Choose a different version or distribution
Introduction
Before we begin talking about how to set up private DNS Servers with Bind on AlmaLinux 8, let's briefly understand – What is DNS Server?
A DNS server, which stands for Domain Name System, is a crucial component of the internet infrastructure. It functions like a digital phonebook, translating human-friendly domain names (such as example.com) into the corresponding IP addresses that computers use to communicate with each other.
By doing so, DNS servers enable smooth navigation of the internet, allowing you to access websites through familiar and memorable domain names. DNS servers play a vital role in ensuring speedy and reliable internet connectivity, minimizing delays experienced during web browsing or accessing online services.
BIND, which stands for Berkeley Internet Name Domain, is an open-source software package used for implementing the Domain Name System (DNS) protocol. It serves as a DNS server, translating domain names into their corresponding IP addresses to facilitate communication between computers on the internet.
In this tutorial, you will set up private DNS Servers with Bind on AlmaLinux 8. We will also address a few FAQs on how to set up private DNS Servers with Bind on AlmaLinux 8.
Prerequisites
- An AlmaLinux VPS
- A regular user with sudo privileges or root SSH access
Step 1. Log in to your server via SSH
Initially, you must use SSH to access your AlmaLinux 8 VPS as the root user:
ssh root@IP_Address -p Port_number
You must replace IP_Address and Port_number with the appropriate IP address and SSH port number for your server. In addition, replace root with the username of the system user who has sudo access.
With the following command, you may check if the correct version of AlmaLinux is installed on your server:
# cat /etc/almalinux-release
You would see an output like this:
AlmaLinux release 9.2 (Turquoise Kodkod)
The shell commands in this article are run using the command root. Put sudo in front of the instructions if you want to execute them using your regular user account with sudo access.
Step 2. Install Bind
To install Bind 9 from its default repository on your AlmaLinux 8, use the following command. The most recent version is Bind 9, while Bind 10 is an outdated project.
# dnf update
# dnf install bind bind-utils
After installation, we may view the Bind version details.
# named -v
Sample output:
BIND 9.16.23-RH (Extended Support Version)
We can use this command to view the build choices and Bind version number.
# named -V
Output
BIND 9.16.23-RH (Extended Support Version)
running on Linux x86_64 5.14.0-284.11.1.el9_2.x86_64 #1 SMP PREEMPT_DYNAMIC Tue May 9 05:49:00 EDT 2023
built by make with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-python=/usr/bin/python3' '--with-libtool' '--localstatedir=/var' '--with-pic' '--disable-static' '--includedir=/usr/include/bind9' '--with-tuning=large' '--with-libidn2' '--with-maxminddb' '--with-dlopen=yes' '--with-gssapi=yes' '--with-lmdb=yes' '--without-libjson' '--with-json-c' '--enable-dnstap' '--enable-fixed-rrset' '--enable-full-report' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CC=gcc' 'CFLAGS= -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64-v2 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' 'LDFLAGS=-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 ' 'LT_SYS_LIBRARY_PATH=/usr/lib64:' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
compiled by GCC 11.3.1 20221121 (Red Hat 11.3.1-4)
compiled with OpenSSL version: OpenSSL 3.0.1 14 Dec 2021
linked to OpenSSL version: OpenSSL 3.0.7 1 Nov 2022
compiled with libuv version: 1.42.0
linked to libuv version: 1.42.0
compiled with libxml2 version: 2.9.13
linked to libxml2 version: 20913
compiled with json-c version: 0.14
linked to json-c version: 0.14
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.5.2
compiled with protobuf-c version: 1.3.3
linked to protobuf-c version: 1.3.3
threads support is enabled
default paths:
named configuration: /etc/named.conf
rndc configuration: /etc/rndc.conf
DNSSEC root key: /etc/bind.keys
nsupdate session key: /var/run/named/session.key
named PID file: /var/run/named/named.pid
named lock file: /var/run/named/named.lock
geoip-directory: /usr/share/GeoIP
Although Bind is now installed, it is not operating automatically. Let's use this command to launch Bind and set it up to launch automatically when the computer reboots.
# systemctl enable --now named
Step 3. Configure Bind
On CentOS/RHEL, the BIND9 server by default provides recursive capabilities only for the localhost. Requests from outside sources will be rejected. Make changes to BIND's main configuration file, /etc/named.conf.
# nano /etc/named.conf
Find these two lines
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
Comment on them after that, and it ought to seem like this.
#listen-on port 53 { 127.0.0.1; };
#listen-on-v6 port 53 { ::1; };
This line can also be modified.
allow-query { localhost; };
To something like this
allow-query { localhost; 192.168.0.0/24; 10.10.10.0/24; };
Alternatively, you can just comment on the lines and run some tests before granting access to particular IP ranges; it should look something like this:
#allow-query { localhost; };
Save the file before exiting and restarting Bind.
# systemctl restart named
The Bind service is now listening to all of your server's interfaces, not just localhost.
Step 4. Create Zones
Add the following lines to the end of the document while changing the domain name to suit your needs.
zone "yourdomain.com" {
type master;
file "/var/named/yourdomain.com";
};
Exit after saving the file.
Make a BIND zone configuration file called /var/named/yourdomain.com.
# nano /var/named/yourdomain.com
Then include these lines.
Output
$TTL 1d
@ IN SOA dns1.yourdomain.com. hostmaster.yourdomain.com. (
1 ; serial
6h ; refresh after 6 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1d ) ; minimum TTL of 1 day
@ IN NS ns1.yourdomain.com.
@IN NS ns2.yourdomain.com.
ns1 IN A 192.168.0.1
ns2IN A 192.168.0.1
yourdomain.com. IN MX 0 mail.yourdomain.com.
mail IN A 192.168.0.1
www IN CNAME yourdomain.com.
blog IN A 192.168.0.1
Close the file after saving it.
When utilizing the domain name in the zone file, please make sure that a dot is added at the end of the name. Using the supplied template, you have the freedom to add or change the records as needed.
This line represents:
Output
@ – The domain mentioned in the named.conf.local file, which is yourdomain.com, will be substituted here.
IN – Records of INTERNET type in this case.
SOA – This is the Start Of Authority record, which is the authoritative record for this domain.
ns1.yourdomain.com. – The nameserver DNS record. – The server that handles the domain's DNS.
hostmaster.yourdomain.com. – The email address of the nameserver's manager. The @ symbol is replaced with a dot.
You can add other zones and repeat the previous procedures. However, each time you edit Bind configuration files, remember to run this command:
# named-checkconf
After running the command, if there isn't any message, the configuration is okay, and the Bind service can be restarted.
# systemctl restart named
You ought to be able to utilize your server as the DNS server at this point. We may, for instance, attempt to query mail.yourdomain.com.
# dig mail.yourdomain.com @127.0.0.1
The output will look like this:
Output
; <<>> DiG 9.16.23-RH <<>> mail.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 933
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 86b765bc5dc202110100000064a7606f61c60bf02ed52508 (good)
;; QUESTION SECTION:
;mail.yourdomain.com. IN A
;; ANSWER SECTION:
mail.yourdomain.com. 86400 IN A 192.168.0.1
;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jul 06 19:46:39 CDT 2023
You may observe that 192.168.0.1 is the address that mail.yourdomain.com points to.
Step 5. Configure Systemd
We can edit the systemd file to keep the Bind service up and running at all times.
# systemctl edit named
Make sure to add these two lines to the file in the appropriate location.
[Service]
Restart=always
RestartSec=5s
Exit the file, after saving.
Let's reload it now and attempt to stop the Bind service.
# systemctl daemon-reload
# pkill named
Next, check the Bind status. You'll see that an automatic restart of the Bind service occurred.
# systemctl status named
Well done! On AlmaLinux 8, you have effectively set up a private DNS server using Bind.
FAQs on setting up private DNS servers with Bind on AlmaLinux 8
What is Bind, and why would I use it to set up private DNS servers on AlmaLinux 8?
Bind (Berkeley Internet Name Domain) is an open-source DNS server software. Setting up private DNS servers with Bind on AlmaLinux 8 allows you to have control over your domain names and resolve them within your private network.
How do I install Bind on AlmaLinux 8?
To install Bind on AlmaLinux 9, you can use the package manager dnf. Run the command sudo dnf install bind to install Bind and its dependencies.
Where are the configuration files for Bind located on AlmaLinux 8?
The main configuration file for Bind is located at /etc/named.conf. Additional configuration files can be included from this main file.
How can I configure forward and reverse zones in Bind on AlmaLinux 8?
To configure forward zones, add zone declarations to the /etc/named.conf file. For reverse zones, create separate zone files and configure the reverse zone declarations accordingly.
What are forwarders, and how can I configure them in Bind on AlmaLinux 8?
Forwarders are DNS servers that your local Bind server will forward queries to when it cannot resolve them locally. You can configure forwarders by adding the forwarders directive within the options section of the /etc/named.conf file.
How can I test the configuration of Bind on AlmaLinux 8 for errors?
You can test the Bind configuration for errors by running the command named-checkconf /etc/named.conf. It will check the syntax of the configuration file and report any errors.
How can I ensure high availability for my private DNS server?
To achieve high availability, you can set up multiple DNS servers in a redundant configuration. This can involve using technologies like DNS clustering, load balancing, and DNS anycast to distribute the workload and ensure that DNS requests are handled by a functioning server even if one goes offline.
Conclusion
In this tutorial, we showed you how to set up private DNS Servers with bind on AlmaLinux 8 and also provided answers for frequently asked questions regarding the setup process.
If you have any queries, please leave a comment below, and we’ll be happy to respond to them.
