RHEL7: Configure a caching-only name server.

Share this link

Note: This is an RHCE 7 exam objective.

Presentation of Caching-only Name Server

A cache-only name server keeps a cache of all the results of the previous requests to the root DNS servers.

Configuration Procedure

Install the bind package:

# yum install -y bind

Edit the /etc/named.conf file and change the listen-on option from 127.0.0.1 to any:

listen-on port 53 { any; };

In the same file, change the allow-query option from localhost to any:

allow-query { any; };

In the same file, disable the dnssec-validation option:

dnssec-validation no;

Check the configuration file:

# named-checkconf

Add a new service to the firewall:

# firewall-cmd --permanent --add-service=dns
success

Reload the firewall configuration:

# firewall-cmd --reload
success

Activate the DNS service:

# systemctl enable named

Start the DNS service:

# systemctl start named

Time to Test

Check the configuration:

# nslookup cnn.com 127.0.0.1
# dig @127.0.0.1 cnn.com

Additional Resources

You can also read this nice article from Zytrax.com about the different DNS Configuration Types.
If you want to go any further, check the master DNS server tutorial.

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Leave a Reply

23 Comments on "RHEL7: Configure a caching-only name server."

Notify of
Sort by:   newest | oldest
Shikaz
Member
Shikaz

In one of the tutorials I have seen they are installing unbound instead of bind, do you thing from the RHCE perspective it will matter to install bind or unbound?

Jaz
Member
Jaz

What if I put my interface ip address in listen-on port directive and add my network ip in allow-query directive during the exam even if not asked in the question?
Because ‘any’ means no restriction.

dan
Member
dan

why set dnssec-validation to no?

power
Member
power

Hi Guys,
I haven’t seen any DNS question on RHCE mock test. Do you think that might be included in the exam ?

Thank you

Lisenet
Member

It might be as it’s a part of RHCE exam objectives.

I’ve put a sample RHCE example exam here: https://www.lisenet.com/2016/rhce-sample-exam-for-rhel-7/ feel free to give it a try.

mairj23
Member
mairj23

Hi everyone, when I configure a cache only dns server it doesn’t resolve any domain, but it works correctly when I add forwarders any ideas? If I ping a domain from shell it works…
Thanks in advance

asifshabir
Member
asifshabir

This cache only DNS server is supposed to work when you don’t have internet connection i.e. it should resolve the domain even if net is down.

I have followed this guide. Everything mentioned in this guide works perfectly. But, when I disable Internet, it does not resolve any domain.

Please correct me if I am on a wrong line.

Lisenet
Member

“This cache only DNS server is supposed to work when you don’t have internet connection i.e. it should resolve the domain even if net is down.”

This is incorrect.

When a DNS server resolves a query, it returns the answer to the client. The DNS server also stores the answer in its cache for the period of time that was allowed by the records’ TTL value. This way any subsequent requests are processed faster when the nameserver is asked to resolve the same names again. This is about storing the answers in cache – nothing do to with lost internet connection.

asifshabir
Member
asifshabir

thank you for your reply,

Just to rephrase the question.
we have resolved some domains with cache only DNS . Now internet is down…. those resolved domains should also get resolved while cache DNS is offline ( No internet )??

I just wanted to know proper way of testing this server.

Lisenet
Member

Yes, the domain names that were resolved while the server had internet connection will still be served from cache even though internet is down as long as TTL is valid.

Sam
Member
Sam

I don’t think there is a simple way of testing this. If you can’t wait, set up a local DNS, and propagate it with local domain names. Unless you can wait for your internet to become live again.

Lisenet
Member

There is. You log into your caching-only DNS server, the resolve some domain name of your choice, then disable networking simulating “the loss of internet”, and try to resolve the same domain name again. It will be served from local DNS cache as long as TTL is valid.

Mike_
Member
Mike_
This might be obvious to some or all, but it was not to me. Following the examples above, I realized that my caching doesn’t work if I have a valid DNS host in my /etc/resolv.conf. I verified this dumping my cache after performing an nslookup and it was not present in the dump. e.g. On my system I configured dns caching: nslookup http://www.certdepot.net rndc dumpdb -cache grep certdepot /var/named/data/cache_dump.db (returns nothing) If I comment out the server from /etc/resolv.conf and perform same exercise, the certdepot is now in my cache. Just FYI: Just because you get a return from nslookup… Read more »
Lisenet
Member

Can you clarify on “caching doesn’t work if I have a valid DNS host in my /etc/resolv.conf”.

What do you mean by saying “a valid DNS host”? What is a valid DNS host in this case? Or what would be an invalid DNS host?

Mike_
Member
Mike_
Lisenet, Sorry, I will clarify. When I logged onto my system to create a DNS caching server, I already had DNS resolution configured via /etc/resolv.conf. It either points to my home router, 192.168.1.1, or the KVM NAT gateway 192.168.122.1. I then install bind and configured it to be a DNS caching server, and provide DNS forwarders to be either another DNS server. e.g. The home router, the kvm gateway, or 8.8.8.8, etc. If after installing the bind to be a caching server, I attempt to test it via nslookup or dig, I am still using /etc/resolv.conf at that point. I… Read more »
Lisenet
Member

Caching does work if you use your caching DNS server to do name resolution, it obviously does not work if you use some other DNS server be it your home router, KVM gateway or anything else.

Mike_
Member
Mike_

Exactly! In the directions above, updating ./etc/resolv.conf is omitted. Conversely, on your site, you use unbound, but you update the resolver to pont to localhost.

Lisenet
Member

There are instructions for both Unbound as well as Bind (scroll down the page), and I use nmcli to set “ipv4.dns 127.0.0.1” (don’t mess around with editing resolv.conf manually).

RHCSA7: Task of the day

Allowed time: 5 minutes.
Add 100MB of swap space to the machine using a new logical volume.

RHCE7: Task of the day

Allowed time: 8 minutes.
Set up an iScsi target based on a block backstore of 100MB called lv_iscsi with basic authentication, ext4 filesystem and standard firewall configuration.

Follow me on Twitter

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...