Primary DNS Server With BIND On A Public Machine Running CentOS 7

Home » CentOS » Primary DNS Server With BIND On A Public Machine Running CentOS 7
CentOS 14 Comments

Hi,

I just installed CentOS 7 on a public server. I’d like to setup BIND as a primary DNS server for a few domains.

Until now, all my public machines were running Slackware Linux, and setting up BIND on a Slackware machine is relatively easy. In its out of the box configuration, it has a bone-headed caching nameserver role, which is quite easy to expand to a primary nameserver. Here’s my documentation. It’s in French, but the *nix bits are universal.

Configurer un serveur DNS avec BIND sous Slackware

On my server running CentOS, I notice things are more complicated in the default configuration. The problem here is not so much documentation, but more like the wealth of information on the subject of BIND on CentOS, with often contradicting information.

Is there a *reliable* more or less quick & dirty tutorial on how to get BIND up and running as a primary public nameserver, with the default configuration as a starting point? Think “recipe for pasta” and not
“degree in food chemistry”. :o)

Cheers,

Niki


Microlinux – Solutions informatiques durables
7, place de l’église – 30730 Montpezat Web : http://www.microlinux.fr Mail : info@microlinux.fr Tél. : 04 66 63 10 32

14 thoughts on - Primary DNS Server With BIND On A Public Machine Running CentOS 7

  • I’ve not run bind on c7 yet, but on c6, I just edit /etc/named.conf and create /var/named/master/$zonename then do a ‘reload’ of the named service. not sure why c7 would be much different.


    john r pierce, recycling bits in santa cruz

  • 1: Change the “listen-on” settings to bind to network interfaces:

    – listen-on port 53 { 127.0.0.1; };
    – listen-on-v6 port 53 { ::1; };
    + listen-on port 53 { any; };
    + listen-on-v6 port 53 { any; };

    2: Allow external queries by removing the allow-query setting entirely:

    – allow-query { localhost; };

    3: Disallow recursion by removing recursion setting:

    – recursion yes;

    4: Add your zones.

    DNSSEC is slightly more involved, but basic setup should be basically the same as what you’ve been doing.

  • If you are looking for a recursive resolver, I would highly recommend unbound.

    If you are looking for an authoritative DNS server, I would highly recommend NSD.

    I run both and find both extremely easy to configure and maintain.

    Both are available from the EPEL repositories.

    I stopped using bind years ago and never looked back.

  • One additional DNS server note: you should disable firewalld for any DNS
    server, caching or authoritative. If you need firewalling, use straight iptables.

    The reason is that firewalld always enables connection state tracking
    (at least as far as I can tell), and that should never be used in front of a DNS server. A public authoritative server or any caching server can get a high rate of requests, and having the kernel firewalling trying to track connection states is a bottleneck (one that will be reached before DNS software’s limits).

    If you must firewall a DNS server, use straight iptables and do not use connection state tracking.

  • Am 11.04.2017 um 19:17 schrieb Nicolas Kovacs :

    Totally off-topic, but it hits my mind right now. We are receiving a big amount of version queries on our public dns infra from a broad range of amazon ips – completely random from (just to show briefly some networks):


    34.192.0.0/14
    34.207.211.0/24
    34.209.21.0/24
    34.209.5.0/24
    35.166.12.0/24

    52.0.0.0/9
    52.88.0.0/13
    52.192.0.0/9
    54.89.54.0/24
    54.144.0.0/12
    54.197.33.0/24

    Is some one getting the same door knocks?

  • I am writing my howto on BIND for CentOS7. Mine is running on CentOS7-arm. You can see some of the basics I have done at:

    file:///home/rgm/data/htt/httnet/homepage/CentOS7-armv7.html

    I have a caveat I learned with dealing with SELinux and BIND there.

LEAVE A COMMENT