address -p Port_number

You must replace IP_Address and Port_number with the appropriate IP address and SSH port number for your server. In addition, replace root with the username of the system user who has sudo access.

With the following command, you may check if the correct version of AlmaLinux is installed on your server:

# cat /etc/almalinux-release

You would see an output like this:

AlmaLinux release 9.2 (Turquoise Kodkod)

The shell commands in this article are run using the command root. Put sudo in front of the instructions if you want to execute them using your regular user account with sudo access.

Step 2. Install Bind

To install Bind 9 from its default repository on your AlmaLinux 8, use the following command. The most recent version is Bind 9, while Bind 10 is an outdated project.

# dnf update
# dnf install bind bind-utils

After installation, we may view the Bind version details.

# named -v

Sample output:

BIND 9.16.23-RH (Extended Support Version)

We can use this command to view the build choices and Bind version number.

# named -V
Output

BIND 9.16.23-RH (Extended Support Version)
running on Linux x86_64 5.14.0-284.11.1.el9_2.x86_64 #1 SMP PREEMPT_DYNAMIC Tue May 9 05:49:00 EDT 2023
built by make with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-python=/usr/bin/python3' '--with-libtool' '--localstatedir=/var' '--with-pic' '--disable-static' '--includedir=/usr/include/bind9' '--with-tuning=large' '--with-libidn2' '--with-maxminddb' '--with-dlopen=yes' '--with-gssapi=yes' '--with-lmdb=yes' '--without-libjson' '--with-json-c' '--enable-dnstap' '--enable-fixed-rrset' '--enable-full-report' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CC=gcc' 'CFLAGS= -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64-v2 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' 'LDFLAGS=-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 ' 'LT_SYS_LIBRARY_PATH=/usr/lib64:' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
compiled by GCC 11.3.1 20221121 (Red Hat 11.3.1-4)
compiled with OpenSSL version: OpenSSL 3.0.1 14 Dec 2021
linked to OpenSSL version: OpenSSL 3.0.7 1 Nov 2022
compiled with libuv version: 1.42.0
linked to libuv version: 1.42.0
compiled with libxml2 version: 2.9.13
linked to libxml2 version: 20913
compiled with json-c version: 0.14
linked to json-c version: 0.14
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.5.2
compiled with protobuf-c version: 1.3.3
linked to protobuf-c version: 1.3.3
threads support is enabled

default paths:
named configuration: /etc/named.conf
rndc configuration: /etc/rndc.conf
DNSSEC root key: /etc/bind.keys
nsupdate session key: /var/run/named/session.key
named PID file: /var/run/named/named.pid
named lock file: /var/run/named/named.lock
geoip-directory: /usr/share/GeoIP

Although Bind is now installed, it is not operating automatically. Let's use this command to launch Bind and set it up to launch automatically when the computer reboots.

# systemctl enable --now named

Step 3. Configure Bind

On CentOS/RHEL, the BIND9 server by default provides recursive capabilities only for the localhost. Requests from outside sources will be rejected. Make changes to BIND's main configuration file, /etc/named.conf.

# nano /etc/named.conf

Find these two lines

listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };

Comment on them after that, and it ought to seem like this.

#listen-on port 53 { 127.0.0.1; };
#listen-on-v6 port 53 { ::1; };

This line can also be modified.

allow-query { localhost; };

To something like this

allow-query { localhost; 192.168.0.0/24; 10.10.10.0/24; };

Alternatively, you can just comment on the lines and run some tests before granting access to particular IP ranges; it should look something like this:

#allow-query { localhost; };

Save the file before exiting and restarting Bind.

# systemctl restart named

The Bind service is now listening to all of your server's interfaces, not just localhost.

Step 4. Create Zones

Add the following lines to the end of the document while changing the domain name to suit your needs.

zone "yourdomain.com" {
    type master;
    file "/var/named/yourdomain.com";
};

Exit after saving the file.

Make a BIND zone configuration file called /var/named/yourdomain.com.

# nano /var/named/yourdomain.com

Then include these lines.

Output

$TTL 1d
@               IN      SOA     dns1.yourdomain.com.    hostmaster.yourdomain.com. (
                1        ; serial
                6h       ; refresh after 6 hours
                1h       ; retry after 1 hour
                1w       ; expire after 1 week
                1d )     ; minimum TTL of 1 day


@               IN      NS      ns1.yourdomain.com.
@IN NS ns2.yourdomain.com.

ns1             IN      A       192.168.0.1
ns2IN      A       192.168.0.1

yourdomain.com.    IN      MX      0      mail.yourdomain.com.
mail            IN      A       192.168.0.1
www             IN      CNAME       yourdomain.com.
blog            IN      A       192.168.0.1

Close the file after saving it.

When utilizing the domain name in the zone file, please make sure that a dot is added at the end of the name. Using the supplied template, you have the freedom to add or change the records as needed.

This line represents:

Output

@ – The domain mentioned in the named.conf.local file, which is yourdomain.com, will be substituted here.
IN – Records of INTERNET type in this case.
SOA – This is the Start Of Authority record, which is the authoritative record for this domain.
ns1.yourdomain.com. – The nameserver DNS record. – The server that handles the domain's DNS.
hostmaster.yourdomain.com. – The email address of the nameserver's manager. The @ symbol is replaced with a dot.

You can add other zones and repeat the previous procedures. However, each time you edit Bind configuration files, remember to run this command:

# named-checkconf

After running the command, if there isn't any message, the configuration is okay, and the Bind service can be restarted.

# systemctl restart named

You ought to be able to utilize your server as the DNS server at this point. We may, for instance, attempt to query mail.yourdomain.com.

# dig mail.yourdomain.com @127.0.0.1

The output will look like this:

Output

; <<>> DiG 9.16.23-RH <<>> mail.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 933
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 86b765bc5dc202110100000064a7606f61c60bf02ed52508 (good)
;; QUESTION SECTION:
;mail.yourdomain.com. IN A

;; ANSWER SECTION:
mail.yourdomain.com. 86400 IN A 192.168.0.1

;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jul 06 19:46:39 CDT 2023

You may observe that 192.168.0.1 is the address that mail.yourdomain.com points to.

Step 5. Configure Systemd

We can edit the systemd file to keep the Bind service up and running at all times.

# systemctl edit named

Make sure to add these two lines to the file in the appropriate location.

[Service]
Restart=always
RestartSec=5s

Exit the file, after saving.

Let's reload it now and attempt to stop the Bind service.

# systemctl daemon-reload
# pkill named

Next, check the Bind status. You'll see that an automatic restart of the Bind service occurred.

# systemctl status named

Well done! On AlmaLinux 8, you have effectively set up a private DNS server using Bind.

FAQs on setting up private DNS servers with Bind on AlmaLinux 8

What is Bind, and why would I use it to set up private DNS servers on AlmaLinux 8?

Bind (Berkeley Internet Name Domain) is an open-source DNS server software. Setting up private DNS servers with Bind on AlmaLinux 8 allows you to have control over your domain names and resolve them within your private network.

How do I install Bind on AlmaLinux 8?

To install Bind on AlmaLinux 9, you can use the package manager dnf. Run the command sudo dnf install bind to install Bind and its dependencies.

Where are the configuration files for Bind located on AlmaLinux 8?

The main configuration file for Bind is located at /etc/named.conf. Additional configuration files can be included from this main file.

How can I configure forward and reverse zones in Bind on AlmaLinux 8?

To configure forward zones, add zone declarations to the /etc/named.conf file. For reverse zones, create separate zone files and configure the reverse zone declarations accordingly.

What are forwarders, and how can I configure them in Bind on AlmaLinux 8?

Forwarders are DNS servers that your local Bind server will forward queries to when it cannot resolve them locally. You can configure forwarders by adding the forwarders directive within the options section of the /etc/named.conf file.

How can I test the configuration of Bind on AlmaLinux 8 for errors?

You can test the Bind configuration for errors by running the command named-checkconf /etc/named.conf. It will check the syntax of the configuration file and report any errors.

How can I ensure high availability for my private DNS server?

To achieve high availability, you can set up multiple DNS servers in a redundant configuration. This can involve using technologies like DNS clustering, load balancing, and DNS anycast to distribute the workload and ensure that DNS requests are handled by a functioning server even if one goes offline.

Conclusion

In this tutorial, we showed you how to set up private DNS Servers with bind on AlmaLinux 8 and also provided answers for frequently asked questions regarding the setup process.

If you have any queries, please leave a comment below, and we’ll be happy to respond to them.

Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to DevOps Tutorials - VegaStack.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.