DNS (Domain Name Server) is considered a critical component of any enterprise IT infrastructure. DNS runs as a service on a system and a DNS server can have different roles or we could say that DNS servers can be classified into multiple categories. In this quick article we will explain how to setup a caching only DNS server. This type of DNS server is the easiest to understand and setup. All DNS servers cache their queries but a DNS server that has been put in use for the sole purpose of caching DNS queries is referred to as a caching only DNS server. A caching only DNS server is also called a resolver. It queries DNS information and obtains the required information from other DNS servers (the root DNS servers in our case) and stores the query result in it’s cache for future use. The duration for which the query result remains in the servers’ cache is determined by the TTL value. This will help to reduce the DNS resolution time when the same query is performed again within the TTL window.

With a basic understanding of what a caching only DNS server is, let’s configure one on a Centos 7 server.

Step 1: Install required packages.
To configure our caching only DNS server we will use the BIND package which is the most popular open source DNS server distribution in the world. Along with the bind package we will also install the bind-utils package which gives access to certain client utilities that come in handy.

[root@linuxnix ~]# yum install bind bind-utils -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base:
* epel:
* extras:
* nux-dextop:
* updates:
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.9.4-61.el7_5.1 will be installed
--> Processing Dependency: bind-libs = 32:9.9.4-61.el7_5.1 for package: 32:bind-9.9.4-61.el7_5.1.x86_64
--> Processing Dependency: for package: 32:bind-9.9.4-61.el7_5.1.x86_64
--> Processing Dependency: for package: 32:bind-9.9.4-61.el7_5.1.x86_64
--> Processing Dependency: for package: 32:bind-9.9.4-61.el7_5.1.x86_64
--> Processing Dependency: for package: 32:bind-9.9.4-61.el7_5.1.x86_64
--> Processing Dependency: for package: 32:bind-9.9.4-61.el7_5.1.x86_64
--> Processing Dependency: for package: 32:bind-9.9.4-61.el7_5.1.x86_64
---> Package bind-utils.x86_64 32:9.9.4-61.el7_5.1 will be installed
--> Running transaction check
---> Package bind-libs.x86_64 32:9.9.4-61.el7_5.1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

Package Arch Version Repository Size
bind x86_64 32:9.9.4-61.el7_5.1 updates 1.8 M
bind-utils x86_64 32:9.9.4-61.el7_5.1 updates 204 k
Installing for dependencies:
bind-libs x86_64 32:9.9.4-61.el7_5.1 updates 1.0 M

Transaction Summary
Install 2 Packages (+1 Dependent package)

Total download size: 3.0 M
Installed size: 7.3 M
Downloading packages:
(1/3): bind-libs-9.9.4-61.el7_5.1.x86_64.rpm | 1.0 MB 00:00:00
(2/3): bind-9.9.4-61.el7_5.1.x86_64.rpm | 1.8 MB 00:00:00
(3/3): bind-utils-9.9.4-61.el7_5.1.x86_64.rpm | 204 kB 00:00:00
Total 7.0 MB/s | 3.0 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 32:bind-libs-9.9.4-61.el7_5.1.x86_64 1/3
Installing : 32:bind-9.9.4-61.el7_5.1.x86_64 2/3
Installing : 32:bind-utils-9.9.4-61.el7_5.1.x86_64 3/3
Verifying : 32:bind-libs-9.9.4-61.el7_5.1.x86_64 1/3
Verifying : 32:bind-9.9.4-61.el7_5.1.x86_64 2/3
Verifying : 32:bind-utils-9.9.4-61.el7_5.1.x86_64 3/3

bind.x86_64 32:9.9.4-61.el7_5.1 bind-utils.x86_64 32:9.9.4-61.el7_5.1

Dependency Installed:
bind-libs.x86_64 32:9.9.4-61.el7_5.1

[root@linuxnix ~]#

Step 2: Add exception in system firewall
After installing the bind package we need to add firewall rules to allow bind to communicate with the root DNS servers and fetch and display DNS query results. DNS listens on UDP port 53 so we will add an exception in firewalld to allow ingress and egress traffic from this port.

[root@linuxnix ~]# firewall-cmd --add-port=53/udp
[root@linuxnix ~]# firewall-cmd --add-port=53/udp --permanent

Step 3: Start the service
The package name that we installed was bind but the name of the actual service or daemon that will run on our server is named. So let’s start and enable the named service.

[root@linuxnix ~]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: inactive (dead)
[root@linuxnix ~]#
[root@linuxnix ~]# systemctl start named
[root@linuxnix ~]#
[root@linuxnix ~]# systemctl enable named
Created symlink from /etc/systemd/system/ to /usr/lib/systemd/system/named.service.
[root@linuxnix ~]#

Step 4: Run a DNS query to validate the setup
That is all that we had to setup a caching only DNS server. Now let’s execute a DNS query using the dig command.By default DNS uses the name servers specified in the system’s /etc/resolv.conf file to perform a DNS query. We can modify this behavior by specifying our own DNS server name or IP address preceded by the @ symbol as we’ve done in the example. We’ve specified our local host as the DNS server.



This concludes our explanation of what are caching only DNS servers along a step by step setup. Please consider reading our other articles on DNS for a better understanding of how DNS works.

The following two tabs change content below.

Sahil Suri

He started his career in IT in 2011 as a system administrator. He has since worked with HP-UX, Solaris and Linux operating systems along with exposure to high availability and virtualization solutions. He has a keen interest in shell, Python and Perl scripting and is learning the ropes on AWS cloud, DevOps tools, and methodologies. He enjoys sharing the knowledge he's gained over the years with the rest of the community.