Mastering Authoritative DNS Configuration with BIND on Rocky Linux, Oracle Linux, and AlmaLinux 9

Introduction: Setting up an authoritative DNS server is crucial for managing domain names effectively. BIND, or Berkeley Internet Name Domain, remains a trusted choice for this task, offering robust features and adaptability. In this guide, we’ll walk through configuring BIND to function as an authoritative DNS server on Rocky Linux, Oracle Linux, and AlmaLinux 9. We’ll provide comprehensive examples covering various DNS record types to enrich your understanding.

Step 1: Installation and Setup: Begin by installing BIND on your Rocky Linux, Oracle Linux, or AlmaLinux 9 system using the appropriate package manager:

sudo dnf install bind

This command generates cryptographic keys facilitating secure communication between BIND and its control interface.

Step 2: Basic Configuration: Open the BIND configuration file (named.conf) in your preferred text editor. Let’s set up the global options:

options {
 directory "/var/named";
 allow-query { any; };
 recursion no;
 dnssec-enable yes;
 dnssec-validation auto;
 };

Explanation:

directory: Specifies the working directory for BIND.
allow-query: Defines who can query your server. Here, queries from any source are permitted.
recursion: Disables recursion, as authoritative servers don’t need to perform recursive queries.
dnssec-enable and dnssec-validation: Enable DNSSEC for enhanced security.

Step 3: Zone Configuration: Define your zone(s). Let’s assume configuration for the domain “example.com”:

zone "example.com" {
 type master;
 file "example.com.zone";
 };

Explanation:

zone "example.com": Specifies the domain.
type master: Indicates this server as the master for the zone.
file "example.com.zone": Points to the zone file containing records for “example.com”.

Step 4: Zone File: Create the zone file (example.com.zone) in the directory specified earlier. Here’s an expanded example including various DNS record types:

$TTL 1D
@       IN      SOA     ns1.example.com. admin.example.com. (
                        2024032301      ; Serial
                        1H              ; Refresh
                        15M             ; Retry
                        1W              ; Expire
                        1D )            ; Minimum TTL

@       IN      NS      ns1.example.com.
@       IN      NS      ns2.example.com.
@       IN      A       192.168.1.10
www     IN      A       192.168.1.10
mail    IN      A       192.168.1.20
ftp     IN      CNAME   www.example.com.
ns1     IN      A       192.168.1.10
ns2     IN      A       192.168.1.11
example.com.    IN      MX 10   mail.example.com.
example.com.    IN      TXT     "v=spf1 mx -all"
_example._tcp   IN      SRV     0 5 5060 server1.example.com.

Explanation:

$TTL: Sets the default Time to Live for records.
SOA: Start of Authority record.
NS: Nameserver records.
A: Address records.
CNAME: Canonical Name record.
MX: Mail Exchange record.
TXT: Text record, commonly used for SPF, DKIM, and DMARC.
SRV: Service record, specifies the location of services like SIP or LDAP.

Understanding SRV Records: SRV (Service) records are used to specify the location of services on the network. They consist of several components:

Service: The symbolic name of the desired service. For example, “_sip” for SIP (Session Initiation Protocol) services.
Protocol: The transport protocol of the desired service. Commonly “TCP” or “UDP”.
Name: The domain name of the server providing the service.
Priority: The priority of the target host, lower values indicate higher priority.
Weight: A relative weight for records with the same priority, higher values indicate more preferred targets.
Port: The port number of the service on the target host.

Example SRV Record:

_example._tcp   IN      SRV     0 5 5060 server1.example.com.

Explanation:

_example._tcp: Specifies the service and protocol.
0: Priority of the target host.
5: Weight of the target host.
5060: Port number of the service.
server1.example.com: The domain name of the server providing the service.

Step 5: Start and Test BIND: After saving the configuration, start BIND:

sudo systemctl start named

Ensure BIND starts automatically on boot:

sudo systemctl enable named

Test your configuration using tools like dig or nslookup:

dig example.com

Conclusion: Configuring BIND as an authoritative DNS server is fundamental in managing your domain’s DNS infrastructure. By following these steps and understanding the configuration options, you can establish a robust and reliable DNS service using BIND on Rocky Linux, Oracle Linux, or AlmaLinux 9. This setup forms a sturdy basis for efficiently and securely resolving domain queries, bolstering your domain’s online presence. Explore further and experiment with different DNS record types, including SRV records, to tailor your DNS infrastructure to your specific needs.

Categorized in:

Linux, Networking, Technology,

Last Update: March 23, 2024

Tagged in:

AlmaLinux, BIND, DNS, DNS Configuration, DNS Records, DNSSEC, Network Administration, oracle linux, redhat, rocky linux, SRV Records

Mastering Authoritative DNS Configuration with BIND on Rocky Linux, Oracle Linux, and AlmaLinux 9

About the Author

Jaspreet Singh

Comprehensive Guide: Enabling IPv6 Support on CWP Panel

Securing Your Website on Rocky, Alma, Oracle, and RHEL Linux: Mitigating CVE-2024-2961 Vulnerability

Press ESC to close

About the Author

Related Articles