In this article, you will learn to configure DNS cache server.
DNS
stands for Domain Name System
. DNS is just like a phonebook, but it is the phonebook of the Internet. It is not easy to remember the IP address of a website like 209.132.183.105, but it is easy to remember the name of the websites linuxgurus.in
or google.com
. Here, DNS translates the domain name to IP address, so the web browser loads the Internet resource.
In short, we can define DNS as it resolves the domain name to IP address and IP address to domain name.
There are four types of DNS server.
- Master DNS Server and also known as Primary DNS server
- Slave DNS server and also known as Secondary DNS server
- Caching-only DNS server
- Forwarding-only DNS server
What is the DNS cache server?
A DNS cache server
communicates with the remote DNS server once and then it stores locally the addresses it gets from the query. It is valid for a specific time, and this is known as TTL
or Time To Live
. During this period, if anyone requests the same website, then it will immediately return the answer. It will not contact the ISP’s DNS server to ask for the translation.
Lab setup for DNS cache server
For this lab, I’m going to use two systems. So, one system, I will use for the DNS cache server, and the second system I will use as a client.
Setup for DNS cache server
Firstly, I’ll install the BIND
software package on the server system and I’ll use the DNS default port 53
.
- Operating system: CentOS/RHEL 8
- Hostname: dnscache. linuxgurus.in
- IP address: 192.168.43.80
Setup for client system
Secondly, I’ll use the client to test our server.
- Operating system: CentOS/RHEL 8
- Hostname: client.linuxgurus.in
- IP address: 192.168.43.90
Step 1: Installation of the BIND9 on CentOS/RHEL 8
As of now, our lab setup has been done. So, now we are going to install the BIND software package. Use the following command to install it.
dnf install bind bind-utils
But, you can also use the yum command instead of the dnf command to install it.
Note: The bind
is the name of the DNS software package, and Bind-utils
contains a collection of utilities for querying DNS name servers to find out information about Internet hosts.
Step 2: Starting the BIND service
The installation has been completed. And it is time to start the BIND service and enable it to start on system startup automatically. The name of the service is named
. So, I’m going to use a single command to start and enable.
systemctl enable --now named
Step 3: Confirming the named service status
It is a good practice to check the named service status to make sure that it is up and running. In this case, we are going to use the below command.
systemctl status named
Also, you can verify it in the below picture.

Step 4: DNS cache server configuration
All the primary setup has been completed. And it is the moment to start the configuration of the DNS cache server. So, to do it, we have to edit the main configuration file of the DNS server, and the name of the configuration file is named.conf
. The location of this file is /etc/
.
To edit this file, I’m using vim
editor, but you can use any other editors as per your choice like nano, pico, etc.
vim /etc/named.conf
To create a DNS caching-only server, we have to change the four essential settings in the configuration file /etc/named.conf
. We can leave the default localhost
option and we will add any
to accept the query from any range of the network, and also recursion
must be yes
. So, you can find the below options useful for it.
listen-on port 53 { 127.0.0.1; any; };
allow-query { localhost; any; };
allow-query-cache { localhost; any; };
recursion yes;
In short, you have to change the above settings in the named.conf
file. And you can match the settings with below configuration file. Also, I have highlighted the differences in green color.
options { listen-on port 53 { 127.0.0.1; any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; secroots-file "/var/named/data/named.secroots"; recursing-file "/var/named/data/named.recursing"; allow-query { localhost; any; }; allow-query-cache { localhost; any; }; recursion yes; dnssec-enable yes; dnssec-validation yes; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; include "/etc/crypto-policies/back-ends/bind.config"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
Brief Explanation
listen-on port 53 { 127.0.0.1; any; };
this line sets the port on which BIND will listen for incoming DNS requests. The default port for DNS is 53. We can use a specific IP address, but I’m using here any
option. It instructs BIND to attach all available interfaces, private or public.
allow-query { localhost; any; };
allow queries and caches responses from any machine that reaches the server.
allow-query-cache { localhost; any; };
This value will add the query request to the BIND.
recursion
It will query the answer and returns to us. It can send the query to the other DNS server over the internet and get back the query.
Step 5: Updating the SELinux context
So, now we have to check the SELinux context
of the named.conf
file. Use the below command for that.
ls -lZ /etc/named.conf
So, if you get the output of the command like below then you have to fix the SELinux context. And if you don’t get the output like below then you no need to follow this step, you go to the next step.
-rw-r—–. root root unconfined_u:object_r:etc_t:s0 named.conf
Firstly, we have to change the group of this file which should be named
. So, use the command as follows.
chown root:named /etc/named.conf
Secondly, we have to restore the original SELinux context
. So for that you can find the below command useful.
chcon system_u:object_r:named_conf_t:s0 /etc/named.conf
Step 6: Checking the BIND configuration
You can use the below command to check the BIND configuration file.
named-checkconf
If you get no output, that means everything is ok. But, if you get any error then go ahead and check the named.conf
configuration file and again check the previous steps.
Step 7: Restarting the BIND service
As of now, we have completed the configuration part successfully. So, let’s restart the named
service.
systemctl restart named
Step 8: Firewall configuration
In CentOS/RHEL 8, there is a service firewall that allows the incoming and outgoing connections based on the configuration. So, here we have to enable the DNS to port 53 to recognize it through the firewall. Use the below command to allow it.
firewall-cmd --permanent --add-port 53/tcp
firewall-cmd --permanent --add-port 53/udp
So, now reload the firewall service to reflect the changes.
firewall-cmd --reload
Step 9: Testing the DNS caching-only server
Altogether, We have completed the setup and now we have to test it. So, for this, I’m going to use the dig command.
Firstly, I will test duckduckgo.com. Secondly, again I will check it to see the difference.
dig duckduckgo.com
So, as you can see in the below picture, when I dig for duckduckgo.com for the first time it takes 3404 msec.

But, when I test the second time, it only takes 0 msec. It shows that when we queried for the first time, then it stored (cached) that, and again I queried for the same, and it shows immediately. So, it is the difference because of the DNS cache server. You can look at the below picture for the difference.
dig duckduckgo.com

Step 10: Setting up DNS cache-only to the client machine
For this step, you only have to change the DNS address on the client machine. So, you can use the vim editor to edit the network configuration file. In my case the network interface name is ens33, replace this name with your system network interface name.
vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=45cc7c46-5417-35aa-9e15-a07314c5f0bd
DEVICE=ens33
ONBOOT=yes
AUTOCONNECT_PRIORITY=-999
IPADDR=192.168.43.40
PREFIX=24
GATEWAY=192.168.43.1
DNS1=192.168.43.80
Note: After making the changes for DNS, restart the network manager, you can use the below command.
systemctl restart NetworkManager
Step 11: Testing DNS caching-only settings on the client machine
Finally, we have tested our DNS caching-only server, and now it is time to check on the client machine after changing the DNS address on the client machine.
So, let’s dig it.
dig amazon.in
As you can see in the below picture, it takes 924 msec for the first time from the client system.

But, the second time you can see in the below picture, it took 0 msec. So It is the difference.
dig amazon.in

Step 12: Managing the named service
If you want to manage the named service so you can find the below options are useful.
Firstly, To start the named service
systemctl start named
Secondly, If you want to check whether it is enabled
on startup or not then use the below command.
systemctl is-enabled named
So, if it is not enabled then and you want enable
it, then you can use the following command.
systemctl enable named
In case, you want to disable
.
systemctl disable named
Also, if you want to mask
this service so it will not start with any other program, you can use the below command
systemctl mask named
Finally, to unmask
named service, you can use the below command
systemctl unmask named
Conclusion
In conclusion, you learned to configure the DNS caching-only server
. So, I hope you understand, but if you have any questions, you can ask in the comment section.
Also, you can read further.
I really enjoy the article post. Much thanks again. Fantastic.
Wow! Thank you! I continually wanted to write on my website something like that. Can I implement a portion of your post to my website?
Great article. I am dealing with a few of these issues as well..
You have made some decent points there.
Good post! We are linking to this particularly great article on our site. Keep up the good writing.
I’m grateful for the post. Really thank you! Keep writing.
Nice article, I enjoyed it. thanks, guys.
I find it useful…………………
Well organised information and very useful. Thanks for sharing this article. Thanks Linux Gurus.