DNS Installation on Red Hat Linux 8

DNS (Domain Name System) is the backbone of internet communication, translating human-readable domain names into IP addresses. Setting up your own DNS server on Red Hat Linux 8 gives you complete control over name resolution on your network. This comprehensive guide covers the complete process of installing, configuring, and testing BIND DNS on Red Hat Linux 8, including forward and reverse lookup zones with client configuration for both Linux and Windows systems.

What is DNS and Why Set It Up?

DNS is a distributed hierarchical naming system that converts domain names (like example.com) into IP addresses (like 192.168.1.1). A local DNS server on your network provides several benefits:

• Network Control - Manage hostname resolution within your organization
• Performance - Cache DNS queries locally for faster resolution
• Internal Networks - Use custom domain names on private networks
• Security - Block malicious domains at the network level
• Learning - Understand DNS fundamentals through hands-on practice

Prerequisites

Before proceeding with DNS installation, ensure you have:

• Internet Connectivity - Required for downloading packages and updates
• Red Hat Registration - System registered with Red Hat for updates
• Cockpit Installation - Web-based management interface for configuration
• Root Access - Administrative privileges for system configuration
• Static IP Address - DNS servers should have fixed IP addresses
• Sufficient Disk Space - At least 5GB free for logs and zone files

Check System Requirements

# Check Red Hat version
cat /etc/redhat-release

# Check internet connectivity
ping 8.8.8.8

# Verify Cockpit is installed
systemctl status cockpit

# Check disk space
df -h /

Step 1: Hostname Configuration

The FQDN (Fully Qualified Domain Name) is crucial for DNS server identification. Set your hostname to something meaningful:

# Set hostname using hostnamectl
sudo hostnamectl set-hostname primary-dns.kaushal.local

# Verify the change
hostnamectl status

Update your /etc/hosts file to reflect the new hostname:

sudo nano /etc/hosts

Add or modify the entry:

127.0.0.1   localhost localhost.localdomain
::1         localhost localhost.localdomain
192.168.1.100   primary-dns primary-dns.kaushal.local

Replace 192.168.1.100 with your actual IP address.

Step 2: Static IP Assignment

DNS servers must have static IP addresses. Configure this through Cockpit:

1. Open Cockpit: https://localhost:9090/
2. Log in with your Red Hat credentials
3. Navigate to Networking
4. Click on your network interface
5. Click the pencil icon to edit
6. Switch to Manual configuration
7. Enter:
   • IPv4 Address: Your desired IP (e.g., 192.168.1.100/24)
   • Gateway: Your network gateway (e.g., 192.168.1.1)
   • DNS: Set to 8.8.8.8 for now (will change after DNS setup)
8. Click Apply
9. Verify connectivity: ping 8.8.8.8

Step 3: Install BIND DNS Packages

BIND (Berkeley Internet Name Domain) is the most widely used DNS server software. Install the necessary packages:

# Install BIND and utilities
sudo dnf install bind bind-utils -y

# Enable the named service to start on boot
sudo systemctl enable named

# Verify installation
named -v

Step 4: System Information Collection

Document the following information for configuration:

# Get your IP address
hostname -I

# Get your FQDN
hostname -f

# Get your network subnet
ip addr show

Example Information:

• IP Address: 192.168.1.100
• FQDN: primary-dns.kaushal.local
• Network: 192.168.1.0/24
• Reverse Zone: 1.168.192.in-addr.arpa

Step 5: Edit BIND Configuration File

The main BIND configuration file is /etc/named.conf. Edit it to set up your DNS server:

sudo nano /etc/named.conf

Make the following changes:

1. Comment out IPv6 listeners (if not using IPv6):

// Before:
listen-on port 53 { 127.0.0.1; any; };

// After:
listen-on port 53 { any; };

2. Allow queries from your network:

// Find the "acl" section and add:
acl internal {
    localhost;
    192.168.1.0/24;
};

// Then find "allow-query" and change to:
allow-query { internal; };

3. Add forward zone definition at the end of the file (before the closing };):

zone "kaushal.local" {
    type master;
    file "/var/named/kaushal.local.db";
    allow-update { none; };
};

4. Add reverse zone definition:

zone "1.168.192.in-addr.arpa" {
    type master;
    file "/var/named/kaushal.local.rev";
    allow-update { none; };
};

Step 6: Create Forward Zone File

Create the forward lookup zone file with DNS records:

sudo nano /var/named/kaushal.local.db

Add the following content:

$TTL 86400
@   IN  SOA primary-dns.kaushal.local. admin.kaushal.local. (
            2026041301  ; Serial number (YYYYMMDDNN format)
            3600        ; Refresh (1 hour)
            1800        ; Retry (30 minutes)
            604800      ; Expire (1 week)
            86400 )     ; Minimum TTL (1 day)

    IN  NS  primary-dns.kaushal.local.

primary-dns     IN  A   192.168.1.100
web-server      IN  A   192.168.1.101
mail-server     IN  A   192.168.1.102
db-server       IN  A   192.168.1.103
workstation-1   IN  A   192.168.1.50
workstation-2   IN  A   192.168.1.51

Zone File Explanation:

• $TTL - Time to Live (seconds)
• SOA - Start of Authority record
• NS - Name Server record
• A - Address (IPv4) record
• Serial - Version number (increment on changes)
• Refresh/Retry/Expire - Replication timing
• MX - Mail Exchange (add if using mail)

Step 7: Create Reverse Zone File

Create the reverse lookup zone file for IP-to-hostname resolution:

sudo nano /var/named/kaushal.local.rev

Add the following content:

$TTL 86400
@   IN  SOA primary-dns.kaushal.local. admin.kaushal.local. (
            2026041301  ; Serial
            3600        ; Refresh
            1800        ; Retry
            604800      ; Expire
            86400 )     ; Minimum TTL

    IN  NS  primary-dns.kaushal.local.

100     IN  PTR primary-dns.kaushal.local.
101     IN  PTR web-server.kaushal.local.
102     IN  PTR mail-server.kaushal.local.
103     IN  PTR db-server.kaushal.local.
50      IN  PTR workstation-1.kaushal.local.
51      IN  PTR workstation-2.kaushal.local.

Important: The reverse zone uses only the last octet of the IP address (e.g., 192.168.1.100 becomes just 100).

Step 8: Set Correct File Permissions

BIND runs as the named user. Set proper ownership:

# Change ownership of zone files
sudo chown named:named /var/named/kaushal.local.db
sudo chown named:named /var/named/kaushal.local.rev

# Set appropriate permissions
sudo chmod 640 /var/named/kaushal.local.db
sudo chmod 640 /var/named/kaushal.local.rev

# Verify permissions
ls -la /var/named/kaushal.local.*

Step 9: Configure Firewall Rules

Allow DNS traffic through the firewall:

# Allow DNS service
sudo firewall-cmd --add-service=dns --zone=public --permanent

# Allow DNS over TCP (for zone transfers)
sudo firewall-cmd --add-port=53/tcp --zone=public --permanent

# Reload firewall rules
sudo firewall-cmd --reload

# Verify rules
sudo firewall-cmd --list-all

Step 10: Start and Test BIND Service

Start the BIND daemon and verify it's running:

# Start the named service
sudo systemctl start named

# Check service status
sudo systemctl status named

# View logs for errors
sudo journalctl -xe | grep named

# Check if listening on port 53
sudo netstat -tulnp | grep :53

Step 11: Client Configuration and Testing

Configure Linux Clients

Edit /etc/resolv.conf:

sudo nano /etc/resolv.conf

Add your DNS server:

nameserver 192.168.1.100
nameserver 8.8.8.8

Save and exit. Note: This may reset on reboot; for permanent configuration, use NetworkManager.

Configure Windows Clients

1. Open Network Settings
2. Click Change Adapter Options
3. Right-click your network adapter → Properties
4. Select Internet Protocol Version 4 (TCP/IPv4)
5. Click Properties
6. Set DNS Server: 192.168.1.100
7. Click OK

Test DNS Resolution

From Linux:

# Forward lookup
nslookup web-server.kaushal.local 192.168.1.100

# Reverse lookup
nslookup 192.168.1.101 192.168.1.100

# Detailed query information
dig web-server.kaushal.local @192.168.1.100

# Zone transfer test
dig @192.168.1.100 kaushal.local -t AXFR

Expected Output:

Server:     192.168.1.100
Address:    192.168.1.100#53

Name:   web-server.kaushal.local
Address: 192.168.1.101

Troubleshooting DNS Issues

Issue 1: DNS Service Won't Start

# Check configuration syntax
sudo named-checkconf /etc/named.conf

# Check zone files
sudo named-checkzone kaushal.local /var/named/kaushal.local.db
sudo named-checkzone 1.168.192.in-addr.arpa /var/named/kaushal.local.rev

# View detailed logs
sudo tail -f /var/log/named.log

Issue 2: Clients Can't Resolve Names

• Verify DNS server is running: sudo systemctl status named
• Check firewall rules: sudo firewall-cmd --list-all
• Verify client is pointing to correct DNS server
• Check zone file permissions and ownership

Issue 3: Slow DNS Resolution

• Check system resources: top, free
• Monitor DNS queries: tcpdump -i any -n port 53
• Optimize zone file SOA values
• Consider DNS caching servers

Best Practices

• Regular Backups - Backup zone files regularly
• Monitoring - Monitor DNS query logs
• Security - Restrict zone transfers to authorized servers
• Documentation - Maintain records of all DNS entries
• Testing - Test changes before deploying to production
• Redundancy - Set up secondary DNS servers for high availability

Conclusion

You now have a fully functional DNS server on Red Hat Linux 8. This local DNS infrastructure provides network control, performance benefits, and a solid foundation for network management. Regular maintenance and monitoring will ensure reliable DNS service for your organization.

Additional Resources

• Red Hat DNS Documentation
• BIND Official Documentation
• DNS Record Types Guide
• BIND Configuration Examples