The bind DNS server is massive, so we’re only going to cover some basic necessities commonly found for it today.
As previously mentioned, the most common use for the bind DNS server is for forwarding and caching:<\/p>\n\n\n\n
Configuring BIND as a caching DNS server However<\/strong>, in most situations there are 5 typical “Needs” for a DNS server to fulfill:<\/p>\n\n\n\n Need 1<\/strong>: client machines need to be able to resolve each other’s hostnames (resolve local network hostnames within the internal business domain both forward and reverse<\/strong>) Let’s set up an example.<\/p>\n\n\n\n You’re going to want to do two things here.<\/p>\n\n\n\n 1. Setup caching + forwarding locally on the 2 servers that are -not- the DNS server with something lightweight like dnsmasq or unbound. rhel89, rhel88:<\/p>\n\n\n\n We didn’t use all of the options required for dnsmasq in our example, just a few for basic functionality. It’s advised to follow along here for proper configuration:<\/p>\n\n\n\n How to configure DNS caching server with dnsmasq in RHEL Alternatively you could just point all of the servers to the DNS server IP, but then you would be missing per-machine DNS caching. Having something like DNS or unbound running on each machine before it forwards to the DNS server allows each machine to have their own personal cache on the client side. The BIND DNS nameserver itself will also have caching itself for the server side. <\/p>\n\n\n\n \u2611<\/strong> This resolves “Need 4<\/strong>” in the list. (cache all DNS query results for faster DNS performance<\/strong>) All 3 machines should have an \/etc\/resolv.conf that looks like this:<\/p>\n\n\n\n And on each server we need to make sure to set the fqdn:<\/p>\n\n\n\n These steps are part<\/strong> of the requirements for “Need 1<\/strong>” and “Need 2<\/strong>“.<\/p>\n\n\n\n 2. By default, the BIND DNS server has caching, we just need to configure two things:<\/p>\n\n\n\n This will allow our bind dns server to answer queries from the other four systems for both internal and external domains.<\/p>\n\n\n\n On the bind dns server (rhel92):<\/p>\n\n\n\n And enable dns access in our firewall:<\/p>\n\n\n\n First, let’s edit our configuration file to allow caching and forwarding of external internet domain queries:<\/p>\n\n\n\n
https:\/\/access.redhat.com\/documentation\/en-us\/red_hat_enterprise_linux\/9\/html\/managing_networking_infrastructure_services\/assembly_setting-up-and-configuring-a-bind-dns-server_networking-infrastructure-services#proc_configuring-bind-as-a-caching-dns-server_assembly_setting-up-and-configuring-a-bind-dns-server<\/a><\/p>\n\n\n\n
Need 2<\/strong>: client machines need to be able to resolve the internal webserver’s subdomain and\/or IP (resolve web application subdomain within the internal business domain both forward and reverse<\/strong>)
Need 3<\/strong>: client machines need to be able to resolve internet domains as well (resolve external internet domains<\/strong>)
Need 4<\/strong>: client machines need DNS caching (cache all DNS query results for faster DNS performance<\/strong>)
Need 5<\/strong>: We’re paranoid, we want our DNS server to run in a chroot (run our DNS server in a chrooted environment<\/strong>)<\/p>\n\n\n\n\n
Set the forward nameserver to your BIND dns server. In our example our BIND server’s IP is 192.168.0.66<\/p>\n\n\n\n# dnf install dnsmasq\n# systemctl enable --now dnsmasq\n# echo 'nameserver 127.0.0.1' > \/etc\/resolv.conf\n# echo 'options edns0' >> \/etc\/resolv.conf\n# echo 'resolv-file=\/etc\/resolv.dnsmasq' >> \/etc\/dnsmasq.conf\n# echo 'cache-size=1000' >> \/etc\/dnsmasq.conf\n# echo 'interface=lo' >> \/etc\/dnsmasq.conf\n# echo 'bind-interfaces' >> \/etc\/dnsmasq.conf\n# echo 'nameserver 192.168.0.66' > \/etc\/resolv.dnsmasq\n# systemctl restart dnsmasq<\/code><\/pre>\n\n\n\n
https:\/\/access.redhat.com\/solutions\/2189401<\/a><\/p>\n\n\n\n
When each server queries for another server’s hostname, we also need to search under the domain ‘fakedomain.dev’
So we need to add these additional \/etc\/resolv.conf lines to all machines:<\/p>\n\n\n\n# echo 'search .fakedomain.dev' >> \/etc\/resolv.conf<\/code><\/pre>\n\n\n\nnameserver 127.0.0.1\noptions edns0\nsearch fakedomain.dev<\/code><\/pre>\n\n\n\n# hostname rhel88.fakedomain.dev\n# hostname rhel89.fakedomain.dev\n# hostname rhel92.fakedomain.dev<\/code><\/pre>\n\n\n\n\n
# dnf install bind bind-chroot bind-utils\n# echo 'nameserver 127.0.0.1' > \/etc\/resolv.conf<\/code><\/pre>\n\n\n\n# firewall-cmd --permanent --add-service=dns\n# firewall-cmd --reload<\/code><\/pre>\n\n\n\n